Test Summary

Test Results

Expand All Collapse All
All times are UTC
2021-12-16 19:19:53 INFO
TEST-RUNNER
Test instance fZUv1IHHkndpsue created
baseUrl
https://www.certification.openid.net/test/a/RP-Security-Test-PAN
variant
{
  "client_auth_type": "private_key_jwt",
  "fapi_auth_request_method": "pushed",
  "fapi_profile": "openbanking_brazil",
  "fapi_jarm_type": "oidc",
  "fapi_response_mode": "plain_response"
}
alias
RP-Security-Test-PAN
description
Teste de Segurança de RP do Ambiente de Homologação do PAN para o Open Banking
planId
TQoMgbFqkMMZ0
config
{
  "alias": "RP-Security-Test-PAN",
  "description": "Teste de Segurança de RP do Ambiente de Homologação do PAN para o Open Banking",
  "server": {
    "jwks": {
      "keys": [
        {
          "p": "_QaFFuyZriEWtbiKexy7pIYicgU0ePMepvyNuiiFqlsUFQ24q9gp_iWECDhi8qqss__i1LW_eHQATKWfqUc6HdDY-ickJXvVktrQiT-buvJ24iTtK_NooPMKQW976NIX39_sEPJ6ceo9ZDFxTTCkmJus3eXDJmRZT2YzSZJcvcc",
          "kty": "RSA",
          "q": "3x1_dyovnWXSr7y7ufe6AHUV0kHBYVrGW2vdNZxKrrgBW5r2mm93NnHsrG-mJlzW7kG_jR41bWf74sucGdwXTx96riRVy8bov9SzPCDl9_QCHzPpqZOxjngfzQYq1L1qJA2BAie0Sq6YZhgLJ1fWPLutEO5soIYAkLXSJ9IVb00",
          "d": "ZvivfZxJMbbdTQmxyE0lmE6ZuH8cMQOLyZxdaA5pNwm7ZEnPBEftZs8aR9ijhCDWMieui3h--rXwlXqbEm3g1sVgQ-WKTFV-NLKaJC1h-EU5HKdlOflstr7x57zhKp60ZIK69GyEXyJccUfzcD32u8raec9NplQ2MqS5MA1lnQFlocFoX1RNU4tSpEdJQq2UzqtX5WPhc88A6fTc1xu2fA5wyxzZu7fUjIETzLimcu-dDaEvvgm7c_A1ulm8EQuCN10k3FrIIe9RfuXHyxh9Rcd0aiIP9qwitxd5Cl0io7zby8MBIAaSei2co7y4tciBt4AfnzpBlGbtjgfr2gxD0Q",
          "e": "AQAB",
          "alg": "PS256",
          "use": "sig",
          "kid": "X5d4vFYfLxaG1gg8_l3bFYFhUaUVmE6PaEsRWX2EYqM",
          "qi": "eHhOb5NUDfMGXwNscjEcMrMFS425qsoJAXfGJ10hm8svZOkNYgVpb7Hs7oT8XytanRl0Gk8gKH0yhvya65B5ipyby17uBMkikNN-EeYoY2AkvEfM_nO0dvHbDdF11rkM5Q_SEDlGmojxnx4_Euj8WeuSgcwiCQkR23aZlQGx1Mg",
          "dp": "bQ9aXj8tHnj0qO8aAWapGokWX78OlvNzytYg4JSGyJ7pUQnRB4Ds2Lai6kgjniUiu5MX2kdceDbHykG5R-WDj0Ztv6UPV3jA3cOjDwVzwmiwBVmVQNRxzK31Ra8f4YJs9_o0bjmVvXQRchY9l9_Xkk_Hev2F2A540Fhk0tlbUBE",
          "dq": "XPYDZ_kxwZjtQb-XUBLBcvNV1jcDhba2stysXGv0SfvsxOg6G3qZ5xtsiyQxzAYen0LRttCBXkZXEtXXAodLRvJMwUXuYWtNCrBqxYDHkJogUDPnBXq-Hig6x8fsDJunH8JooCc-3WcFpHQcIZZdcwyXPVi59eAfWCwJlgHYYHk",
          "n": "3IXVqA9zCrmaz30WWjzZexdSuhagP_oVfgB-Y5S7XXeHhU4tho7c3wcNhsrGCKLYSf_47rV78-2OfhPY9WrSJVyqIXoaniwoTnD9splF90J7yog9LgP4kqkWl6wm8gdR5C-UC4Gnl0D2cZKnE6MZ7k_b5nM0ZfC-7H_bO13B4aYpu069th7hFWGK7ps65uiDxcQGYP3oSeqahE5qwfUef2QMkhyVtM_nWP9OVAzOGtJ8km4TdCrq9aF78No9u2YQuaUOJgeOnwKMBjmgEwcuaQe9DEQFXhzBtRmPlml2pTy2QDvxe1HgOTOsnh9igFvX70AGroY3PFY-lJAxC4Fd2w",
          "x5c": [
            "MIIGqzCCBZOgAwIBAgIUdUCw8bQZidnZ6uERKJuN9u4RGvcwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwxFTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNBTkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDgxNjA5NTUwMFoXDTIyMDkxNTA5NTUwMFowgacxCzAJBgNVBAYTAkJSMRMwEQYDVQQKEwpJQ1AtQnJhc2lsMS8wDAYDVQQLEwUxMjM0NTAOBgNVBAsTB2NlcnRtYW4wDwYDVQQLEwhhZ29vZG9uZTEcMBoGA1UEAxMTT3BlbiBCYW5raW5nIEJyYXNpbDE0MDIGCgmSJomT8ixkAQETJDc0ZTkyOWQ5LTMzYjYtNGQ4NS04YmE3LWMxNDZjODY3YTgxNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyF1agPcwq5ms99Flo82XsXUroWoD/6FX4AfmOUu113h4VOLYaO3N8HDYbKxgii2En/+O61e/Ptjn4T2PVq0iVcqiF6Gp4sKE5w/bKZRfdCe8qIPS4D+JKpFpesJvIHUeQvlAuBp5dA9nGSpxOjGe5P2+ZzNGXwvux/2ztdweGmKbtOvbYe4RVhiu6bOubog8XEBmD96EnqmoROasH1Hn9kDJIclbTP51j/TlQMzhrSfJJuE3Qq6vWhe/DaPbtmELmlDiYHjp8CjAY5oBMHLmkHvQxEBV4cwbUZj5ZpdqU8tkA78XtR4DkzrJ4fYoBb1+9ABq6GNzxWPpSQMQuBXdsCAwEAAaOCAwIwggL+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJwv7oHX2exZL304ru+4eGVypHlxMB8GA1UdIwQYMBaAFIZ/WK0X9YK2TrQFs/uwzhFD30y+MEwGCCsGAQUFBwEBBEAwPjA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc2FuZGJveC5wa2kub3BlbmJhbmtpbmdicmFzaWwub3JnLmJyMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwuc2FuZGJveC5wa2kub3BlbmJhbmtpbmdicmFzaWwub3JnLmJyL2lzc3Vlci5jcmwwXgYDVR0RBFcwVaAZBgVgTAEDAqAQDA5NaWNoYWVsIEZyYXNlcqAYBgVgTAEDA6APDA0xMzM1MzIzNjAwMTg5oA0GBWBMAQMEoAQMAm5voA8GBWBMAQMHoAYMBGFsb3QwDgYDVR0PAQH/BAQDAgbAMIIBoQYDVR0gBIIBmDCCAZQwggGQBgorBgEEAYO6L2QBMIIBgDCCATYGCCsGAQUFBwICMIIBKAyCASRUaGlzIENlcnRpZmljYXRlIGlzIHNvbGVseSBmb3IgdXNlIHdpdGggUmFpZGlhbSBTZXJ2aWNlcyBMaW1pdGVkIGFuZCBvdGhlciBwYXJ0aWNpcGF0aW5nIG9yZ2FuaXNhdGlvbnMgdXNpbmcgUmFpZGlhbSBTZXJ2aWNlcyBMaW1pdGVkcyBUcnVzdCBGcmFtZXdvcmsgU2VydmljZXMuIEl0cyByZWNlaXB0LCBwb3NzZXNzaW9uIG9yIHVzZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSYWlkaWFtIFNlcnZpY2VzIEx0ZCBDZXJ0aWNpY2F0ZSBQb2xpY3kgYW5kIHJlbGF0ZWQgZG9jdW1lbnRzIHRoZXJlaW4uMEQGCCsGAQUFBwIBFjhodHRwOi8vY3BzLnNhbmRib3gucGtpLm9wZW5iYW5raW5nYnJhc2lsLm9yZy5ici9wb2xpY2llczANBgkqhkiG9w0BAQsFAAOCAQEAtKn/QnJqKLp52YB14x+M21qwz67utFkWjhauQe0elXupjY5NWZb5wLrGYNOZQzRe2JRzcBbGN6P7lCweRfxMkSGh9YrXbrkBXLEPtLHpTVEy65v1tWl02lC+ooVPyQpSjAQL0L69OQ7s7rnIXyb3rkSUzuGSxsLU1AXpWj0oYFB4wdeIdPAVPs83frC5s4kz42JruSAE2vsbvQURTVPChh+hO6+R6Irz+ZEZ1NSgjQkxvOXHW53CkXZSjjHbAB/nbJYi7YyK7kck99r38Ba/WBfIfywdFVVYfiiW5TS6XbQeVeilmmt5MLxBz96FxR6E6WR+cQwybEe94Fb/jD6xHA\u003d\u003d"
          ]
        },
        {
          "p": "6-RGunw1LGXpsGIabzcG8n_ITbahS9waTzjcwLkzjWjyR5hxnTSrCMas9EsOuIt3qvkdf02psgwi-J0ZX680ujaXdeiPAeuOUbsLPBOhRuu-ySXxMTT7uiwWJmF5LtBx8Qd3hRV2sd9zOhYzSohcmWp8w_uKTOYrFzGtWMvlGic",
          "kty": "RSA",
          "q": "vn3cUU9RFc7pB3fjiEPGwYGA_h8f2X6dOqy-JYIMIiuYhPq6cT8xIlE-sHs58kZzC1QbOBc4y-qRyqj1L4StPaYH4mtJU0s_6A_b9Cai96yzYYmMr92be2nCFMxBpmpBhN21AIdGc640OxgWMdz5OVo455v1uIEQGPr2aDpOzVs",
          "d": "QrIJ9tPG7pSrt1KKSU-9EbAq-hU92FzEV9GwzuG_dbBPyRLYNVfAz-Yb8ug3YLuqec_kcB5JCep7QkYHgpNdX5WXFxARCpXa-J7Xq50oBdiAS2ehLpnYHXpJI7HqOcH9ASZML_MXjI8e_EpsI7Yk6xJ9qxk8bXGupw0C6anwL3NBe232zA7I1FnwL9tpZVOLPupeok7HMRbFc6QSR3dA54zJmkyEbyOSqzRqCK_g7AB_RcMImN0SoCg0epxZjrculIXPG0Gl1T3TG3WY-CBUtAkI1chFMGCgYF_v-FMSun8N6igilPC5O683BMcJoTK745khMCv7FcSCSFVh0H5vKQ",
          "e": "AQAB",
          "use": "enc",
          "kid": "0fe502dd-14f0-4f45-80f9-feb9a216f996",
          "qi": "W6TMI3L-Ob-Jx61TdYqN5gBoBsWF6KWuCmiE9ZiwJiMVCv5ddEbFafBuiIQgRnby1VpnH9j5KVb5PT_V78ohKFmpfL7ErXQerf_pJkEtvgK9lQta1EM1HMoShrJ4GdHPym_BZzDDmt6njvwTfSg95y28h-j5epuywcwu6TwAUA8",
          "dp": "a9rjD-8srNEoKVKhvYoObiBI6GeBllrb2K8qGCBV1ulOJbgo8nUbYpbci5Ip9-0k2RKwDv3mghcUglHqQRqt5BqD5BBiGsGmP-5is6RSEEhH4lar0hDkq_nuYrwcmXALOOZuGnZ239tIJx3xc7mnhSnwQ_emA4UV3LQFC12mse8",
          "alg": "RSA-OAEP",
          "dq": "Qk8TiyY-BoZg7Z2ZEYzuOdu3qD3zW0VMu-j3w5yyVo6wZ9HTZqplkxmO5eXvNNu7Hj1nwC2tMqZzm4UW3DSmDWinI_TOsHToSQKEQUfVwLtYMeKsm2dbwSj-SzkSvTgNmI-IeyebqZcBTXTD_RV7l7BFULIkZdZfYSKy9XMejTM",
          "n": "r4dl-ApW6c-fvDbfSVxHpdV8zi8VQW4b9-uHMRq7dzqCkvP8OAG1R3plSr1N6fL_YLiIr9y621XkyRiMEKR7-DeqGsLf2ZTaqrZ1LfYgjsc2i9o3NSOeSgBwKGmT7h1OgxZSbhLzo7Xaktu3CCUZCOWLzs7LKo_CvKkcTF7tPhK9jYjdTsdsnS0RJOPjYQe7JO83Mvhd1Ty3F-Qycd-cKKMSjcQRiHt9jKd09kA2fKVlFwbm2M1PM3NdtnMaOUw31-XC4ixay47XTMqnmX7-op7qYV9wXbeZmjTsAKFuTGwJiGJrOTfqciDLBW8IpGC2BzFJ5rYmRu0kAttpvkOG3Q"
        }
      ]
    }
  },
  "client": {
    "client_id": "SBSfBTOJMVQBBL848VGXI",
    "redirect_uri": "https://api-openbanking-hml.bancopan.com.br/tpp/callback",
    "certificate": "-----BEGIN CERTIFICATE-----\nMIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL\nBQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx\nFTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB\nTkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz\nMjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD\no28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct\nNjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j\nb20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk\nYWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ\ncml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4\n9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r\niu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6\ni56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV\nCLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3\n5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC\nAtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO\nEUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z\nYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA\noD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v\ncmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB\nBQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC\nD2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k\nATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz\nb2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg\nb3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g\nU2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg\ncmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j\nZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5\nIGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0\ncDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s\naWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL\n8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs\nZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0\nQZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY\nYFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG\nOZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d\n-----END CERTIFICATE-----",
    "jwks": {
      "keys": [
        {
          "alg": "PS256",
          "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
          "kty": "RSA",
          "n": "s6TziphxtrX8j3vjj4KG-sIowBuRnLa8qqs48z0uZ6Agzk9mJH0D8noFgQ_n1tgdo9et8B3fUxhE1l3gQtMOS2mtH9rE6HuJXJjjIPLpOxNsxa7UPQSEZlfP_o6uJOkidGxpDF66x7Xb5n5KBZEV_wbPTeLcB9XNkfoGvCw1o-Ni5tEg7o2oN9thmSYznSrbRUeM15dmBxz6ZYhtKdGM3z_aK6nva4lkGUrps1RZlcWShocDVaz8DXLBt2M5d-YbCLfsF4sDy5BqPk-WccQJr2do7sGA1n38tUQbY5TKw5i6bgHxlxupWvrFEc4s0yHXiSgvzLDMOiM3-5jMBdv6ew",
          "e": "AQAB"
        }
      ]
    }
  },
  "client2": {
    "redirect_uri": "https://api-openbanking-hml.bancopan.com.br/tpp/callback",
    "id_token_encrypted_response_alg": "RSA-OAEP",
    "id_token_encrypted_response_enc": "A256GCM",
    "client_id": "Lk4dFn0ve0wnQiN37NSDR",
    "jwks": {
      "keys": [
        {
          "alg": "PS256",
          "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
          "kty": "RSA",
          "n": "s6TziphxtrX8j3vjj4KG-sIowBuRnLa8qqs48z0uZ6Agzk9mJH0D8noFgQ_n1tgdo9et8B3fUxhE1l3gQtMOS2mtH9rE6HuJXJjjIPLpOxNsxa7UPQSEZlfP_o6uJOkidGxpDF66x7Xb5n5KBZEV_wbPTeLcB9XNkfoGvCw1o-Ni5tEg7o2oN9thmSYznSrbRUeM15dmBxz6ZYhtKdGM3z_aK6nva4lkGUrps1RZlcWShocDVaz8DXLBt2M5d-YbCLfsF4sDy5BqPk-WccQJr2do7sGA1n38tUQbY5TKw5i6bgHxlxupWvrFEc4s0yHXiSgvzLDMOiM3-5jMBdv6ew",
          "e": "AQAB"
        },
        {
          "kty": "RSA",
          "use": "enc",
          "alg": "PS256",
          "n": "xY64ckpxUTXk7Q9e_ulwxLogYEzJ7tZswwGt7EesKk8E_Sq9o4ybEq-tWL2l_h_Q38Y8MkyxPsiKQqzwXdb5npvtZ5fv-QF3u2eqryqWm3ialiWZtIG48ia__ApswN1JZUX_3YdrzwdxJjc-SeSR0eTXB21WvJ5DxhfX8aiU8p93oHP_K7nqjUAr241XNYK119KvDI0pVbaJuwXqWJvLXWnLLfWyZXCsuoMc0yU9yEeos2CkJlEyslNF37q2M_rv-52yrevzhJ_OJjxc2As-U2EpoKAOfhqa-sVSEGEaa-YApVNV-KmEE3nw-6T7sqBBvp7sbtXuKq8RoFaQkA2kzQ",
          "e": "AQAB",
          "kid": "5997c113bd799f7e61039be31353e4e5917c28a3536ee7d0f44d5bfbf301cc55"
        }
      ]
    },
    "certificate": "-----BEGIN CERTIFICATE-----\nMIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL\nBQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx\nFTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB\nTkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz\nMjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD\no28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct\nNjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j\nb20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk\nYWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ\ncml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4\n9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r\niu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6\ni56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV\nCLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3\n5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC\nAtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO\nEUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z\nYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA\noD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v\ncmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB\nBQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC\nD2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k\nATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz\nb2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg\nb3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g\nU2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg\ncmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j\nZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5\nIGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0\ncDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s\naWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL\n8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs\nZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0\nQZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY\nYFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG\nOZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d\n-----END CERTIFICATE-----"
  },
  "directory": {
    "keystore": "https://keystore.sandbox.directory.openbankingbrasil.org.br/"
  }
}
testName
fapi1-advanced-final-client-refresh-token-test
2021-12-16 19:19:53 SUCCESS
FAPIBrazilGenerateServerConfiguration
Created server configuration
server
{
  "issuer": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/userinfo",
  "mtls_endpoint_aliases": {
    "token_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token",
    "registration_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/register",
    "userinfo_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/userinfo"
  },
  "tls_client_certificate_bound_access_tokens": true,
  "request_parameter_supported": true
}
issuer
https://www.certification.openid.net/test/a/RP-Security-Test-PAN/
discoveryUrl
https://www.certification.openid.net/test/a/RP-Security-Test-PAN/.well-known/openid-configuration
2021-12-16 19:19:53 SUCCESS
LoadServerJWKs
Parsed public and private JWK sets
server_jwks
{
  "keys": [
    {
      "d": "ZvivfZxJMbbdTQmxyE0lmE6ZuH8cMQOLyZxdaA5pNwm7ZEnPBEftZs8aR9ijhCDWMieui3h--rXwlXqbEm3g1sVgQ-WKTFV-NLKaJC1h-EU5HKdlOflstr7x57zhKp60ZIK69GyEXyJccUfzcD32u8raec9NplQ2MqS5MA1lnQFlocFoX1RNU4tSpEdJQq2UzqtX5WPhc88A6fTc1xu2fA5wyxzZu7fUjIETzLimcu-dDaEvvgm7c_A1ulm8EQuCN10k3FrIIe9RfuXHyxh9Rcd0aiIP9qwitxd5Cl0io7zby8MBIAaSei2co7y4tciBt4AfnzpBlGbtjgfr2gxD0Q",
      "e": "AQAB",
      "use": "sig",
      "kid": "X5d4vFYfLxaG1gg8_l3bFYFhUaUVmE6PaEsRWX2EYqM",
      "x5c": [
        "MIIGqzCCBZOgAwIBAgIUdUCw8bQZidnZ6uERKJuN9u4RGvcwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwxFTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNBTkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDgxNjA5NTUwMFoXDTIyMDkxNTA5NTUwMFowgacxCzAJBgNVBAYTAkJSMRMwEQYDVQQKEwpJQ1AtQnJhc2lsMS8wDAYDVQQLEwUxMjM0NTAOBgNVBAsTB2NlcnRtYW4wDwYDVQQLEwhhZ29vZG9uZTEcMBoGA1UEAxMTT3BlbiBCYW5raW5nIEJyYXNpbDE0MDIGCgmSJomT8ixkAQETJDc0ZTkyOWQ5LTMzYjYtNGQ4NS04YmE3LWMxNDZjODY3YTgxNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyF1agPcwq5ms99Flo82XsXUroWoD/6FX4AfmOUu113h4VOLYaO3N8HDYbKxgii2En/+O61e/Ptjn4T2PVq0iVcqiF6Gp4sKE5w/bKZRfdCe8qIPS4D+JKpFpesJvIHUeQvlAuBp5dA9nGSpxOjGe5P2+ZzNGXwvux/2ztdweGmKbtOvbYe4RVhiu6bOubog8XEBmD96EnqmoROasH1Hn9kDJIclbTP51j/TlQMzhrSfJJuE3Qq6vWhe/DaPbtmELmlDiYHjp8CjAY5oBMHLmkHvQxEBV4cwbUZj5ZpdqU8tkA78XtR4DkzrJ4fYoBb1+9ABq6GNzxWPpSQMQuBXdsCAwEAAaOCAwIwggL+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJwv7oHX2exZL304ru+4eGVypHlxMB8GA1UdIwQYMBaAFIZ/WK0X9YK2TrQFs/uwzhFD30y+MEwGCCsGAQUFBwEBBEAwPjA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc2FuZGJveC5wa2kub3BlbmJhbmtpbmdicmFzaWwub3JnLmJyMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwuc2FuZGJveC5wa2kub3BlbmJhbmtpbmdicmFzaWwub3JnLmJyL2lzc3Vlci5jcmwwXgYDVR0RBFcwVaAZBgVgTAEDAqAQDA5NaWNoYWVsIEZyYXNlcqAYBgVgTAEDA6APDA0xMzM1MzIzNjAwMTg5oA0GBWBMAQMEoAQMAm5voA8GBWBMAQMHoAYMBGFsb3QwDgYDVR0PAQH/BAQDAgbAMIIBoQYDVR0gBIIBmDCCAZQwggGQBgorBgEEAYO6L2QBMIIBgDCCATYGCCsGAQUFBwICMIIBKAyCASRUaGlzIENlcnRpZmljYXRlIGlzIHNvbGVseSBmb3IgdXNlIHdpdGggUmFpZGlhbSBTZXJ2aWNlcyBMaW1pdGVkIGFuZCBvdGhlciBwYXJ0aWNpcGF0aW5nIG9yZ2FuaXNhdGlvbnMgdXNpbmcgUmFpZGlhbSBTZXJ2aWNlcyBMaW1pdGVkcyBUcnVzdCBGcmFtZXdvcmsgU2VydmljZXMuIEl0cyByZWNlaXB0LCBwb3NzZXNzaW9uIG9yIHVzZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSYWlkaWFtIFNlcnZpY2VzIEx0ZCBDZXJ0aWNpY2F0ZSBQb2xpY3kgYW5kIHJlbGF0ZWQgZG9jdW1lbnRzIHRoZXJlaW4uMEQGCCsGAQUFBwIBFjhodHRwOi8vY3BzLnNhbmRib3gucGtpLm9wZW5iYW5raW5nYnJhc2lsLm9yZy5ici9wb2xpY2llczANBgkqhkiG9w0BAQsFAAOCAQEAtKn/QnJqKLp52YB14x+M21qwz67utFkWjhauQe0elXupjY5NWZb5wLrGYNOZQzRe2JRzcBbGN6P7lCweRfxMkSGh9YrXbrkBXLEPtLHpTVEy65v1tWl02lC+ooVPyQpSjAQL0L69OQ7s7rnIXyb3rkSUzuGSxsLU1AXpWj0oYFB4wdeIdPAVPs83frC5s4kz42JruSAE2vsbvQURTVPChh+hO6+R6Irz+ZEZ1NSgjQkxvOXHW53CkXZSjjHbAB/nbJYi7YyK7kck99r38Ba/WBfIfywdFVVYfiiW5TS6XbQeVeilmmt5MLxBz96FxR6E6WR+cQwybEe94Fb/jD6xHA\u003d\u003d"
      ],
      "dp": "bQ9aXj8tHnj0qO8aAWapGokWX78OlvNzytYg4JSGyJ7pUQnRB4Ds2Lai6kgjniUiu5MX2kdceDbHykG5R-WDj0Ztv6UPV3jA3cOjDwVzwmiwBVmVQNRxzK31Ra8f4YJs9_o0bjmVvXQRchY9l9_Xkk_Hev2F2A540Fhk0tlbUBE",
      "dq": "XPYDZ_kxwZjtQb-XUBLBcvNV1jcDhba2stysXGv0SfvsxOg6G3qZ5xtsiyQxzAYen0LRttCBXkZXEtXXAodLRvJMwUXuYWtNCrBqxYDHkJogUDPnBXq-Hig6x8fsDJunH8JooCc-3WcFpHQcIZZdcwyXPVi59eAfWCwJlgHYYHk",
      "n": "3IXVqA9zCrmaz30WWjzZexdSuhagP_oVfgB-Y5S7XXeHhU4tho7c3wcNhsrGCKLYSf_47rV78-2OfhPY9WrSJVyqIXoaniwoTnD9splF90J7yog9LgP4kqkWl6wm8gdR5C-UC4Gnl0D2cZKnE6MZ7k_b5nM0ZfC-7H_bO13B4aYpu069th7hFWGK7ps65uiDxcQGYP3oSeqahE5qwfUef2QMkhyVtM_nWP9OVAzOGtJ8km4TdCrq9aF78No9u2YQuaUOJgeOnwKMBjmgEwcuaQe9DEQFXhzBtRmPlml2pTy2QDvxe1HgOTOsnh9igFvX70AGroY3PFY-lJAxC4Fd2w",
      "p": "_QaFFuyZriEWtbiKexy7pIYicgU0ePMepvyNuiiFqlsUFQ24q9gp_iWECDhi8qqss__i1LW_eHQATKWfqUc6HdDY-ickJXvVktrQiT-buvJ24iTtK_NooPMKQW976NIX39_sEPJ6ceo9ZDFxTTCkmJus3eXDJmRZT2YzSZJcvcc",
      "kty": "RSA",
      "q": "3x1_dyovnWXSr7y7ufe6AHUV0kHBYVrGW2vdNZxKrrgBW5r2mm93NnHsrG-mJlzW7kG_jR41bWf74sucGdwXTx96riRVy8bov9SzPCDl9_QCHzPpqZOxjngfzQYq1L1qJA2BAie0Sq6YZhgLJ1fWPLutEO5soIYAkLXSJ9IVb00",
      "qi": "eHhOb5NUDfMGXwNscjEcMrMFS425qsoJAXfGJ10hm8svZOkNYgVpb7Hs7oT8XytanRl0Gk8gKH0yhvya65B5ipyby17uBMkikNN-EeYoY2AkvEfM_nO0dvHbDdF11rkM5Q_SEDlGmojxnx4_Euj8WeuSgcwiCQkR23aZlQGx1Mg",
      "alg": "PS256"
    },
    {
      "p": "6-RGunw1LGXpsGIabzcG8n_ITbahS9waTzjcwLkzjWjyR5hxnTSrCMas9EsOuIt3qvkdf02psgwi-J0ZX680ujaXdeiPAeuOUbsLPBOhRuu-ySXxMTT7uiwWJmF5LtBx8Qd3hRV2sd9zOhYzSohcmWp8w_uKTOYrFzGtWMvlGic",
      "kty": "RSA",
      "q": "vn3cUU9RFc7pB3fjiEPGwYGA_h8f2X6dOqy-JYIMIiuYhPq6cT8xIlE-sHs58kZzC1QbOBc4y-qRyqj1L4StPaYH4mtJU0s_6A_b9Cai96yzYYmMr92be2nCFMxBpmpBhN21AIdGc640OxgWMdz5OVo455v1uIEQGPr2aDpOzVs",
      "d": "QrIJ9tPG7pSrt1KKSU-9EbAq-hU92FzEV9GwzuG_dbBPyRLYNVfAz-Yb8ug3YLuqec_kcB5JCep7QkYHgpNdX5WXFxARCpXa-J7Xq50oBdiAS2ehLpnYHXpJI7HqOcH9ASZML_MXjI8e_EpsI7Yk6xJ9qxk8bXGupw0C6anwL3NBe232zA7I1FnwL9tpZVOLPupeok7HMRbFc6QSR3dA54zJmkyEbyOSqzRqCK_g7AB_RcMImN0SoCg0epxZjrculIXPG0Gl1T3TG3WY-CBUtAkI1chFMGCgYF_v-FMSun8N6igilPC5O683BMcJoTK745khMCv7FcSCSFVh0H5vKQ",
      "e": "AQAB",
      "use": "enc",
      "kid": "0fe502dd-14f0-4f45-80f9-feb9a216f996",
      "qi": "W6TMI3L-Ob-Jx61TdYqN5gBoBsWF6KWuCmiE9ZiwJiMVCv5ddEbFafBuiIQgRnby1VpnH9j5KVb5PT_V78ohKFmpfL7ErXQerf_pJkEtvgK9lQta1EM1HMoShrJ4GdHPym_BZzDDmt6njvwTfSg95y28h-j5epuywcwu6TwAUA8",
      "dp": "a9rjD-8srNEoKVKhvYoObiBI6GeBllrb2K8qGCBV1ulOJbgo8nUbYpbci5Ip9-0k2RKwDv3mghcUglHqQRqt5BqD5BBiGsGmP-5is6RSEEhH4lar0hDkq_nuYrwcmXALOOZuGnZ239tIJx3xc7mnhSnwQ_emA4UV3LQFC12mse8",
      "alg": "RSA-OAEP",
      "dq": "Qk8TiyY-BoZg7Z2ZEYzuOdu3qD3zW0VMu-j3w5yyVo6wZ9HTZqplkxmO5eXvNNu7Hj1nwC2tMqZzm4UW3DSmDWinI_TOsHToSQKEQUfVwLtYMeKsm2dbwSj-SzkSvTgNmI-IeyebqZcBTXTD_RV7l7BFULIkZdZfYSKy9XMejTM",
      "n": "r4dl-ApW6c-fvDbfSVxHpdV8zi8VQW4b9-uHMRq7dzqCkvP8OAG1R3plSr1N6fL_YLiIr9y621XkyRiMEKR7-DeqGsLf2ZTaqrZ1LfYgjsc2i9o3NSOeSgBwKGmT7h1OgxZSbhLzo7Xaktu3CCUZCOWLzs7LKo_CvKkcTF7tPhK9jYjdTsdsnS0RJOPjYQe7JO83Mvhd1Ty3F-Qycd-cKKMSjcQRiHt9jKd09kA2fKVlFwbm2M1PM3NdtnMaOUw31-XC4ixay47XTMqnmX7-op7qYV9wXbeZmjTsAKFuTGwJiGJrOTfqciDLBW8IpGC2BzFJ5rYmRu0kAttpvkOG3Q"
    }
  ]
}
server_encryption_keys
{
  "keys": [
    {
      "p": "6-RGunw1LGXpsGIabzcG8n_ITbahS9waTzjcwLkzjWjyR5hxnTSrCMas9EsOuIt3qvkdf02psgwi-J0ZX680ujaXdeiPAeuOUbsLPBOhRuu-ySXxMTT7uiwWJmF5LtBx8Qd3hRV2sd9zOhYzSohcmWp8w_uKTOYrFzGtWMvlGic",
      "kty": "RSA",
      "q": "vn3cUU9RFc7pB3fjiEPGwYGA_h8f2X6dOqy-JYIMIiuYhPq6cT8xIlE-sHs58kZzC1QbOBc4y-qRyqj1L4StPaYH4mtJU0s_6A_b9Cai96yzYYmMr92be2nCFMxBpmpBhN21AIdGc640OxgWMdz5OVo455v1uIEQGPr2aDpOzVs",
      "d": "QrIJ9tPG7pSrt1KKSU-9EbAq-hU92FzEV9GwzuG_dbBPyRLYNVfAz-Yb8ug3YLuqec_kcB5JCep7QkYHgpNdX5WXFxARCpXa-J7Xq50oBdiAS2ehLpnYHXpJI7HqOcH9ASZML_MXjI8e_EpsI7Yk6xJ9qxk8bXGupw0C6anwL3NBe232zA7I1FnwL9tpZVOLPupeok7HMRbFc6QSR3dA54zJmkyEbyOSqzRqCK_g7AB_RcMImN0SoCg0epxZjrculIXPG0Gl1T3TG3WY-CBUtAkI1chFMGCgYF_v-FMSun8N6igilPC5O683BMcJoTK745khMCv7FcSCSFVh0H5vKQ",
      "e": "AQAB",
      "use": "enc",
      "kid": "0fe502dd-14f0-4f45-80f9-feb9a216f996",
      "qi": "W6TMI3L-Ob-Jx61TdYqN5gBoBsWF6KWuCmiE9ZiwJiMVCv5ddEbFafBuiIQgRnby1VpnH9j5KVb5PT_V78ohKFmpfL7ErXQerf_pJkEtvgK9lQta1EM1HMoShrJ4GdHPym_BZzDDmt6njvwTfSg95y28h-j5epuywcwu6TwAUA8",
      "dp": "a9rjD-8srNEoKVKhvYoObiBI6GeBllrb2K8qGCBV1ulOJbgo8nUbYpbci5Ip9-0k2RKwDv3mghcUglHqQRqt5BqD5BBiGsGmP-5is6RSEEhH4lar0hDkq_nuYrwcmXALOOZuGnZ239tIJx3xc7mnhSnwQ_emA4UV3LQFC12mse8",
      "alg": "RSA-OAEP",
      "dq": "Qk8TiyY-BoZg7Z2ZEYzuOdu3qD3zW0VMu-j3w5yyVo6wZ9HTZqplkxmO5eXvNNu7Hj1nwC2tMqZzm4UW3DSmDWinI_TOsHToSQKEQUfVwLtYMeKsm2dbwSj-SzkSvTgNmI-IeyebqZcBTXTD_RV7l7BFULIkZdZfYSKy9XMejTM",
      "n": "r4dl-ApW6c-fvDbfSVxHpdV8zi8VQW4b9-uHMRq7dzqCkvP8OAG1R3plSr1N6fL_YLiIr9y621XkyRiMEKR7-DeqGsLf2ZTaqrZ1LfYgjsc2i9o3NSOeSgBwKGmT7h1OgxZSbhLzo7Xaktu3CCUZCOWLzs7LKo_CvKkcTF7tPhK9jYjdTsdsnS0RJOPjYQe7JO83Mvhd1Ty3F-Qycd-cKKMSjcQRiHt9jKd09kA2fKVlFwbm2M1PM3NdtnMaOUw31-XC4ixay47XTMqnmX7-op7qYV9wXbeZmjTsAKFuTGwJiGJrOTfqciDLBW8IpGC2BzFJ5rYmRu0kAttpvkOG3Q"
    }
  ]
}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "X5d4vFYfLxaG1gg8_l3bFYFhUaUVmE6PaEsRWX2EYqM",
      "x5c": [
        "MIIGqzCCBZOgAwIBAgIUdUCw8bQZidnZ6uERKJuN9u4RGvcwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwxFTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNBTkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDgxNjA5NTUwMFoXDTIyMDkxNTA5NTUwMFowgacxCzAJBgNVBAYTAkJSMRMwEQYDVQQKEwpJQ1AtQnJhc2lsMS8wDAYDVQQLEwUxMjM0NTAOBgNVBAsTB2NlcnRtYW4wDwYDVQQLEwhhZ29vZG9uZTEcMBoGA1UEAxMTT3BlbiBCYW5raW5nIEJyYXNpbDE0MDIGCgmSJomT8ixkAQETJDc0ZTkyOWQ5LTMzYjYtNGQ4NS04YmE3LWMxNDZjODY3YTgxNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyF1agPcwq5ms99Flo82XsXUroWoD/6FX4AfmOUu113h4VOLYaO3N8HDYbKxgii2En/+O61e/Ptjn4T2PVq0iVcqiF6Gp4sKE5w/bKZRfdCe8qIPS4D+JKpFpesJvIHUeQvlAuBp5dA9nGSpxOjGe5P2+ZzNGXwvux/2ztdweGmKbtOvbYe4RVhiu6bOubog8XEBmD96EnqmoROasH1Hn9kDJIclbTP51j/TlQMzhrSfJJuE3Qq6vWhe/DaPbtmELmlDiYHjp8CjAY5oBMHLmkHvQxEBV4cwbUZj5ZpdqU8tkA78XtR4DkzrJ4fYoBb1+9ABq6GNzxWPpSQMQuBXdsCAwEAAaOCAwIwggL+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJwv7oHX2exZL304ru+4eGVypHlxMB8GA1UdIwQYMBaAFIZ/WK0X9YK2TrQFs/uwzhFD30y+MEwGCCsGAQUFBwEBBEAwPjA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc2FuZGJveC5wa2kub3BlbmJhbmtpbmdicmFzaWwub3JnLmJyMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwuc2FuZGJveC5wa2kub3BlbmJhbmtpbmdicmFzaWwub3JnLmJyL2lzc3Vlci5jcmwwXgYDVR0RBFcwVaAZBgVgTAEDAqAQDA5NaWNoYWVsIEZyYXNlcqAYBgVgTAEDA6APDA0xMzM1MzIzNjAwMTg5oA0GBWBMAQMEoAQMAm5voA8GBWBMAQMHoAYMBGFsb3QwDgYDVR0PAQH/BAQDAgbAMIIBoQYDVR0gBIIBmDCCAZQwggGQBgorBgEEAYO6L2QBMIIBgDCCATYGCCsGAQUFBwICMIIBKAyCASRUaGlzIENlcnRpZmljYXRlIGlzIHNvbGVseSBmb3IgdXNlIHdpdGggUmFpZGlhbSBTZXJ2aWNlcyBMaW1pdGVkIGFuZCBvdGhlciBwYXJ0aWNpcGF0aW5nIG9yZ2FuaXNhdGlvbnMgdXNpbmcgUmFpZGlhbSBTZXJ2aWNlcyBMaW1pdGVkcyBUcnVzdCBGcmFtZXdvcmsgU2VydmljZXMuIEl0cyByZWNlaXB0LCBwb3NzZXNzaW9uIG9yIHVzZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSYWlkaWFtIFNlcnZpY2VzIEx0ZCBDZXJ0aWNpY2F0ZSBQb2xpY3kgYW5kIHJlbGF0ZWQgZG9jdW1lbnRzIHRoZXJlaW4uMEQGCCsGAQUFBwIBFjhodHRwOi8vY3BzLnNhbmRib3gucGtpLm9wZW5iYW5raW5nYnJhc2lsLm9yZy5ici9wb2xpY2llczANBgkqhkiG9w0BAQsFAAOCAQEAtKn/QnJqKLp52YB14x+M21qwz67utFkWjhauQe0elXupjY5NWZb5wLrGYNOZQzRe2JRzcBbGN6P7lCweRfxMkSGh9YrXbrkBXLEPtLHpTVEy65v1tWl02lC+ooVPyQpSjAQL0L69OQ7s7rnIXyb3rkSUzuGSxsLU1AXpWj0oYFB4wdeIdPAVPs83frC5s4kz42JruSAE2vsbvQURTVPChh+hO6+R6Irz+ZEZ1NSgjQkxvOXHW53CkXZSjjHbAB/nbJYi7YyK7kck99r38Ba/WBfIfywdFVVYfiiW5TS6XbQeVeilmmt5MLxBz96FxR6E6WR+cQwybEe94Fb/jD6xHA\u003d\u003d"
      ],
      "alg": "PS256",
      "n": "3IXVqA9zCrmaz30WWjzZexdSuhagP_oVfgB-Y5S7XXeHhU4tho7c3wcNhsrGCKLYSf_47rV78-2OfhPY9WrSJVyqIXoaniwoTnD9splF90J7yog9LgP4kqkWl6wm8gdR5C-UC4Gnl0D2cZKnE6MZ7k_b5nM0ZfC-7H_bO13B4aYpu069th7hFWGK7ps65uiDxcQGYP3oSeqahE5qwfUef2QMkhyVtM_nWP9OVAzOGtJ8km4TdCrq9aF78No9u2YQuaUOJgeOnwKMBjmgEwcuaQe9DEQFXhzBtRmPlml2pTy2QDvxe1HgOTOsnh9igFvX70AGroY3PFY-lJAxC4Fd2w"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "0fe502dd-14f0-4f45-80f9-feb9a216f996",
      "alg": "RSA-OAEP",
      "n": "r4dl-ApW6c-fvDbfSVxHpdV8zi8VQW4b9-uHMRq7dzqCkvP8OAG1R3plSr1N6fL_YLiIr9y621XkyRiMEKR7-DeqGsLf2ZTaqrZ1LfYgjsc2i9o3NSOeSgBwKGmT7h1OgxZSbhLzo7Xaktu3CCUZCOWLzs7LKo_CvKkcTF7tPhK9jYjdTsdsnS0RJOPjYQe7JO83Mvhd1Ty3F-Qycd-cKKMSjcQRiHt9jKd09kA2fKVlFwbm2M1PM3NdtnMaOUw31-XC4ixay47XTMqnmX7-op7qYV9wXbeZmjTsAKFuTGwJiGJrOTfqciDLBW8IpGC2BzFJ5rYmRu0kAttpvkOG3Q"
    }
  ]
}
2021-12-16 19:19:53 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-12-16 19:19:53
SetServerSigningAlgToPS256
Successfully set signing algorithm to PS256
2021-12-16 19:19:53
FAPIBrazilSetGrantTypesSupportedInServerConfiguration
Successfully set grant_types_supported
server
{
  "issuer": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/userinfo",
  "mtls_endpoint_aliases": {
    "token_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token",
    "registration_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/register",
    "userinfo_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/userinfo"
  },
  "tls_client_certificate_bound_access_tokens": true,
  "request_parameter_supported": true,
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "client_credentials",
    "refresh_token"
  ]
}
2021-12-16 19:19:53
AddClaimsParameterSupportedTrueToServerConfiguration
Successfully added claims_parameter_supported to server configuration
server
{
  "issuer": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/userinfo",
  "mtls_endpoint_aliases": {
    "token_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token",
    "registration_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/register",
    "userinfo_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/userinfo"
  },
  "tls_client_certificate_bound_access_tokens": true,
  "request_parameter_supported": true,
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "client_credentials",
    "refresh_token"
  ],
  "claims_parameter_supported": true
}
2021-12-16 19:19:53
FAPIBrazilAddBrazilSpecificSettingsToServerConfiguration
Added open banking Brazil specific server settings
server
{
  "issuer": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/userinfo",
  "mtls_endpoint_aliases": {
    "token_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token",
    "registration_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/register",
    "userinfo_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/userinfo"
  },
  "tls_client_certificate_bound_access_tokens": true,
  "request_parameter_supported": true,
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "client_credentials",
    "refresh_token"
  ],
  "claims_parameter_supported": true,
  "request_object_encryption_alg_values_supported": [
    "RSA-OAEP"
  ],
  "request_object_encryption_enc_values_supported": [
    "A256GCM"
  ],
  "claims_supported": [
    "cpf",
    "cnpj",
    "acr"
  ],
  "acr_values_supported": [
    "urn:brasil:openbanking:loa2",
    "urn:brasil:openbanking:loa3"
  ],
  "id_token_signing_alg_values_supported": [
    "PS256"
  ],
  "request_object_signing_alg_values_supported": [
    "PS256"
  ],
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access",
    "consents",
    "resources",
    "payments"
  ]
}
2021-12-16 19:19:53
SetTokenEndpointAuthMethodsSupportedToPrivateKeyJWTOnly
Changed token_endpoint_auth_methods_supported to private_key_jwt only in server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/userinfo",
  "mtls_endpoint_aliases": {
    "token_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token",
    "registration_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/register",
    "userinfo_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/userinfo"
  },
  "tls_client_certificate_bound_access_tokens": true,
  "request_parameter_supported": true,
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "client_credentials",
    "refresh_token"
  ],
  "claims_parameter_supported": true,
  "request_object_encryption_alg_values_supported": [
    "RSA-OAEP"
  ],
  "request_object_encryption_enc_values_supported": [
    "A256GCM"
  ],
  "claims_supported": [
    "cpf",
    "cnpj",
    "acr"
  ],
  "acr_values_supported": [
    "urn:brasil:openbanking:loa2",
    "urn:brasil:openbanking:loa3"
  ],
  "id_token_signing_alg_values_supported": [
    "PS256"
  ],
  "request_object_signing_alg_values_supported": [
    "PS256"
  ],
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access",
    "consents",
    "resources",
    "payments"
  ],
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt"
  ]
}
2021-12-16 19:19:53
AddPushedAuthorizationRequestEndpointToServerConfig
Added pushed_authorization_request_endpoint to server configuration
endpoint
https://www.certification.openid.net/test/a/RP-Security-Test-PAN/par
2021-12-16 19:19:53
AddRequirePushedAuthorizationRequestsToServerConfig
Added require_pushed_authorization_requests to server configuration
value
true
2021-12-16 19:19:53 SUCCESS
AddResponseTypeCodeIdTokenToServerConfiguration
Added code id_token as response type supported
response_types_supported
[
  "code id_token"
]
2021-12-16 19:19:53 SUCCESS
FAPIBrazilAddTokenEndpointAuthSigningAlgValuesSupportedToServer
Set token_endpoint_auth_signing_alg_values_supported
values
[
  "PS256"
]
2021-12-16 19:19:53 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2021-12-16 19:19:53 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "d": "ZvivfZxJMbbdTQmxyE0lmE6ZuH8cMQOLyZxdaA5pNwm7ZEnPBEftZs8aR9ijhCDWMieui3h--rXwlXqbEm3g1sVgQ-WKTFV-NLKaJC1h-EU5HKdlOflstr7x57zhKp60ZIK69GyEXyJccUfzcD32u8raec9NplQ2MqS5MA1lnQFlocFoX1RNU4tSpEdJQq2UzqtX5WPhc88A6fTc1xu2fA5wyxzZu7fUjIETzLimcu-dDaEvvgm7c_A1ulm8EQuCN10k3FrIIe9RfuXHyxh9Rcd0aiIP9qwitxd5Cl0io7zby8MBIAaSei2co7y4tciBt4AfnzpBlGbtjgfr2gxD0Q",
      "e": "AQAB",
      "use": "sig",
      "kid": "X5d4vFYfLxaG1gg8_l3bFYFhUaUVmE6PaEsRWX2EYqM",
      "x5c": [
        "MIIGqzCCBZOgAwIBAgIUdUCw8bQZidnZ6uERKJuN9u4RGvcwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwxFTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNBTkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDgxNjA5NTUwMFoXDTIyMDkxNTA5NTUwMFowgacxCzAJBgNVBAYTAkJSMRMwEQYDVQQKEwpJQ1AtQnJhc2lsMS8wDAYDVQQLEwUxMjM0NTAOBgNVBAsTB2NlcnRtYW4wDwYDVQQLEwhhZ29vZG9uZTEcMBoGA1UEAxMTT3BlbiBCYW5raW5nIEJyYXNpbDE0MDIGCgmSJomT8ixkAQETJDc0ZTkyOWQ5LTMzYjYtNGQ4NS04YmE3LWMxNDZjODY3YTgxNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyF1agPcwq5ms99Flo82XsXUroWoD/6FX4AfmOUu113h4VOLYaO3N8HDYbKxgii2En/+O61e/Ptjn4T2PVq0iVcqiF6Gp4sKE5w/bKZRfdCe8qIPS4D+JKpFpesJvIHUeQvlAuBp5dA9nGSpxOjGe5P2+ZzNGXwvux/2ztdweGmKbtOvbYe4RVhiu6bOubog8XEBmD96EnqmoROasH1Hn9kDJIclbTP51j/TlQMzhrSfJJuE3Qq6vWhe/DaPbtmELmlDiYHjp8CjAY5oBMHLmkHvQxEBV4cwbUZj5ZpdqU8tkA78XtR4DkzrJ4fYoBb1+9ABq6GNzxWPpSQMQuBXdsCAwEAAaOCAwIwggL+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJwv7oHX2exZL304ru+4eGVypHlxMB8GA1UdIwQYMBaAFIZ/WK0X9YK2TrQFs/uwzhFD30y+MEwGCCsGAQUFBwEBBEAwPjA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc2FuZGJveC5wa2kub3BlbmJhbmtpbmdicmFzaWwub3JnLmJyMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwuc2FuZGJveC5wa2kub3BlbmJhbmtpbmdicmFzaWwub3JnLmJyL2lzc3Vlci5jcmwwXgYDVR0RBFcwVaAZBgVgTAEDAqAQDA5NaWNoYWVsIEZyYXNlcqAYBgVgTAEDA6APDA0xMzM1MzIzNjAwMTg5oA0GBWBMAQMEoAQMAm5voA8GBWBMAQMHoAYMBGFsb3QwDgYDVR0PAQH/BAQDAgbAMIIBoQYDVR0gBIIBmDCCAZQwggGQBgorBgEEAYO6L2QBMIIBgDCCATYGCCsGAQUFBwICMIIBKAyCASRUaGlzIENlcnRpZmljYXRlIGlzIHNvbGVseSBmb3IgdXNlIHdpdGggUmFpZGlhbSBTZXJ2aWNlcyBMaW1pdGVkIGFuZCBvdGhlciBwYXJ0aWNpcGF0aW5nIG9yZ2FuaXNhdGlvbnMgdXNpbmcgUmFpZGlhbSBTZXJ2aWNlcyBMaW1pdGVkcyBUcnVzdCBGcmFtZXdvcmsgU2VydmljZXMuIEl0cyByZWNlaXB0LCBwb3NzZXNzaW9uIG9yIHVzZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSYWlkaWFtIFNlcnZpY2VzIEx0ZCBDZXJ0aWNpY2F0ZSBQb2xpY3kgYW5kIHJlbGF0ZWQgZG9jdW1lbnRzIHRoZXJlaW4uMEQGCCsGAQUFBwIBFjhodHRwOi8vY3BzLnNhbmRib3gucGtpLm9wZW5iYW5raW5nYnJhc2lsLm9yZy5ici9wb2xpY2llczANBgkqhkiG9w0BAQsFAAOCAQEAtKn/QnJqKLp52YB14x+M21qwz67utFkWjhauQe0elXupjY5NWZb5wLrGYNOZQzRe2JRzcBbGN6P7lCweRfxMkSGh9YrXbrkBXLEPtLHpTVEy65v1tWl02lC+ooVPyQpSjAQL0L69OQ7s7rnIXyb3rkSUzuGSxsLU1AXpWj0oYFB4wdeIdPAVPs83frC5s4kz42JruSAE2vsbvQURTVPChh+hO6+R6Irz+ZEZ1NSgjQkxvOXHW53CkXZSjjHbAB/nbJYi7YyK7kck99r38Ba/WBfIfywdFVVYfiiW5TS6XbQeVeilmmt5MLxBz96FxR6E6WR+cQwybEe94Fb/jD6xHA\u003d\u003d"
      ],
      "dp": "bQ9aXj8tHnj0qO8aAWapGokWX78OlvNzytYg4JSGyJ7pUQnRB4Ds2Lai6kgjniUiu5MX2kdceDbHykG5R-WDj0Ztv6UPV3jA3cOjDwVzwmiwBVmVQNRxzK31Ra8f4YJs9_o0bjmVvXQRchY9l9_Xkk_Hev2F2A540Fhk0tlbUBE",
      "dq": "XPYDZ_kxwZjtQb-XUBLBcvNV1jcDhba2stysXGv0SfvsxOg6G3qZ5xtsiyQxzAYen0LRttCBXkZXEtXXAodLRvJMwUXuYWtNCrBqxYDHkJogUDPnBXq-Hig6x8fsDJunH8JooCc-3WcFpHQcIZZdcwyXPVi59eAfWCwJlgHYYHk",
      "n": "3IXVqA9zCrmaz30WWjzZexdSuhagP_oVfgB-Y5S7XXeHhU4tho7c3wcNhsrGCKLYSf_47rV78-2OfhPY9WrSJVyqIXoaniwoTnD9splF90J7yog9LgP4kqkWl6wm8gdR5C-UC4Gnl0D2cZKnE6MZ7k_b5nM0ZfC-7H_bO13B4aYpu069th7hFWGK7ps65uiDxcQGYP3oSeqahE5qwfUef2QMkhyVtM_nWP9OVAzOGtJ8km4TdCrq9aF78No9u2YQuaUOJgeOnwKMBjmgEwcuaQe9DEQFXhzBtRmPlml2pTy2QDvxe1HgOTOsnh9igFvX70AGroY3PFY-lJAxC4Fd2w",
      "p": "_QaFFuyZriEWtbiKexy7pIYicgU0ePMepvyNuiiFqlsUFQ24q9gp_iWECDhi8qqss__i1LW_eHQATKWfqUc6HdDY-ickJXvVktrQiT-buvJ24iTtK_NooPMKQW976NIX39_sEPJ6ceo9ZDFxTTCkmJus3eXDJmRZT2YzSZJcvcc",
      "kty": "RSA",
      "q": "3x1_dyovnWXSr7y7ufe6AHUV0kHBYVrGW2vdNZxKrrgBW5r2mm93NnHsrG-mJlzW7kG_jR41bWf74sucGdwXTx96riRVy8bov9SzPCDl9_QCHzPpqZOxjngfzQYq1L1qJA2BAie0Sq6YZhgLJ1fWPLutEO5soIYAkLXSJ9IVb00",
      "qi": "eHhOb5NUDfMGXwNscjEcMrMFS425qsoJAXfGJ10hm8svZOkNYgVpb7Hs7oT8XytanRl0Gk8gKH0yhvya65B5ipyby17uBMkikNN-EeYoY2AkvEfM_nO0dvHbDdF11rkM5Q_SEDlGmojxnx4_Euj8WeuSgcwiCQkR23aZlQGx1Mg",
      "alg": "PS256"
    },
    {
      "p": "6-RGunw1LGXpsGIabzcG8n_ITbahS9waTzjcwLkzjWjyR5hxnTSrCMas9EsOuIt3qvkdf02psgwi-J0ZX680ujaXdeiPAeuOUbsLPBOhRuu-ySXxMTT7uiwWJmF5LtBx8Qd3hRV2sd9zOhYzSohcmWp8w_uKTOYrFzGtWMvlGic",
      "kty": "RSA",
      "q": "vn3cUU9RFc7pB3fjiEPGwYGA_h8f2X6dOqy-JYIMIiuYhPq6cT8xIlE-sHs58kZzC1QbOBc4y-qRyqj1L4StPaYH4mtJU0s_6A_b9Cai96yzYYmMr92be2nCFMxBpmpBhN21AIdGc640OxgWMdz5OVo455v1uIEQGPr2aDpOzVs",
      "d": "QrIJ9tPG7pSrt1KKSU-9EbAq-hU92FzEV9GwzuG_dbBPyRLYNVfAz-Yb8ug3YLuqec_kcB5JCep7QkYHgpNdX5WXFxARCpXa-J7Xq50oBdiAS2ehLpnYHXpJI7HqOcH9ASZML_MXjI8e_EpsI7Yk6xJ9qxk8bXGupw0C6anwL3NBe232zA7I1FnwL9tpZVOLPupeok7HMRbFc6QSR3dA54zJmkyEbyOSqzRqCK_g7AB_RcMImN0SoCg0epxZjrculIXPG0Gl1T3TG3WY-CBUtAkI1chFMGCgYF_v-FMSun8N6igilPC5O683BMcJoTK745khMCv7FcSCSFVh0H5vKQ",
      "e": "AQAB",
      "use": "enc",
      "kid": "0fe502dd-14f0-4f45-80f9-feb9a216f996",
      "qi": "W6TMI3L-Ob-Jx61TdYqN5gBoBsWF6KWuCmiE9ZiwJiMVCv5ddEbFafBuiIQgRnby1VpnH9j5KVb5PT_V78ohKFmpfL7ErXQerf_pJkEtvgK9lQta1EM1HMoShrJ4GdHPym_BZzDDmt6njvwTfSg95y28h-j5epuywcwu6TwAUA8",
      "dp": "a9rjD-8srNEoKVKhvYoObiBI6GeBllrb2K8qGCBV1ulOJbgo8nUbYpbci5Ip9-0k2RKwDv3mghcUglHqQRqt5BqD5BBiGsGmP-5is6RSEEhH4lar0hDkq_nuYrwcmXALOOZuGnZ239tIJx3xc7mnhSnwQ_emA4UV3LQFC12mse8",
      "alg": "RSA-OAEP",
      "dq": "Qk8TiyY-BoZg7Z2ZEYzuOdu3qD3zW0VMu-j3w5yyVo6wZ9HTZqplkxmO5eXvNNu7Hj1nwC2tMqZzm4UW3DSmDWinI_TOsHToSQKEQUfVwLtYMeKsm2dbwSj-SzkSvTgNmI-IeyebqZcBTXTD_RV7l7BFULIkZdZfYSKy9XMejTM",
      "n": "r4dl-ApW6c-fvDbfSVxHpdV8zi8VQW4b9-uHMRq7dzqCkvP8OAG1R3plSr1N6fL_YLiIr9y621XkyRiMEKR7-DeqGsLf2ZTaqrZ1LfYgjsc2i9o3NSOeSgBwKGmT7h1OgxZSbhLzo7Xaktu3CCUZCOWLzs7LKo_CvKkcTF7tPhK9jYjdTsdsnS0RJOPjYQe7JO83Mvhd1Ty3F-Qycd-cKKMSjcQRiHt9jKd09kA2fKVlFwbm2M1PM3NdtnMaOUw31-XC4ixay47XTMqnmX7-op7qYV9wXbeZmjTsAKFuTGwJiGJrOTfqciDLBW8IpGC2BzFJ5rYmRu0kAttpvkOG3Q"
    }
  ]
}
2021-12-16 19:19:53 SUCCESS
LoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "email": "user@example.com",
  "email_verified": false
}
Verify configuration of first client
2021-12-16 19:19:53 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
SBSfBTOJMVQBBL848VGXI
redirect_uri
https://api-openbanking-hml.bancopan.com.br/tpp/callback
certificate
-----BEGIN CERTIFICATE-----
MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL
BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx
FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB
TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz
MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD
o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct
NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j
b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk
YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ
cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4
9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r
iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6
i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV
CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3
5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC
AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO
EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z
YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA
oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v
cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC
D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k
ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz
b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg
b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g
U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg
cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j
ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5
IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0
cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s
aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL
8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs
ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0
QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY
YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG
OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks=
-----END CERTIFICATE-----
jwks
{
  "keys": [
    {
      "alg": "PS256",
      "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
      "kty": "RSA",
      "n": "s6TziphxtrX8j3vjj4KG-sIowBuRnLa8qqs48z0uZ6Agzk9mJH0D8noFgQ_n1tgdo9et8B3fUxhE1l3gQtMOS2mtH9rE6HuJXJjjIPLpOxNsxa7UPQSEZlfP_o6uJOkidGxpDF66x7Xb5n5KBZEV_wbPTeLcB9XNkfoGvCw1o-Ni5tEg7o2oN9thmSYznSrbRUeM15dmBxz6ZYhtKdGM3z_aK6nva4lkGUrps1RZlcWShocDVaz8DXLBt2M5d-YbCLfsF4sDy5BqPk-WccQJr2do7sGA1n38tUQbY5TKw5i6bgHxlxupWvrFEc4s0yHXiSgvzLDMOiM3-5jMBdv6ew",
      "e": "AQAB"
    }
  ]
}
2021-12-16 19:19:53 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-12-16 19:19:53 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "alg": "PS256",
      "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
      "kty": "RSA",
      "n": "s6TziphxtrX8j3vjj4KG-sIowBuRnLa8qqs48z0uZ6Agzk9mJH0D8noFgQ_n1tgdo9et8B3fUxhE1l3gQtMOS2mtH9rE6HuJXJjjIPLpOxNsxa7UPQSEZlfP_o6uJOkidGxpDF66x7Xb5n5KBZEV_wbPTeLcB9XNkfoGvCw1o-Ni5tEg7o2oN9thmSYznSrbRUeM15dmBxz6ZYhtKdGM3z_aK6nva4lkGUrps1RZlcWShocDVaz8DXLBt2M5d-YbCLfsF4sDy5BqPk-WccQJr2do7sGA1n38tUQbY5TKw5i6bgHxlxupWvrFEc4s0yHXiSgvzLDMOiM3-5jMBdv6ew",
      "e": "AQAB"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
      "alg": "PS256",
      "n": "s6TziphxtrX8j3vjj4KG-sIowBuRnLa8qqs48z0uZ6Agzk9mJH0D8noFgQ_n1tgdo9et8B3fUxhE1l3gQtMOS2mtH9rE6HuJXJjjIPLpOxNsxa7UPQSEZlfP_o6uJOkidGxpDF66x7Xb5n5KBZEV_wbPTeLcB9XNkfoGvCw1o-Ni5tEg7o2oN9thmSYznSrbRUeM15dmBxz6ZYhtKdGM3z_aK6nva4lkGUrps1RZlcWShocDVaz8DXLBt2M5d-YbCLfsF4sDy5BqPk-WccQJr2do7sGA1n38tUQbY5TKw5i6bgHxlxupWvrFEc4s0yHXiSgvzLDMOiM3-5jMBdv6ew"
    }
  ]
}
2021-12-16 19:19:53 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-12-16 19:19:53 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-12-16 19:19:53 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "alg": "PS256",
      "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
      "kty": "RSA",
      "n": "s6TziphxtrX8j3vjj4KG-sIowBuRnLa8qqs48z0uZ6Agzk9mJH0D8noFgQ_n1tgdo9et8B3fUxhE1l3gQtMOS2mtH9rE6HuJXJjjIPLpOxNsxa7UPQSEZlfP_o6uJOkidGxpDF66x7Xb5n5KBZEV_wbPTeLcB9XNkfoGvCw1o-Ni5tEg7o2oN9thmSYznSrbRUeM15dmBxz6ZYhtKdGM3z_aK6nva4lkGUrps1RZlcWShocDVaz8DXLBt2M5d-YbCLfsF4sDy5BqPk-WccQJr2do7sGA1n38tUQbY5TKw5i6bgHxlxupWvrFEc4s0yHXiSgvzLDMOiM3-5jMBdv6ew",
      "e": "AQAB"
    }
  ]
}
Verify configuration of second client
2021-12-16 19:19:53 SUCCESS
GetStaticClient2Configuration
Found a static second client object
redirect_uri
https://api-openbanking-hml.bancopan.com.br/tpp/callback
id_token_encrypted_response_alg
RSA-OAEP
id_token_encrypted_response_enc
A256GCM
client_id
Lk4dFn0ve0wnQiN37NSDR
jwks
{
  "keys": [
    {
      "alg": "PS256",
      "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
      "kty": "RSA",
      "n": "s6TziphxtrX8j3vjj4KG-sIowBuRnLa8qqs48z0uZ6Agzk9mJH0D8noFgQ_n1tgdo9et8B3fUxhE1l3gQtMOS2mtH9rE6HuJXJjjIPLpOxNsxa7UPQSEZlfP_o6uJOkidGxpDF66x7Xb5n5KBZEV_wbPTeLcB9XNkfoGvCw1o-Ni5tEg7o2oN9thmSYznSrbRUeM15dmBxz6ZYhtKdGM3z_aK6nva4lkGUrps1RZlcWShocDVaz8DXLBt2M5d-YbCLfsF4sDy5BqPk-WccQJr2do7sGA1n38tUQbY5TKw5i6bgHxlxupWvrFEc4s0yHXiSgvzLDMOiM3-5jMBdv6ew",
      "e": "AQAB"
    },
    {
      "kty": "RSA",
      "use": "enc",
      "alg": "PS256",
      "n": "xY64ckpxUTXk7Q9e_ulwxLogYEzJ7tZswwGt7EesKk8E_Sq9o4ybEq-tWL2l_h_Q38Y8MkyxPsiKQqzwXdb5npvtZ5fv-QF3u2eqryqWm3ialiWZtIG48ia__ApswN1JZUX_3YdrzwdxJjc-SeSR0eTXB21WvJ5DxhfX8aiU8p93oHP_K7nqjUAr241XNYK119KvDI0pVbaJuwXqWJvLXWnLLfWyZXCsuoMc0yU9yEeos2CkJlEyslNF37q2M_rv-52yrevzhJ_OJjxc2As-U2EpoKAOfhqa-sVSEGEaa-YApVNV-KmEE3nw-6T7sqBBvp7sbtXuKq8RoFaQkA2kzQ",
      "e": "AQAB",
      "kid": "5997c113bd799f7e61039be31353e4e5917c28a3536ee7d0f44d5bfbf301cc55"
    }
  ]
}
certificate
-----BEGIN CERTIFICATE-----
MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL
BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx
FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB
TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz
MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD
o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct
NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j
b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk
YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ
cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4
9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r
iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6
i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV
CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3
5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC
AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO
EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z
YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA
oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v
cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC
D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k
ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz
b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg
b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g
U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg
cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j
ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5
IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0
cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s
aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL
8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs
ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0
QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY
YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG
OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks=
-----END CERTIFICATE-----
2021-12-16 19:19:53 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2021-12-16 19:19:53 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "alg": "PS256",
      "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
      "kty": "RSA",
      "n": "s6TziphxtrX8j3vjj4KG-sIowBuRnLa8qqs48z0uZ6Agzk9mJH0D8noFgQ_n1tgdo9et8B3fUxhE1l3gQtMOS2mtH9rE6HuJXJjjIPLpOxNsxa7UPQSEZlfP_o6uJOkidGxpDF66x7Xb5n5KBZEV_wbPTeLcB9XNkfoGvCw1o-Ni5tEg7o2oN9thmSYznSrbRUeM15dmBxz6ZYhtKdGM3z_aK6nva4lkGUrps1RZlcWShocDVaz8DXLBt2M5d-YbCLfsF4sDy5BqPk-WccQJr2do7sGA1n38tUQbY5TKw5i6bgHxlxupWvrFEc4s0yHXiSgvzLDMOiM3-5jMBdv6ew",
      "e": "AQAB"
    },
    {
      "kty": "RSA",
      "use": "enc",
      "alg": "PS256",
      "n": "xY64ckpxUTXk7Q9e_ulwxLogYEzJ7tZswwGt7EesKk8E_Sq9o4ybEq-tWL2l_h_Q38Y8MkyxPsiKQqzwXdb5npvtZ5fv-QF3u2eqryqWm3ialiWZtIG48ia__ApswN1JZUX_3YdrzwdxJjc-SeSR0eTXB21WvJ5DxhfX8aiU8p93oHP_K7nqjUAr241XNYK119KvDI0pVbaJuwXqWJvLXWnLLfWyZXCsuoMc0yU9yEeos2CkJlEyslNF37q2M_rv-52yrevzhJ_OJjxc2As-U2EpoKAOfhqa-sVSEGEaa-YApVNV-KmEE3nw-6T7sqBBvp7sbtXuKq8RoFaQkA2kzQ",
      "e": "AQAB",
      "kid": "5997c113bd799f7e61039be31353e4e5917c28a3536ee7d0f44d5bfbf301cc55"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
      "alg": "PS256",
      "n": "s6TziphxtrX8j3vjj4KG-sIowBuRnLa8qqs48z0uZ6Agzk9mJH0D8noFgQ_n1tgdo9et8B3fUxhE1l3gQtMOS2mtH9rE6HuJXJjjIPLpOxNsxa7UPQSEZlfP_o6uJOkidGxpDF66x7Xb5n5KBZEV_wbPTeLcB9XNkfoGvCw1o-Ni5tEg7o2oN9thmSYznSrbRUeM15dmBxz6ZYhtKdGM3z_aK6nva4lkGUrps1RZlcWShocDVaz8DXLBt2M5d-YbCLfsF4sDy5BqPk-WccQJr2do7sGA1n38tUQbY5TKw5i6bgHxlxupWvrFEc4s0yHXiSgvzLDMOiM3-5jMBdv6ew"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "5997c113bd799f7e61039be31353e4e5917c28a3536ee7d0f44d5bfbf301cc55",
      "alg": "PS256",
      "n": "xY64ckpxUTXk7Q9e_ulwxLogYEzJ7tZswwGt7EesKk8E_Sq9o4ybEq-tWL2l_h_Q38Y8MkyxPsiKQqzwXdb5npvtZ5fv-QF3u2eqryqWm3ialiWZtIG48ia__ApswN1JZUX_3YdrzwdxJjc-SeSR0eTXB21WvJ5DxhfX8aiU8p93oHP_K7nqjUAr241XNYK119KvDI0pVbaJuwXqWJvLXWnLLfWyZXCsuoMc0yU9yEeos2CkJlEyslNF37q2M_rv-52yrevzhJ_OJjxc2As-U2EpoKAOfhqa-sVSEGEaa-YApVNV-KmEE3nw-6T7sqBBvp7sbtXuKq8RoFaQkA2kzQ"
    }
  ]
}
2021-12-16 19:19:53 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2021-12-16 19:19:53 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2021-12-16 19:19:53 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "alg": "PS256",
      "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
      "kty": "RSA",
      "n": "s6TziphxtrX8j3vjj4KG-sIowBuRnLa8qqs48z0uZ6Agzk9mJH0D8noFgQ_n1tgdo9et8B3fUxhE1l3gQtMOS2mtH9rE6HuJXJjjIPLpOxNsxa7UPQSEZlfP_o6uJOkidGxpDF66x7Xb5n5KBZEV_wbPTeLcB9XNkfoGvCw1o-Ni5tEg7o2oN9thmSYznSrbRUeM15dmBxz6ZYhtKdGM3z_aK6nva4lkGUrps1RZlcWShocDVaz8DXLBt2M5d-YbCLfsF4sDy5BqPk-WccQJr2do7sGA1n38tUQbY5TKw5i6bgHxlxupWvrFEc4s0yHXiSgvzLDMOiM3-5jMBdv6ew",
      "e": "AQAB"
    },
    {
      "kty": "RSA",
      "use": "enc",
      "alg": "PS256",
      "n": "xY64ckpxUTXk7Q9e_ulwxLogYEzJ7tZswwGt7EesKk8E_Sq9o4ybEq-tWL2l_h_Q38Y8MkyxPsiKQqzwXdb5npvtZ5fv-QF3u2eqryqWm3ialiWZtIG48ia__ApswN1JZUX_3YdrzwdxJjc-SeSR0eTXB21WvJ5DxhfX8aiU8p93oHP_K7nqjUAr241XNYK119KvDI0pVbaJuwXqWJvLXWnLLfWyZXCsuoMc0yU9yEeos2CkJlEyslNF37q2M_rv-52yrevzhJ_OJjxc2As-U2EpoKAOfhqa-sVSEGEaa-YApVNV-KmEE3nw-6T7sqBBvp7sbtXuKq8RoFaQkA2kzQ",
      "e": "AQAB",
      "kid": "5997c113bd799f7e61039be31353e4e5917c28a3536ee7d0f44d5bfbf301cc55"
    }
  ]
}
2021-12-16 19:19:53
fapi1-advanced-final-client-refresh-token-test
Setup Done
2021-12-16 19:20:00 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate, br",
  "connection": "close"
}
incoming_path
/test/a/RP-Security-Test-PAN/.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-12-16 19:20:00 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-12-16 19:20:01 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/userinfo",
  "mtls_endpoint_aliases": {
    "token_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token",
    "registration_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/register",
    "userinfo_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/userinfo",
    "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/par"
  },
  "tls_client_certificate_bound_access_tokens": true,
  "request_parameter_supported": true,
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "client_credentials",
    "refresh_token"
  ],
  "claims_parameter_supported": true,
  "request_object_encryption_alg_values_supported": [
    "RSA-OAEP"
  ],
  "request_object_encryption_enc_values_supported": [
    "A256GCM"
  ],
  "claims_supported": [
    "cpf",
    "cnpj",
    "acr"
  ],
  "acr_values_supported": [
    "urn:brasil:openbanking:loa2",
    "urn:brasil:openbanking:loa3"
  ],
  "id_token_signing_alg_values_supported": [
    "PS256"
  ],
  "request_object_signing_alg_values_supported": [
    "PS256"
  ],
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access",
    "consents",
    "resources",
    "payments"
  ],
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt"
  ],
  "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/par",
  "require_pushed_authorization_requests": true,
  "response_types_supported": [
    "code id_token"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS256"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-12-16 19:20:01 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "content-type": "application/x-www-form-urlencoded",
  "accept-encoding": "gzip, deflate, br",
  "content-length": "1210",
  "connection": "close"
}
incoming_path
/test-mtls/a/RP-Security-Test-PAN/token
incoming_body_form_params
{
  "scope": "consents",
  "grant_type": "client_credentials",
  "redirect_uri": "https://api-openbanking-hml.bancopan.com.br/tpp/callback",
  "client_id": "SBSfBTOJMVQBBL848VGXI",
  "client_assertion": "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDEsImV4cCI6MTYzOTY4MjQ2MSwianRpIjoiemZ4S3VYeVNJc1hCSEpmRGVfWENLRkRLNkplMGJObkJib0xqa3R3YVpHWSIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.V5fTITB3af31vLSO1pIAJ6f-6qOa7x68LmrWse3xciNhXMS-RiXmK2SN5axDZOSlHsFh0Bq7s7_mBylZJnu7lfA5Lv9G7El4zWQZ0QxkQefchs2zJBzQMWMi-V2qloP0RTbOXbncPzAunI1yuiJhs2aEQTiQSGK94lt9SyYnY8llRyEzqZsirCWuDfH6_nYtpTfc2jX1b2wS90_u2Zq4ZruJtxALNsRHXwvJk6Alz70DvppZcyfelSMyOMc7v3Mekkv3MAXJk0lSn1Do6SXY8VG0rX7QDtPK-yQYWyy3-kxYHlGdCyAUOGG9XOX7Ajo7AiOVhv5-mwPidkmCXuTPlg",
  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
}
incoming_method
POST
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
-----BEGIN CERTIFICATE----- MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4 9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6 i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3 5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5 IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0 cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL 8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0 QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks= -----END CERTIFICATE-----
incoming_body_json
incoming_query_string_params
{}
incoming_body
scope=consents&grant_type=client_credentials&redirect_uri=https%3A%2F%2Fapi-openbanking-hml.bancopan.com.br%2Ftpp%2Fcallback&client_id=SBSfBTOJMVQBBL848VGXI&client_assertion=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDEsImV4cCI6MTYzOTY4MjQ2MSwianRpIjoiemZ4S3VYeVNJc1hCSEpmRGVfWENLRkRLNkplMGJObkJib0xqa3R3YVpHWSIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.V5fTITB3af31vLSO1pIAJ6f-6qOa7x68LmrWse3xciNhXMS-RiXmK2SN5axDZOSlHsFh0Bq7s7_mBylZJnu7lfA5Lv9G7El4zWQZ0QxkQefchs2zJBzQMWMi-V2qloP0RTbOXbncPzAunI1yuiJhs2aEQTiQSGK94lt9SyYnY8llRyEzqZsirCWuDfH6_nYtpTfc2jX1b2wS90_u2Zq4ZruJtxALNsRHXwvJk6Alz70DvppZcyfelSMyOMc7v3Mekkv3MAXJk0lSn1Do6SXY8VG0rX7QDtPK-yQYWyy3-kxYHlGdCyAUOGG9XOX7Ajo7AiOVhv5-mwPidkmCXuTPlg&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
2021-12-16 19:20:01 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Token endpoint
2021-12-16 19:20:01 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4 9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6 i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3 5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5 IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0 cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL 8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0 QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL\nBQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx\nFTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB\nTkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz\nMjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD\no28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct\nNjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j\nb20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk\nYWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ\ncml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4\n9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r\niu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6\ni56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV\nCLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3\n5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC\nAtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO\nEUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z\nYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA\noD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v\ncmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB\nBQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC\nD2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k\nATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz\nb2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg\nb3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g\nU2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg\ncmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j\nZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5\nIGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0\ncDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s\naWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL\n8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs\nZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0\nQZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY\nYFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG\nOZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "1.3.6.1.4.1.311.60.2.1.3\u003d#13024252,2.5.4.15\u003d#131450726976617465204f7267616e697a6174696f6e,UID\u003dac60fe65-58ca-44c3-9352-6f556c5cb98e,2.5.4.5\u003d#130e3539323835343131303030313133,CN\u003dbancopan.com.br,OU\u003db6a214c7-6332-5a41-8464-a281fb9a4ca0,O\u003dBANCO PAN,L\u003dSão Paulo,ST\u003dSP,C\u003dBR"
  },
  "sanDnsNames": [
    "bancopan.com.br"
  ],
  "sanUris": [],
  "sanIPs": [],
  "sanEmails": []
}
2021-12-16 19:20:01 SUCCESS
CheckForClientCertificate
Found client certificate
2021-12-16 19:20:01 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL
BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx
FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB
TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz
MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD
o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct
NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j
b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk
YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ
cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4
9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r
iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6
i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV
CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3
5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC
AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO
EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z
YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA
oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v
cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC
D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k
ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz
b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg
b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g
U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg
cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j
ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5
IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0
cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s
aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL
8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs
ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0
QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY
YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG
OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks=
-----END CERTIFICATE-----
2021-12-16 19:20:01 SUCCESS
ExtractClientAssertion
Parsed client assertion
client_assertion
{
  "value": "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDEsImV4cCI6MTYzOTY4MjQ2MSwianRpIjoiemZ4S3VYeVNJc1hCSEpmRGVfWENLRkRLNkplMGJObkJib0xqa3R3YVpHWSIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.V5fTITB3af31vLSO1pIAJ6f-6qOa7x68LmrWse3xciNhXMS-RiXmK2SN5axDZOSlHsFh0Bq7s7_mBylZJnu7lfA5Lv9G7El4zWQZ0QxkQefchs2zJBzQMWMi-V2qloP0RTbOXbncPzAunI1yuiJhs2aEQTiQSGK94lt9SyYnY8llRyEzqZsirCWuDfH6_nYtpTfc2jX1b2wS90_u2Zq4ZruJtxALNsRHXwvJk6Alz70DvppZcyfelSMyOMc7v3Mekkv3MAXJk0lSn1Do6SXY8VG0rX7QDtPK-yQYWyy3-kxYHlGdCyAUOGG9XOX7Ajo7AiOVhv5-mwPidkmCXuTPlg",
  "header": {
    "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
    "typ": "JWT",
    "alg": "PS256"
  },
  "claims": {
    "sub": "SBSfBTOJMVQBBL848VGXI",
    "aud": [
      "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
      "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
      "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token"
    ],
    "iss": "SBSfBTOJMVQBBL848VGXI",
    "exp": 1639682461,
    "iat": 1639682401,
    "jti": "zfxKuXySIsXBHJfDe_XCKFDK6Je0bNnBboLjktwaZGY"
  }
}
2021-12-16 19:20:01
EnsureClientAssertionSignatureAlgorithmMatchesRegistered
token_endpoint_auth_signing_alg is not set for the client, any supported algorithm can be used
2021-12-16 19:20:01 SUCCESS
ValidateClientAssertionSignature
client_assertion signature validated
client_assertion
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDEsImV4cCI6MTYzOTY4MjQ2MSwianRpIjoiemZ4S3VYeVNJc1hCSEpmRGVfWENLRkRLNkplMGJObkJib0xqa3R3YVpHWSIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.V5fTITB3af31vLSO1pIAJ6f-6qOa7x68LmrWse3xciNhXMS-RiXmK2SN5axDZOSlHsFh0Bq7s7_mBylZJnu7lfA5Lv9G7El4zWQZ0QxkQefchs2zJBzQMWMi-V2qloP0RTbOXbncPzAunI1yuiJhs2aEQTiQSGK94lt9SyYnY8llRyEzqZsirCWuDfH6_nYtpTfc2jX1b2wS90_u2Zq4ZruJtxALNsRHXwvJk6Alz70DvppZcyfelSMyOMc7v3Mekkv3MAXJk0lSn1Do6SXY8VG0rX7QDtPK-yQYWyy3-kxYHlGdCyAUOGG9XOX7Ajo7AiOVhv5-mwPidkmCXuTPlg
2021-12-16 19:20:01 SUCCESS
EnsureClientAssertionTypeIsJwt
Found JWT assertion type
assertion type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2021-12-16 19:20:01 SUCCESS
ValidateClientAssertionClaims
Client Assertion passed all validation checks
2021-12-16 19:20:01 SUCCESS
FAPIBrazilExtractRequestedScopeFromClientCredentialsGrant
Found 'consents' scope in request
actual
[
  "consents"
]
expected
consents
2021-12-16 19:20:01 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
uFq0Ob1MosBlKto6iwNj6kF3c3NITGRlX5TY7XSsX5VGQZEE5M
2021-12-16 19:20:01 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
uFq0Ob1MosBlKto6iwNj6kF3c3NITGRlX5TY7XSsX5VGQZEE5M
token_type
Bearer
2021-12-16 19:20:01
CopyAccessTokenToClientCredentialsField
Condition ran but did not log anything
2021-12-16 19:20:01 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "uFq0Ob1MosBlKto6iwNj6kF3c3NITGRlX5TY7XSsX5VGQZEE5M",
  "token_type": "Bearer"
}
outgoing_path
token
2021-12-16 19:20:01 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "application/json, text/plain, */*",
  "content-type": "application/json",
  "authorization": "Bearer uFq0Ob1MosBlKto6iwNj6kF3c3NITGRlX5TY7XSsX5VGQZEE5M",
  "user-agent": "axios/0.21.4",
  "content-length": "261",
  "connection": "close"
}
incoming_path
/test-mtls/a/RP-Security-Test-PAN/consents/v1/consents
incoming_body_form_params
incoming_method
POST
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
-----BEGIN CERTIFICATE----- MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4 9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6 i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3 5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5 IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0 cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL 8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0 QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks= -----END CERTIFICATE-----
incoming_body_json
{
  "data": {
    "loggedUser": {
      "document": {
        "identification": "44257214899",
        "rel": "CPF"
      }
    },
    "permissions": [
      "RESOURCES_READ",
      "ACCOUNTS_READ",
      "ACCOUNTS_TRANSACTIONS_READ",
      "ACCOUNTS_OVERDRAFT_LIMITS_READ",
      "ACCOUNTS_BALANCES_READ"
    ],
    "expirationDateTime": "2022-08-21T08:30:00Z"
  }
}
incoming_query_string_params
{}
incoming_body
{"data":{"loggedUser":{"document":{"identification":"44257214899","rel":"CPF"}},"permissions":["RESOURCES_READ","ACCOUNTS_READ","ACCOUNTS_TRANSACTIONS_READ","ACCOUNTS_OVERDRAFT_LIMITS_READ","ACCOUNTS_BALANCES_READ"],"expirationDateTime":"2022-08-21T08:30:00Z"}}
2021-12-16 19:20:01 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
New consent endpoint
2021-12-16 19:20:01 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4 9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6 i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3 5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5 IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0 cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL 8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0 QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL\nBQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx\nFTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB\nTkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz\nMjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD\no28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct\nNjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j\nb20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk\nYWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ\ncml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4\n9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r\niu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6\ni56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV\nCLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3\n5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC\nAtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO\nEUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z\nYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA\noD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v\ncmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB\nBQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC\nD2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k\nATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz\nb2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg\nb3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g\nU2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg\ncmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j\nZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5\nIGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0\ncDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s\naWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL\n8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs\nZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0\nQZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY\nYFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG\nOZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "1.3.6.1.4.1.311.60.2.1.3\u003d#13024252,2.5.4.15\u003d#131450726976617465204f7267616e697a6174696f6e,UID\u003dac60fe65-58ca-44c3-9352-6f556c5cb98e,2.5.4.5\u003d#130e3539323835343131303030313133,CN\u003dbancopan.com.br,OU\u003db6a214c7-6332-5a41-8464-a281fb9a4ca0,O\u003dBANCO PAN,L\u003dSão Paulo,ST\u003dSP,C\u003dBR"
  },
  "sanDnsNames": [
    "bancopan.com.br"
  ],
  "sanUris": [],
  "sanIPs": [],
  "sanEmails": []
}
2021-12-16 19:20:01 SUCCESS
CheckForClientCertificate
Found client certificate
2021-12-16 19:20:01 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL
BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx
FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB
TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz
MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD
o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct
NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j
b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk
YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ
cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4
9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r
iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6
i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV
CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3
5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC
AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO
EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z
YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA
oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v
cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC
D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k
ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz
b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg
b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g
U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg
cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j
ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5
IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0
cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s
aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL
8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs
ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0
QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY
YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG
OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks=
-----END CERTIFICATE-----
2021-12-16 19:20:01 SUCCESS
EnsureIncomingRequestMethodIsPost
Client correctly used http POST method
2021-12-16 19:20:01 SUCCESS
EnsureBearerAccessTokenNotInParams
Client correctly did not send access token in query parameters or form body
2021-12-16 19:20:01 SUCCESS
ExtractBearerAccessTokenFromHeader
Found access token on incoming request
access_token
uFq0Ob1MosBlKto6iwNj6kF3c3NITGRlX5TY7XSsX5VGQZEE5M
2021-12-16 19:20:01 SUCCESS
RequireBearerClientCredentialsAccessToken
Found access token in request
actual
uFq0Ob1MosBlKto6iwNj6kF3c3NITGRlX5TY7XSsX5VGQZEE5M
2021-12-16 19:20:01 INFO
ExtractFapiDateHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-auth-date
path
headers.x-fapi-auth-date
mapped
object
incoming_request
2021-12-16 19:20:01 INFO
ExtractFapiIpAddressHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-customer-ip-address
path
headers.x-fapi-customer-ip-address
mapped
object
incoming_request
2021-12-16 19:20:01 INFO
ExtractFapiInteractionIdHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-interaction-id
path
headers.x-fapi-interaction-id
mapped
object
incoming_request
2021-12-16 19:20:01 SUCCESS
FAPIBrazilEnsureClientCredentialsScopeContainedConsents
The token request which was used to obtain the access token contained 'consents' scope
actual
[
  "consents"
]
2021-12-16 19:20:01
FAPIBrazilExtractConsentRequest
Condition ran but did not log anything
2021-12-16 19:20:01 SUCCESS
CreateFapiInteractionIdIfNeeded
Created new FAPI interaction ID
fapi_interaction_id
7a337f39-f182-4b3c-af80-a8659297df4c
2021-12-16 19:20:01 SUCCESS
FAPIBrazilGenerateNewConsentResponse
Created consent response
headers
{
  "x-fapi-interaction-id": "7a337f39-f182-4b3c-af80-a8659297df4c"
}
consentId
urn:conformance.oidf:RQjpfhyKq2
consent_response
{
  "data": {
    "consentId": "urn:conformance.oidf:RQjpfhyKq2",
    "creationDateTime": "2021-12-16T19:20:01Z",
    "status": "AWAITING_AUTHORISATION",
    "statusUpdateDateTime": "2021-12-16T19:20:01Z",
    "permissions": [
      "ACCOUNTS_READ",
      "ACCOUNTS_BALANCES_READ",
      "RESOURCES_READ"
    ],
    "expirationDateTime": "2021-12-16T21:20:01Z",
    "transactionFromDateTime": "2021-12-16T19:15:01Z",
    "transactionToDateTime": "2021-12-16T21:20:01Z",
    "links": {
      "self": "https://www.certification.openid.net/test/a/RP-Security-Test-PANconsents/v1/consents"
    }
  },
  "meta": {
    "totalRecords": 1,
    "totalPages": 1,
    "requestDateTime": "2021-12-16T19:20:01Z"
  }
}
2021-12-16 19:20:01
ClearAccessTokenFromRequest
Condition ran but did not log anything
2021-12-16 19:20:01 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
201
outgoing_headers
{
  "x-fapi-interaction-id": [
    "7a337f39-f182-4b3c-af80-a8659297df4c"
  ]
}
outgoing_body
{
  "data": {
    "consentId": "urn:conformance.oidf:RQjpfhyKq2",
    "creationDateTime": "2021-12-16T19:20:01Z",
    "status": "AWAITING_AUTHORISATION",
    "statusUpdateDateTime": "2021-12-16T19:20:01Z",
    "permissions": [
      "ACCOUNTS_READ",
      "ACCOUNTS_BALANCES_READ",
      "RESOURCES_READ"
    ],
    "expirationDateTime": "2021-12-16T21:20:01Z",
    "transactionFromDateTime": "2021-12-16T19:15:01Z",
    "transactionToDateTime": "2021-12-16T21:20:01Z",
    "links": {
      "self": "https://www.certification.openid.net/test/a/RP-Security-Test-PANconsents/v1/consents"
    }
  },
  "meta": {
    "totalRecords": 1,
    "totalPages": 1,
    "requestDateTime": "2021-12-16T19:20:01Z"
  }
}
outgoing_path
consents/v1/consents
2021-12-16 19:20:01 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate, br",
  "connection": "close"
}
incoming_path
/test/a/RP-Security-Test-PAN/.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-12-16 19:20:01 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-12-16 19:20:01 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/userinfo",
  "mtls_endpoint_aliases": {
    "token_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token",
    "registration_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/register",
    "userinfo_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/userinfo",
    "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/par"
  },
  "tls_client_certificate_bound_access_tokens": true,
  "request_parameter_supported": true,
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "client_credentials",
    "refresh_token"
  ],
  "claims_parameter_supported": true,
  "request_object_encryption_alg_values_supported": [
    "RSA-OAEP"
  ],
  "request_object_encryption_enc_values_supported": [
    "A256GCM"
  ],
  "claims_supported": [
    "cpf",
    "cnpj",
    "acr"
  ],
  "acr_values_supported": [
    "urn:brasil:openbanking:loa2",
    "urn:brasil:openbanking:loa3"
  ],
  "id_token_signing_alg_values_supported": [
    "PS256"
  ],
  "request_object_signing_alg_values_supported": [
    "PS256"
  ],
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access",
    "consents",
    "resources",
    "payments"
  ],
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt"
  ],
  "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/par",
  "require_pushed_authorization_requests": true,
  "response_types_supported": [
    "code id_token"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS256"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-12-16 19:20:01 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate, br",
  "connection": "close"
}
incoming_path
/test/a/RP-Security-Test-PAN/jwks
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-12-16 19:20:01 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-12-16 19:20:01 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "X5d4vFYfLxaG1gg8_l3bFYFhUaUVmE6PaEsRWX2EYqM",
      "x5c": [
        "MIIGqzCCBZOgAwIBAgIUdUCw8bQZidnZ6uERKJuN9u4RGvcwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwxFTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNBTkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDgxNjA5NTUwMFoXDTIyMDkxNTA5NTUwMFowgacxCzAJBgNVBAYTAkJSMRMwEQYDVQQKEwpJQ1AtQnJhc2lsMS8wDAYDVQQLEwUxMjM0NTAOBgNVBAsTB2NlcnRtYW4wDwYDVQQLEwhhZ29vZG9uZTEcMBoGA1UEAxMTT3BlbiBCYW5raW5nIEJyYXNpbDE0MDIGCgmSJomT8ixkAQETJDc0ZTkyOWQ5LTMzYjYtNGQ4NS04YmE3LWMxNDZjODY3YTgxNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyF1agPcwq5ms99Flo82XsXUroWoD/6FX4AfmOUu113h4VOLYaO3N8HDYbKxgii2En/+O61e/Ptjn4T2PVq0iVcqiF6Gp4sKE5w/bKZRfdCe8qIPS4D+JKpFpesJvIHUeQvlAuBp5dA9nGSpxOjGe5P2+ZzNGXwvux/2ztdweGmKbtOvbYe4RVhiu6bOubog8XEBmD96EnqmoROasH1Hn9kDJIclbTP51j/TlQMzhrSfJJuE3Qq6vWhe/DaPbtmELmlDiYHjp8CjAY5oBMHLmkHvQxEBV4cwbUZj5ZpdqU8tkA78XtR4DkzrJ4fYoBb1+9ABq6GNzxWPpSQMQuBXdsCAwEAAaOCAwIwggL+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJwv7oHX2exZL304ru+4eGVypHlxMB8GA1UdIwQYMBaAFIZ/WK0X9YK2TrQFs/uwzhFD30y+MEwGCCsGAQUFBwEBBEAwPjA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc2FuZGJveC5wa2kub3BlbmJhbmtpbmdicmFzaWwub3JnLmJyMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwuc2FuZGJveC5wa2kub3BlbmJhbmtpbmdicmFzaWwub3JnLmJyL2lzc3Vlci5jcmwwXgYDVR0RBFcwVaAZBgVgTAEDAqAQDA5NaWNoYWVsIEZyYXNlcqAYBgVgTAEDA6APDA0xMzM1MzIzNjAwMTg5oA0GBWBMAQMEoAQMAm5voA8GBWBMAQMHoAYMBGFsb3QwDgYDVR0PAQH/BAQDAgbAMIIBoQYDVR0gBIIBmDCCAZQwggGQBgorBgEEAYO6L2QBMIIBgDCCATYGCCsGAQUFBwICMIIBKAyCASRUaGlzIENlcnRpZmljYXRlIGlzIHNvbGVseSBmb3IgdXNlIHdpdGggUmFpZGlhbSBTZXJ2aWNlcyBMaW1pdGVkIGFuZCBvdGhlciBwYXJ0aWNpcGF0aW5nIG9yZ2FuaXNhdGlvbnMgdXNpbmcgUmFpZGlhbSBTZXJ2aWNlcyBMaW1pdGVkcyBUcnVzdCBGcmFtZXdvcmsgU2VydmljZXMuIEl0cyByZWNlaXB0LCBwb3NzZXNzaW9uIG9yIHVzZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSYWlkaWFtIFNlcnZpY2VzIEx0ZCBDZXJ0aWNpY2F0ZSBQb2xpY3kgYW5kIHJlbGF0ZWQgZG9jdW1lbnRzIHRoZXJlaW4uMEQGCCsGAQUFBwIBFjhodHRwOi8vY3BzLnNhbmRib3gucGtpLm9wZW5iYW5raW5nYnJhc2lsLm9yZy5ici9wb2xpY2llczANBgkqhkiG9w0BAQsFAAOCAQEAtKn/QnJqKLp52YB14x+M21qwz67utFkWjhauQe0elXupjY5NWZb5wLrGYNOZQzRe2JRzcBbGN6P7lCweRfxMkSGh9YrXbrkBXLEPtLHpTVEy65v1tWl02lC+ooVPyQpSjAQL0L69OQ7s7rnIXyb3rkSUzuGSxsLU1AXpWj0oYFB4wdeIdPAVPs83frC5s4kz42JruSAE2vsbvQURTVPChh+hO6+R6Irz+ZEZ1NSgjQkxvOXHW53CkXZSjjHbAB/nbJYi7YyK7kck99r38Ba/WBfIfywdFVVYfiiW5TS6XbQeVeilmmt5MLxBz96FxR6E6WR+cQwybEe94Fb/jD6xHA\u003d\u003d"
      ],
      "alg": "PS256",
      "n": "3IXVqA9zCrmaz30WWjzZexdSuhagP_oVfgB-Y5S7XXeHhU4tho7c3wcNhsrGCKLYSf_47rV78-2OfhPY9WrSJVyqIXoaniwoTnD9splF90J7yog9LgP4kqkWl6wm8gdR5C-UC4Gnl0D2cZKnE6MZ7k_b5nM0ZfC-7H_bO13B4aYpu069th7hFWGK7ps65uiDxcQGYP3oSeqahE5qwfUef2QMkhyVtM_nWP9OVAzOGtJ8km4TdCrq9aF78No9u2YQuaUOJgeOnwKMBjmgEwcuaQe9DEQFXhzBtRmPlml2pTy2QDvxe1HgOTOsnh9igFvX70AGroY3PFY-lJAxC4Fd2w"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "0fe502dd-14f0-4f45-80f9-feb9a216f996",
      "alg": "RSA-OAEP",
      "n": "r4dl-ApW6c-fvDbfSVxHpdV8zi8VQW4b9-uHMRq7dzqCkvP8OAG1R3plSr1N6fL_YLiIr9y621XkyRiMEKR7-DeqGsLf2ZTaqrZ1LfYgjsc2i9o3NSOeSgBwKGmT7h1OgxZSbhLzo7Xaktu3CCUZCOWLzs7LKo_CvKkcTF7tPhK9jYjdTsdsnS0RJOPjYQe7JO83Mvhd1Ty3F-Qycd-cKKMSjcQRiHt9jKd09kA2fKVlFwbm2M1PM3NdtnMaOUw31-XC4ixay47XTMqnmX7-op7qYV9wXbeZmjTsAKFuTGwJiGJrOTfqciDLBW8IpGC2BzFJ5rYmRu0kAttpvkOG3Q"
    }
  ]
}
outgoing_path
jwks
2021-12-16 19:20:01 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "content-type": "application/x-www-form-urlencoded",
  "accept-encoding": "gzip, deflate, br",
  "content-length": "3489",
  "connection": "close"
}
incoming_path
/test-mtls/a/RP-Security-Test-PAN/par
incoming_body_form_params
{
  "request": "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00iLCJjdHkiOiJvYXV0aC1hdXRoei1yZXErand0Iiwia2lkIjoiMGZlNTAyZGQtMTRmMC00ZjQ1LTgwZjktZmViOWEyMTZmOTk2In0.o6X3vm-ZfHn6QMK1lNViXCroR7NaeZjbX_6lSNcGWNkJR1cxmernUBSMqiLwtC9FLu--RJMpTD0QCf_aDMV2NY1KBCJteuFQy6-qXxvdDtf_3d9fXZ70jsgr8-Cg5duIxqpuIVN3gJWCTgC_KRf48fEjMHXLraNxI5AypKieXTMRoNVBccNISCj6Bjx2ctI8vQnrMCikCaiR9kqoatnyePkcUr70-eT_mulkoWln1Odb26S7spwfTOwioDLq7KiPdchZ9c5NHW2kjisMdn8ZdMtgBhEieRKVvUkvZgWJkrFSS7Xt9DAxkwuro2KVkh1Arqct1q6Ej-Gu90CV_n6MUg.L9WdTFzfkgehpuEy.r6I02yqKzBCgdIUjZizclpO2rlTEDyj3W4PIDrLiHA0ybDG8ht7dK1pZ3H3m6YRASrAyvKUHyE0da0BF8MNqJKmrag1DQyd8h7V22s29XfRWAH5OIaYIwgOHwgR8yw75Fz-lDdyOMIUkmt-Lm1k5YsmhZrFMAAGC1-GzJ52SoYeZb6-wcY1plg0iyS9ntdApiaDcNqK5a5sPBOjMNxEY1PC_u-zbHEEPDaYsy9oskb0UZpBwmFeSi10tLqwM5P_sYrxUXCar3K41CHXcYU9zYy0KK3rbbvL_4aaEJ2jSj0bkrylTz4LUC6h4ppnnA46bOqibOs2gUwX5WxxipecVJhDifMVYP6nOca6hz7HAl5oGRWPUu0H3_R9Aw498tCa86NvO2ae5OT9fnuLfvscGA9yyw5EJ8mrk1f5iT3a190XhI21A8ncyvM7h8k_ANKxjIG7YIqxfQETowbVpgVDA8W1fSaSVF34ukjKSJFzU8F8EVlTlav1mR8BlBL_VB0RwCLuQ0Z2pVMHxqk2dnZj4XOzLgc__J56IXvfDOYqBDNmFAFHEyLaL3DuRbd5CzbvM0iZI8uwkTClE6H3_9Lw6O8vZ_5MTxzcpJy5ED6FbdWuBesUd3_emQC6NXKhUqKxL3A5gTI4YtIVeVG7h5XCKP0_-5_esr4-9tBViaBdeC645n_8Y7LDoZVcwPfEHSj3HcKR9-PfVo5mq-POPlGthK0FYS5uBIqsGkdVQlaGVf1MOnuH5LlSytUAlXti-TvarJjIjA1GsPIAwwPai0IyXxvAGjhy4qyVdzEeKtrE2A5qX5VmsT4j46TNw0at-GHeuTc8a_ixixiO0Dcxnlc7BshfhnPeiuWS8yLbdqeRw-AwG0p0q1nQ3auRDHVArkW0jy7fjtELz9QAh2a0j0sGpI1o8XdqnyfJTt9TYdv8vZYCuT5jT4fNMqmA_Wxfy4Rv-9dpRvO1swQ_PR1DqOla6oN0Ir3k0fyH024qnKHyVuDRYDblnG7tNncMHLbIjxxcKESBW8ANexUDwW6hkkSXMPi2wbjghalknYYWwfnlrcsYQt115JCR83W8vbRARf4tC_egm3jmSx6FHgD8Xxi0f_0bhy1OfdckRipIy_BdjmMbobR7TMssOx0b1j2mrG2zRpjvRVfR87HKB7HWAPHFltRpMUMktOygv6mSuekldlkplPyOzJuotleXjnYFcGo5VLEJpwxDTNFAmYPxy6qWCNCaCgvT0E2kTN6gLbWcFivir4WvCGixkWF7p5z2gFkYxEWUGIa7ZGgDDBtq0F4k4YkgVVeJ9l0Cjg65FEMmqhp4OnZXAouwLHRY-N836FqXxJx3hiBIryE2986rsk-dNDtgmjlHe5uSBqxi4gB6USkIj_sOcbACLXd9PWFMPLT-Tlvu1eqPejLjwSebstOM1dcPylYi8dmBaulK2XNfkF4Qv4qp_zBPPMTI95ig7Yoau59GIlondjNdY4A4eROW5C7WFvgPPJnv_i_UhKTjHAMEjtwtvKTTRd6JLUEPS-ERXugIdtg170w1tBh-C25Y_S9Jg021zUMzxwpIB7pk-doS61PwjpvS5_W4AwE-HXRcJ0cJ9lze9fjDzKsSRi5VoDmvNlnJTzZU0neKaNToSP3Q1iluz75vI2ILA62P8coMa4ERKRdw-wrce7E2oDrXHE-y82NUxNBlIViv2wGzHLKUGTmuoFNh_86G4x6wYUPiadk3a4Se7gjPXXqdFyiHK10YL3_bplp2ksdJZvOYa_DRe6AT647ZwSedJxaq2ym-7a58wRV7UxMovZgumu3bGyTsE4rPkWIEtz3RI-vQE6yS_Qw6Pbv3xgxpA0M0YjDpM0DS3Xzhk1BFD.vnA1XUoOQkDh-IoQhbtufQ",
  "client_id": "SBSfBTOJMVQBBL848VGXI",
  "client_assertion": "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDEsImV4cCI6MTYzOTY4MjQ2MSwianRpIjoiSE0yNFlzcGliLS1qbF9yeGlZdk9JZjVvOS1tTzNwTThEc09uWkNkOEg3RSIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.PtomER_7G8SvmmJf3fyxRAaomfk5vJL2L6FjjdcNtMofwxhzcYrZph4n5HNKysNUivx5QnIS0lyZMNoM1UvCbsvJ-KQPzzydXCkh6pUhoe5ibZI_z2dtKa66yeY2zM079pizLIpZNpHpTdIpxkkou1MRPeXioDTFVx5KiXjTSTsMU_hrhC4T1LW7LQe1uLHiwu9bMbbDqWswpnXqsGJCAs3hXlKb8_5STuqdXUGOVCXhQRB7mkIw9LEiTeBXXD6ZZrQ_2IwqAb2RjGJY5wiA9pObXv3y0OBc00Wd21jtdAX6dOgbB_qS8nL1ogrR600MlDtFuBhIsumACyXy5a_43g",
  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
}
incoming_method
POST
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
-----BEGIN CERTIFICATE----- MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4 9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6 i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3 5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5 IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0 cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL 8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0 QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks= -----END CERTIFICATE-----
incoming_body_json
incoming_query_string_params
{}
incoming_body
request=eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00iLCJjdHkiOiJvYXV0aC1hdXRoei1yZXErand0Iiwia2lkIjoiMGZlNTAyZGQtMTRmMC00ZjQ1LTgwZjktZmViOWEyMTZmOTk2In0.o6X3vm-ZfHn6QMK1lNViXCroR7NaeZjbX_6lSNcGWNkJR1cxmernUBSMqiLwtC9FLu--RJMpTD0QCf_aDMV2NY1KBCJteuFQy6-qXxvdDtf_3d9fXZ70jsgr8-Cg5duIxqpuIVN3gJWCTgC_KRf48fEjMHXLraNxI5AypKieXTMRoNVBccNISCj6Bjx2ctI8vQnrMCikCaiR9kqoatnyePkcUr70-eT_mulkoWln1Odb26S7spwfTOwioDLq7KiPdchZ9c5NHW2kjisMdn8ZdMtgBhEieRKVvUkvZgWJkrFSS7Xt9DAxkwuro2KVkh1Arqct1q6Ej-Gu90CV_n6MUg.L9WdTFzfkgehpuEy.r6I02yqKzBCgdIUjZizclpO2rlTEDyj3W4PIDrLiHA0ybDG8ht7dK1pZ3H3m6YRASrAyvKUHyE0da0BF8MNqJKmrag1DQyd8h7V22s29XfRWAH5OIaYIwgOHwgR8yw75Fz-lDdyOMIUkmt-Lm1k5YsmhZrFMAAGC1-GzJ52SoYeZb6-wcY1plg0iyS9ntdApiaDcNqK5a5sPBOjMNxEY1PC_u-zbHEEPDaYsy9oskb0UZpBwmFeSi10tLqwM5P_sYrxUXCar3K41CHXcYU9zYy0KK3rbbvL_4aaEJ2jSj0bkrylTz4LUC6h4ppnnA46bOqibOs2gUwX5WxxipecVJhDifMVYP6nOca6hz7HAl5oGRWPUu0H3_R9Aw498tCa86NvO2ae5OT9fnuLfvscGA9yyw5EJ8mrk1f5iT3a190XhI21A8ncyvM7h8k_ANKxjIG7YIqxfQETowbVpgVDA8W1fSaSVF34ukjKSJFzU8F8EVlTlav1mR8BlBL_VB0RwCLuQ0Z2pVMHxqk2dnZj4XOzLgc__J56IXvfDOYqBDNmFAFHEyLaL3DuRbd5CzbvM0iZI8uwkTClE6H3_9Lw6O8vZ_5MTxzcpJy5ED6FbdWuBesUd3_emQC6NXKhUqKxL3A5gTI4YtIVeVG7h5XCKP0_-5_esr4-9tBViaBdeC645n_8Y7LDoZVcwPfEHSj3HcKR9-PfVo5mq-POPlGthK0FYS5uBIqsGkdVQlaGVf1MOnuH5LlSytUAlXti-TvarJjIjA1GsPIAwwPai0IyXxvAGjhy4qyVdzEeKtrE2A5qX5VmsT4j46TNw0at-GHeuTc8a_ixixiO0Dcxnlc7BshfhnPeiuWS8yLbdqeRw-AwG0p0q1nQ3auRDHVArkW0jy7fjtELz9QAh2a0j0sGpI1o8XdqnyfJTt9TYdv8vZYCuT5jT4fNMqmA_Wxfy4Rv-9dpRvO1swQ_PR1DqOla6oN0Ir3k0fyH024qnKHyVuDRYDblnG7tNncMHLbIjxxcKESBW8ANexUDwW6hkkSXMPi2wbjghalknYYWwfnlrcsYQt115JCR83W8vbRARf4tC_egm3jmSx6FHgD8Xxi0f_0bhy1OfdckRipIy_BdjmMbobR7TMssOx0b1j2mrG2zRpjvRVfR87HKB7HWAPHFltRpMUMktOygv6mSuekldlkplPyOzJuotleXjnYFcGo5VLEJpwxDTNFAmYPxy6qWCNCaCgvT0E2kTN6gLbWcFivir4WvCGixkWF7p5z2gFkYxEWUGIa7ZGgDDBtq0F4k4YkgVVeJ9l0Cjg65FEMmqhp4OnZXAouwLHRY-N836FqXxJx3hiBIryE2986rsk-dNDtgmjlHe5uSBqxi4gB6USkIj_sOcbACLXd9PWFMPLT-Tlvu1eqPejLjwSebstOM1dcPylYi8dmBaulK2XNfkF4Qv4qp_zBPPMTI95ig7Yoau59GIlondjNdY4A4eROW5C7WFvgPPJnv_i_UhKTjHAMEjtwtvKTTRd6JLUEPS-ERXugIdtg170w1tBh-C25Y_S9Jg021zUMzxwpIB7pk-doS61PwjpvS5_W4AwE-HXRcJ0cJ9lze9fjDzKsSRi5VoDmvNlnJTzZU0neKaNToSP3Q1iluz75vI2ILA62P8coMa4ERKRdw-wrce7E2oDrXHE-y82NUxNBlIViv2wGzHLKUGTmuoFNh_86G4x6wYUPiadk3a4Se7gjPXXqdFyiHK10YL3_bplp2ksdJZvOYa_DRe6AT647ZwSedJxaq2ym-7a58wRV7UxMovZgumu3bGyTsE4rPkWIEtz3RI-vQE6yS_Qw6Pbv3xgxpA0M0YjDpM0DS3Xzhk1BFD.vnA1XUoOQkDh-IoQhbtufQ&client_id=SBSfBTOJMVQBBL848VGXI&client_assertion=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDEsImV4cCI6MTYzOTY4MjQ2MSwianRpIjoiSE0yNFlzcGliLS1qbF9yeGlZdk9JZjVvOS1tTzNwTThEc09uWkNkOEg3RSIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.PtomER_7G8SvmmJf3fyxRAaomfk5vJL2L6FjjdcNtMofwxhzcYrZph4n5HNKysNUivx5QnIS0lyZMNoM1UvCbsvJ-KQPzzydXCkh6pUhoe5ibZI_z2dtKa66yeY2zM079pizLIpZNpHpTdIpxkkou1MRPeXioDTFVx5KiXjTSTsMU_hrhC4T1LW7LQe1uLHiwu9bMbbDqWswpnXqsGJCAs3hXlKb8_5STuqdXUGOVCXhQRB7mkIw9LEiTeBXXD6ZZrQ_2IwqAb2RjGJY5wiA9pObXv3y0OBc00Wd21jtdAX6dOgbB_qS8nL1ogrR600MlDtFuBhIsumACyXy5a_43g&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
2021-12-16 19:20:01 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
PAR endpoint
2021-12-16 19:20:02 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4 9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6 i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3 5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5 IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0 cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL 8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0 QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL\nBQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx\nFTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB\nTkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz\nMjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD\no28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct\nNjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j\nb20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk\nYWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ\ncml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4\n9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r\niu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6\ni56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV\nCLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3\n5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC\nAtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO\nEUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z\nYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA\noD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v\ncmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB\nBQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC\nD2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k\nATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz\nb2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg\nb3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g\nU2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg\ncmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j\nZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5\nIGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0\ncDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s\naWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL\n8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs\nZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0\nQZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY\nYFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG\nOZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "1.3.6.1.4.1.311.60.2.1.3\u003d#13024252,2.5.4.15\u003d#131450726976617465204f7267616e697a6174696f6e,UID\u003dac60fe65-58ca-44c3-9352-6f556c5cb98e,2.5.4.5\u003d#130e3539323835343131303030313133,CN\u003dbancopan.com.br,OU\u003db6a214c7-6332-5a41-8464-a281fb9a4ca0,O\u003dBANCO PAN,L\u003dSão Paulo,ST\u003dSP,C\u003dBR"
  },
  "sanDnsNames": [
    "bancopan.com.br"
  ],
  "sanUris": [],
  "sanIPs": [],
  "sanEmails": []
}
2021-12-16 19:20:02 SUCCESS
CheckForClientCertificate
Found client certificate
2021-12-16 19:20:02 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL
BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx
FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB
TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz
MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD
o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct
NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j
b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk
YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ
cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4
9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r
iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6
i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV
CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3
5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC
AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO
EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z
YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA
oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v
cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC
D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k
ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz
b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg
b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g
U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg
cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j
ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5
IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0
cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s
aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL
8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs
ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0
QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY
YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG
OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks=
-----END CERTIFICATE-----
2021-12-16 19:20:02 SUCCESS
ExtractClientAssertion
Parsed client assertion
client_assertion
{
  "value": "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDEsImV4cCI6MTYzOTY4MjQ2MSwianRpIjoiSE0yNFlzcGliLS1qbF9yeGlZdk9JZjVvOS1tTzNwTThEc09uWkNkOEg3RSIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.PtomER_7G8SvmmJf3fyxRAaomfk5vJL2L6FjjdcNtMofwxhzcYrZph4n5HNKysNUivx5QnIS0lyZMNoM1UvCbsvJ-KQPzzydXCkh6pUhoe5ibZI_z2dtKa66yeY2zM079pizLIpZNpHpTdIpxkkou1MRPeXioDTFVx5KiXjTSTsMU_hrhC4T1LW7LQe1uLHiwu9bMbbDqWswpnXqsGJCAs3hXlKb8_5STuqdXUGOVCXhQRB7mkIw9LEiTeBXXD6ZZrQ_2IwqAb2RjGJY5wiA9pObXv3y0OBc00Wd21jtdAX6dOgbB_qS8nL1ogrR600MlDtFuBhIsumACyXy5a_43g",
  "header": {
    "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
    "typ": "JWT",
    "alg": "PS256"
  },
  "claims": {
    "sub": "SBSfBTOJMVQBBL848VGXI",
    "aud": [
      "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
      "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
      "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token"
    ],
    "iss": "SBSfBTOJMVQBBL848VGXI",
    "exp": 1639682461,
    "iat": 1639682401,
    "jti": "HM24Yspib--jl_rxiYvOIf5o9-mO3pM8DsOnZCd8H7E"
  }
}
2021-12-16 19:20:02
EnsureClientAssertionSignatureAlgorithmMatchesRegistered
token_endpoint_auth_signing_alg is not set for the client, any supported algorithm can be used
2021-12-16 19:20:02 SUCCESS
ValidateClientAssertionSignature
client_assertion signature validated
client_assertion
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDEsImV4cCI6MTYzOTY4MjQ2MSwianRpIjoiSE0yNFlzcGliLS1qbF9yeGlZdk9JZjVvOS1tTzNwTThEc09uWkNkOEg3RSIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.PtomER_7G8SvmmJf3fyxRAaomfk5vJL2L6FjjdcNtMofwxhzcYrZph4n5HNKysNUivx5QnIS0lyZMNoM1UvCbsvJ-KQPzzydXCkh6pUhoe5ibZI_z2dtKa66yeY2zM079pizLIpZNpHpTdIpxkkou1MRPeXioDTFVx5KiXjTSTsMU_hrhC4T1LW7LQe1uLHiwu9bMbbDqWswpnXqsGJCAs3hXlKb8_5STuqdXUGOVCXhQRB7mkIw9LEiTeBXXD6ZZrQ_2IwqAb2RjGJY5wiA9pObXv3y0OBc00Wd21jtdAX6dOgbB_qS8nL1ogrR600MlDtFuBhIsumACyXy5a_43g
2021-12-16 19:20:02 SUCCESS
EnsureClientAssertionTypeIsJwt
Found JWT assertion type
assertion type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2021-12-16 19:20:02 SUCCESS
ValidateClientAssertionClaimsForPAREndpoint
Client Assertion passed all validation checks
2021-12-16 19:20:02 SUCCESS
ExtractRequestObjectFromPAREndpointRequest
Parsed request object
request_object
{
  "value": "eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiI1Z1lISUhidHcwVUI0QndqdHFVbmh0Rk42V3RoRVcybWRYN2RmVUJRSElJIn0.eyJzY29wZSI6Im9wZW5pZCBjb25zZW50OnVybjpjb25mb3JtYW5jZS5vaWRmOlJRanBmaHlLcTIgYWNjb3VudHMgcmVzb3VyY2VzIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUgaWRfdG9rZW4iLCJyZWRpcmVjdF91cmkiOiJodHRwczovL2FwaS1vcGVuYmFua2luZy1obWwuYmFuY29wYW4uY29tLmJyL3RwcC9jYWxsYmFjayIsImNvZGVfY2hhbGxlbmdlIjoicjJqdEJWZllFQ00yOVA2NWptMkRJMWVhcDZULWNMbWQ3bEx5T3lEWDVGcyIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlMyNTYiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQiLCJzdGF0ZSI6ImYxNmQxZTA4MTU0NTcyYzc2MGFlNjAxYTBiMDY1NTZiOWI1NmY4MDgyZjdiMDU4MTQzMjdhNjg5ZTY1YzgyMmEiLCJub25jZSI6ImU5YWEyMmFhYTMyYWVkNWVmMTUwOTVmOTJmOTMwMTY5ZGNmMGIwZDU4NjkzOTkzNjJiODdiYTRiYzk2NDAzNDIiLCJpc3MiOiJTQlNmQlRPSk1WUUJCTDg0OFZHWEkiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImNsaWVudF9pZCI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImp0aSI6IjBiYzh5bjJrNnJKcGZVTXptd2hGLWYwOTNmc05BejZCZXhDUUNKbEtzZGciLCJpYXQiOjE2Mzk2ODI0MDEsImV4cCI6MTYzOTY4MjcwMSwibmJmIjoxNjM5NjgyNDAxfQ.nMdPK0T2rIwI6K0mjlqhBi3bBZM2gQvx3dFbgOZ6qfCwZcWquIMkgp6bXHy8x7Sw3tiO8tPL-M7xi3Ed6AfyJKqM7HvbsKRJd31cQcPnzlWq-U56jBSWnj2rHYxrJ_MJ0nvJ3X9-1p93jK-93AC7FZscPf5S6Kn9mnaDXefcuYqy4hDUV8Tsu4Vkvj9-dBdwGoMURpTQa30znlinL_99ou34kut9WNznQdYPQ8L1UqFUIgamxjDUbd3-moC-ho1iKAJsveF1V4T3gvtqrnWlYAfeS84OQAetwAOZbyrbldoj7um_GyYiJxcoLgQdQn8rTdCDVyYyHIyEhkR4WNqmeQ",
  "header": {
    "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
    "typ": "oauth-authz-req+jwt",
    "alg": "PS256"
  },
  "claims": {
    "iss": "SBSfBTOJMVQBBL848VGXI",
    "response_type": "code id_token",
    "code_challenge_method": "S256",
    "nonce": "e9aa22aaa32aed5ef15095f92f930169dcf0b0d5869399362b87ba4bc9640342",
    "client_id": "SBSfBTOJMVQBBL848VGXI",
    "response_mode": "fragment",
    "aud": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
    "nbf": 1639682401,
    "scope": "openid consent:urn:conformance.oidf:RQjpfhyKq2 accounts resources",
    "redirect_uri": "https://api-openbanking-hml.bancopan.com.br/tpp/callback",
    "state": "f16d1e08154572c760ae601a0b06556b9b56f8082f7b05814327a689e65c822a",
    "exp": 1639682701,
    "iat": 1639682401,
    "code_challenge": "r2jtBVfYECM29P65jm2DI1eap6T-cLmd7lLyOyDX5Fs",
    "jti": "0bc8yn2k6rJpfUMzmwhF-f093fsNAz6BexCQCJlKsdg"
  },
  "jwe_header": {
    "kid": "0fe502dd-14f0-4f45-80f9-feb9a216f996",
    "cty": "oauth-authz-req+jwt",
    "enc": "A256GCM",
    "alg": "RSA-OAEP"
  }
}
2021-12-16 19:20:02 SUCCESS
EnsurePAREndpointRequestDoesNotContainRequestUriParameter
PAR endpoint request does not contain a request_uri parameter
2021-12-16 19:20:02 SUCCESS
ValidateEncryptedRequestObjectHasKid
kid was found in the encrypted request object header
kid
0fe502dd-14f0-4f45-80f9-feb9a216f996
2021-12-16 19:20:02 SUCCESS
FAPIValidateRequestObjectSigningAlg
Request object was signed with a permitted algorithm
alg
PS256
2021-12-16 19:20:02
FAPIBrazilValidateRequestObjectIdTokenACRClaims
acr claim is not requested
2021-12-16 19:20:02 SUCCESS
FAPIValidateRequestObjectExp
Request object contains a valid exp claim, expiry time
exp
"Dec 16, 2021, 7:25:01 PM"
2021-12-16 19:20:02 SUCCESS
FAPI1AdvancedValidateRequestObjectNBFClaim
nbf claim is valid
nbf
"Dec 16, 2021, 7:20:01 PM"
now
"Dec 16, 2021, 7:20:02 PM"
2021-12-16 19:20:02
ValidateRequestObjectClaims
Request object does not contain a max_age claim
2021-12-16 19:20:02 SUCCESS
ValidateRequestObjectClaims
Request object claims passed all validation checks
2021-12-16 19:20:02 SUCCESS
EnsureNumericRequestObjectClaimsAreNotNull
None of the claims expected to have numeric values, have null values
numeric_claims
[
  "max_age"
]
2021-12-16 19:20:02 SUCCESS
EnsureRequestObjectDoesNotContainRequestOrRequestUri
Request object does not contain request or request_uri
2021-12-16 19:20:02 SUCCESS
EnsureRequestObjectDoesNotContainSubWithClientId
Request object does not contain Client Id in sub
2021-12-16 19:20:02 SUCCESS
ValidateRequestObjectSignature
Request object signature validated using a key in the client's JWKS and using the client's registered request_object_signing_alg
request_object
eyJhbGciOiJQUzI1NiIsInR5cCI6Im9hdXRoLWF1dGh6LXJlcStqd3QiLCJraWQiOiI1Z1lISUhidHcwVUI0QndqdHFVbmh0Rk42V3RoRVcybWRYN2RmVUJRSElJIn0.eyJzY29wZSI6Im9wZW5pZCBjb25zZW50OnVybjpjb25mb3JtYW5jZS5vaWRmOlJRanBmaHlLcTIgYWNjb3VudHMgcmVzb3VyY2VzIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUgaWRfdG9rZW4iLCJyZWRpcmVjdF91cmkiOiJodHRwczovL2FwaS1vcGVuYmFua2luZy1obWwuYmFuY29wYW4uY29tLmJyL3RwcC9jYWxsYmFjayIsImNvZGVfY2hhbGxlbmdlIjoicjJqdEJWZllFQ00yOVA2NWptMkRJMWVhcDZULWNMbWQ3bEx5T3lEWDVGcyIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlMyNTYiLCJyZXNwb25zZV9tb2RlIjoiZnJhZ21lbnQiLCJzdGF0ZSI6ImYxNmQxZTA4MTU0NTcyYzc2MGFlNjAxYTBiMDY1NTZiOWI1NmY4MDgyZjdiMDU4MTQzMjdhNjg5ZTY1YzgyMmEiLCJub25jZSI6ImU5YWEyMmFhYTMyYWVkNWVmMTUwOTVmOTJmOTMwMTY5ZGNmMGIwZDU4NjkzOTkzNjJiODdiYTRiYzk2NDAzNDIiLCJpc3MiOiJTQlNmQlRPSk1WUUJCTDg0OFZHWEkiLCJhdWQiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImNsaWVudF9pZCI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImp0aSI6IjBiYzh5bjJrNnJKcGZVTXptd2hGLWYwOTNmc05BejZCZXhDUUNKbEtzZGciLCJpYXQiOjE2Mzk2ODI0MDEsImV4cCI6MTYzOTY4MjcwMSwibmJmIjoxNjM5NjgyNDAxfQ.nMdPK0T2rIwI6K0mjlqhBi3bBZM2gQvx3dFbgOZ6qfCwZcWquIMkgp6bXHy8x7Sw3tiO8tPL-M7xi3Ed6AfyJKqM7HvbsKRJd31cQcPnzlWq-U56jBSWnj2rHYxrJ_MJ0nvJ3X9-1p93jK-93AC7FZscPf5S6Kn9mnaDXefcuYqy4hDUV8Tsu4Vkvj9-dBdwGoMURpTQa30znlinL_99ou34kut9WNznQdYPQ8L1UqFUIgamxjDUbd3-moC-ho1iKAJsveF1V4T3gvtqrnWlYAfeS84OQAetwAOZbyrbldoj7um_GyYiJxcoLgQdQn8rTdCDVyYyHIyEhkR4WNqmeQ
request_object_signing_alg
PS256
jwk
Sun RSA public key, 2048 bits
  params: null
  modulus: 22677997123100865027038163618440931425768853246042685053952059568088768370775879662687649598715143390108338286915488499774626148365554590008656132577357893743438278711902761437715966243285423555795769385881803147871566517201086180684345745904063840678522561040685569999111501676387252045965556897951681323146595605739539663340316188618451821106202340139520257397286742681119465613725230213120667075481235349311488074650446518605298417452683228189337358541483332915940982625541029074799406321696170037150264352053879457399805139882493978179691887049996822814968964846225178258105165825398408907737359544759640349473403
  public exponent: 65537
2021-12-16 19:20:02 SUCCESS
EnsureMatchingRedirectUriInRequestObject
Redirect URI matched
actual
https://api-openbanking-hml.bancopan.com.br/tpp/callback
2021-12-16 19:20:02 SUCCESS
EnsureRequestObjectContainsCodeChallengeWhenUsingPAR
Found required PKCE parameters in request
code_challenge_method
S256
code_challenge
r2jtBVfYECM29P65jm2DI1eap6T-cLmd7lLyOyDX5Fs
2021-12-16 19:20:02 SUCCESS
CreatePAREndpointResponse
Created PAR endpoint response
request_uri
urn:ietf:params:oauth:request_uri:59886fcf-d99c-46d3-8889-6e2222c2cb83
expires_in
600
2021-12-16 19:20:02 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
201
outgoing_headers
{}
outgoing_body
{
  "request_uri": "urn:ietf:params:oauth:request_uri:59886fcf-d99c-46d3-8889-6e2222c2cb83",
  "expires_in": 600
}
outgoing_path
par
2021-12-16 19:20:02 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "application/json, text/plain, */*",
  "content-type": "application/json",
  "x-idempotency-key": "a87ef0a9-a08d-4944-afbe-c892f6b2b9fb",
  "test-name": "47-fapi1-advanced-final-client-refresh-token-test.pushed",
  "authorization": "Bearer eyJraWQiOiJkZWZhdWx0IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiI3NGViNGMyMi1mYTZlLTQzNTgtYWI0Yy0yMmZhNmUxMzU4MzMiLCJhdWQiOiI3NGViNGMyMi1mYTZlLTQzNTgtYWI0Yy0yMmZhNmUxMzU4MzMiLCJkb21haW4iOiIwZmI2NjgxOC0yZTE3LTRhNzQtYjY2OC0xODJlMTcyYTc0ZjgiLCJzY29wZSI6ImNvbnNlbnRfYWRtaW4gcHJveHlfcmVhZCB0ZW5hbnRfYWRtaW4gY2F0ZWdvcnlfYWRtaW4gb3JnYW5pemF0aW9uX2FkbWluIiwiaXNzIjoiaHR0cDpcL1wvdHBwLWlhbS1vcGVuYmFua2luZy1obWwuYmFuY29wYW4uY29tLmJyXC9hbVwvdHBwXC9vaWRjIiwiZXhwIjoxNjM5Njg5NTk5LCJpYXQiOjE2Mzk2ODIzOTksImp0aSI6Ilp6b0YwWlo2TEZoNTlDbzlnQ2NUcTkwQWFGSVBWZHhwRkJHNTlDc2pZTk0ifQ.ValGXGY-TGc2L5dHrnxW_0hKFCoV3Gh5zc5MLuUydiFIC9iCj_8NRA9ME7cQPjUWGjrijNCldILrYMvKKfj2PqTC4DCCVju54XolbJ0qWDG02qdv-ij55sJKyYT5pzgfcTyb418vgLWEdCIXq6QRaMVlDL4Ns-fGWwqd1rgfnwCitwBS1CCzvikiEgcMpKMu4zEs79Mmyj4kp6oEg_wJwh7P8xCGSr-cMLnZ0B0XRJzIdHOC5UnTzlLOa_fhvIogKe3DSlXtL5ByMOp4LXYvm-LY9mSqIeS6A2-MlrBT5nBmAYlrEWzhUtj2M-Dd0avddJ8ZHdUSbwiWaG-pbj7N6g",
  "user-agent": "axios/0.24.0",
  "connection": "close"
}
incoming_path
/test/a/RP-Security-Test-PAN/authorize
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cipher
DHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
incoming_body_json
incoming_query_string_params
{
  "client_id": "SBSfBTOJMVQBBL848VGXI",
  "scope": "openid consent:urn:conformance.oidf:RQjpfhyKq2 accounts resources",
  "response_type": "code",
  "redirect_uri": "https://api-openbanking-hml.bancopan.com.br/tpp/callback",
  "request_uri": "urn:ietf:params:oauth:request_uri:59886fcf-d99c-46d3-8889-6e2222c2cb83"
}
incoming_body
2021-12-16 19:20:02 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
DHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Authorization endpoint
2021-12-16 19:20:02 SUCCESS
EnsureAuthorizationRequestDoesNotContainRequestWhenUsingPAR
Request does not contain a request parameter
2021-12-16 19:20:02 SUCCESS
ValidateEncryptedRequestObjectHasKid
kid was found in the encrypted request object header
kid
0fe502dd-14f0-4f45-80f9-feb9a216f996
2021-12-16 19:20:02 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "client_id": "SBSfBTOJMVQBBL848VGXI",
  "scope": "openid consent:urn:conformance.oidf:RQjpfhyKq2 accounts resources",
  "response_type": "code id_token",
  "redirect_uri": "https://api-openbanking-hml.bancopan.com.br/tpp/callback",
  "iss": "SBSfBTOJMVQBBL848VGXI",
  "code_challenge_method": "S256",
  "nonce": "e9aa22aaa32aed5ef15095f92f930169dcf0b0d5869399362b87ba4bc9640342",
  "response_mode": "fragment",
  "aud": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "nbf": 1639682401,
  "state": "f16d1e08154572c760ae601a0b06556b9b56f8082f7b05814327a689e65c822a",
  "exp": 1639682701,
  "iat": 1639682401,
  "code_challenge": "r2jtBVfYECM29P65jm2DI1eap6T-cLmd7lLyOyDX5Fs",
  "jti": "0bc8yn2k6rJpfUMzmwhF-f093fsNAz6BexCQCJlKsdg"
}
2021-12-16 19:20:02 SUCCESS
EnsureClientIdInAuthorizationRequestParametersMatchRequestObject
client_id http request parameter value matches client_id in request object
2021-12-16 19:20:02 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
openid consent:urn:conformance.oidf:RQjpfhyKq2 accounts resources
2021-12-16 19:20:02 SUCCESS
FAPIBrazilValidateConsentScope
Found consent scope in request
actual
[
  "openid",
  "consent:urn:conformance.oidf:RQjpfhyKq2",
  "accounts",
  "resources"
]
expected
consent:urn:conformance.oidf:RQjpfhyKq2
2021-12-16 19:20:02 SUCCESS
EnsureScopeContainsAccounts
Found accounts scope in request
actual
[
  "openid",
  "consent:urn:conformance.oidf:RQjpfhyKq2",
  "accounts",
  "resources"
]
2021-12-16 19:20:02 SUCCESS
EnsureResponseTypeIsCodeIdToken
Response type is expected value
expected
code id_token
2021-12-16 19:20:02 SUCCESS
EnsureOpenIDInScopeRequest
Found 'openid' scope in request
actual
[
  "openid",
  "consent:urn:conformance.oidf:RQjpfhyKq2",
  "accounts",
  "resources"
]
expected
openid
2021-12-16 19:20:02 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
SBSfBTOJMVQBBL848VGXI
2021-12-16 19:20:02 SUCCESS
CreateAuthorizationCode
Created authorization code
authorization_code
lg65cID4HBCoYDPE3k1bDs4PjhGkWCDX
2021-12-16 19:20:02 SUCCESS
ExtractNonceFromAuthorizationRequest
Extracted nonce
nonce
e9aa22aaa32aed5ef15095f92f930169dcf0b0d5869399362b87ba4bc9640342
2021-12-16 19:20:02 SUCCESS
CalculateCHash
Successful c_hash encoding
c_hash
iI1JtT5FMzN-FsP5wyX3dQ
2021-12-16 19:20:02 SUCCESS
CalculateSHash
Successful s_hash encoding
s_hash
-0ji8epcTcDORHSB1dAN7g
2021-12-16 19:20:02 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/a/RP-Security-Test-PAN/
sub
user-subject-1234531
aud
SBSfBTOJMVQBBL848VGXI
nonce
e9aa22aaa32aed5ef15095f92f930169dcf0b0d5869399362b87ba4bc9640342
iat
1639682402
exp
1639682702
2021-12-16 19:20:02
FAPIBrazilAddCPFAndCPNJToIdTokenClaims
Request object does not contain a claims element.id_token
2021-12-16 19:20:02 SUCCESS
AddCHashToIdTokenClaims
Added c_hash to ID token claims
c_hash
iI1JtT5FMzN-FsP5wyX3dQ
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "sub": "user-subject-1234531",
  "aud": "SBSfBTOJMVQBBL848VGXI",
  "nonce": "e9aa22aaa32aed5ef15095f92f930169dcf0b0d5869399362b87ba4bc9640342",
  "iat": 1639682402,
  "exp": 1639682702,
  "c_hash": "iI1JtT5FMzN-FsP5wyX3dQ"
}
2021-12-16 19:20:02 SUCCESS
AddSHashToIdTokenClaims
Added s_hash to ID token claims
s_hash
-0ji8epcTcDORHSB1dAN7g
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "sub": "user-subject-1234531",
  "aud": "SBSfBTOJMVQBBL848VGXI",
  "nonce": "e9aa22aaa32aed5ef15095f92f930169dcf0b0d5869399362b87ba4bc9640342",
  "iat": 1639682402,
  "exp": 1639682702,
  "c_hash": "iI1JtT5FMzN-FsP5wyX3dQ",
  "s_hash": "-0ji8epcTcDORHSB1dAN7g"
}
2021-12-16 19:20:02 INFO
AddAtHashToIdTokenClaims
Skipped evaluation due to missing required string: at_hash
expected
at_hash
2021-12-16 19:20:02 INFO
FAPIBrazilAddACRClaimToIdTokenClaims
Skipped evaluation due to missing required string: requested_id_token_acr_values
expected
requested_id_token_acr_values
2021-12-16 19:20:02 SUCCESS
SignIdToken
Signed the ID token
id_token
eyJraWQiOiJYNWQ0dkZZZkx4YUcxZ2c4X2wzYkZZRmhVYVVWbUU2UGFFc1JXWDJFWXFNIiwiYWxnIjoiUFMyNTYifQ.eyJzdWIiOiJ1c2VyLXN1YmplY3QtMTIzNDUzMSIsImF1ZCI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImNfaGFzaCI6ImlJMUp0VDVGTXpOLUZzUDV3eVgzZFEiLCJzX2hhc2giOiItMGppOGVwY1RjRE9SSFNCMWRBTjdnIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL1JQLVNlY3VyaXR5LVRlc3QtUEFOXC8iLCJleHAiOjE2Mzk2ODI3MDIsIm5vbmNlIjoiZTlhYTIyYWFhMzJhZWQ1ZWYxNTA5NWY5MmY5MzAxNjlkY2YwYjBkNTg2OTM5OTM2MmI4N2JhNGJjOTY0MDM0MiIsImlhdCI6MTYzOTY4MjQwMn0.qL9t79eE1NFIrIxoqa2wwwxoIvtUn05qeTS10drwUCn8Y3jjNBstJkKiF_TZ612tW0bKuCELtFE5Jvaat0s7zgKnabsUvYdGkShdrYMX8SUmjioIsQRX2c59xekY_6UkEdZIhL9dBAO8WAsuqMwXn-VTU0hWhtcLRWncpUldz3bmfsCyze42kdNF6CTPfqwLz-Ph3jXQKG29BG9VXdmT6j3oTCEK6Wmtbq1MmR8O9IfNYS5ULMM80hiTTodAo2OEDu0zOYFB5TTJ9dl3Nq2QnsLiV_jQmxF5tdHg9g9FmiNmpMEAQc_XfXBkiScUJdVYGmYgMoIpgU7TJpjGNB7LQw
2021-12-16 19:20:02 SUCCESS
FAPIBrazilChangeConsentStatusToAuthorized
Changed consent status to AUTHORISED
consent
{
  "data": {
    "consentId": "urn:conformance.oidf:RQjpfhyKq2",
    "creationDateTime": "2021-12-16T19:20:01Z",
    "status": "AUTHORISED",
    "statusUpdateDateTime": "2021-12-16T19:20:02Z",
    "permissions": [
      "ACCOUNTS_READ",
      "ACCOUNTS_BALANCES_READ",
      "RESOURCES_READ"
    ],
    "expirationDateTime": "2021-12-16T21:20:01Z",
    "transactionFromDateTime": "2021-12-16T19:15:01Z",
    "transactionToDateTime": "2021-12-16T21:20:01Z",
    "links": {
      "self": "https://www.certification.openid.net/test/a/RP-Security-Test-PANconsents/v1/consents"
    }
  },
  "meta": {
    "totalRecords": 1,
    "totalPages": 1,
    "requestDateTime": "2021-12-16T19:20:01Z"
  }
}
2021-12-16 19:20:02 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://api-openbanking-hml.bancopan.com.br/tpp/callback",
  "state": "f16d1e08154572c760ae601a0b06556b9b56f8082f7b05814327a689e65c822a"
}
2021-12-16 19:20:02 SUCCESS
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://api-openbanking-hml.bancopan.com.br/tpp/callback",
  "state": "f16d1e08154572c760ae601a0b06556b9b56f8082f7b05814327a689e65c822a",
  "code": "lg65cID4HBCoYDPE3k1bDs4PjhGkWCDX"
}
2021-12-16 19:20:02 SUCCESS
AddIdTokenToAuthorizationEndpointResponseParams
Added id_token to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://api-openbanking-hml.bancopan.com.br/tpp/callback",
  "state": "f16d1e08154572c760ae601a0b06556b9b56f8082f7b05814327a689e65c822a",
  "code": "lg65cID4HBCoYDPE3k1bDs4PjhGkWCDX",
  "id_token": "eyJraWQiOiJYNWQ0dkZZZkx4YUcxZ2c4X2wzYkZZRmhVYVVWbUU2UGFFc1JXWDJFWXFNIiwiYWxnIjoiUFMyNTYifQ.eyJzdWIiOiJ1c2VyLXN1YmplY3QtMTIzNDUzMSIsImF1ZCI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImNfaGFzaCI6ImlJMUp0VDVGTXpOLUZzUDV3eVgzZFEiLCJzX2hhc2giOiItMGppOGVwY1RjRE9SSFNCMWRBTjdnIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL1JQLVNlY3VyaXR5LVRlc3QtUEFOXC8iLCJleHAiOjE2Mzk2ODI3MDIsIm5vbmNlIjoiZTlhYTIyYWFhMzJhZWQ1ZWYxNTA5NWY5MmY5MzAxNjlkY2YwYjBkNTg2OTM5OTM2MmI4N2JhNGJjOTY0MDM0MiIsImlhdCI6MTYzOTY4MjQwMn0.qL9t79eE1NFIrIxoqa2wwwxoIvtUn05qeTS10drwUCn8Y3jjNBstJkKiF_TZ612tW0bKuCELtFE5Jvaat0s7zgKnabsUvYdGkShdrYMX8SUmjioIsQRX2c59xekY_6UkEdZIhL9dBAO8WAsuqMwXn-VTU0hWhtcLRWncpUldz3bmfsCyze42kdNF6CTPfqwLz-Ph3jXQKG29BG9VXdmT6j3oTCEK6Wmtbq1MmR8O9IfNYS5ULMM80hiTTodAo2OEDu0zOYFB5TTJ9dl3Nq2QnsLiV_jQmxF5tdHg9g9FmiNmpMEAQc_XfXBkiScUJdVYGmYgMoIpgU7TJpjGNB7LQw"
}
2021-12-16 19:20:02
SendAuthorizationResponseWithResponseModeFragment
Redirecting back to client
uri
https://api-openbanking-hml.bancopan.com.br/tpp/callback#state=f16d1e08154572c760ae601a0b06556b9b56f8082f7b05814327a689e65c822a&code=lg65cID4HBCoYDPE3k1bDs4PjhGkWCDX&id_token=eyJraWQiOiJYNWQ0dkZZZkx4YUcxZ2c4X2wzYkZZRmhVYVVWbUU2UGFFc1JXWDJFWXFNIiwiYWxnIjoiUFMyNTYifQ.eyJzdWIiOiJ1c2VyLXN1YmplY3QtMTIzNDUzMSIsImF1ZCI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImNfaGFzaCI6ImlJMUp0VDVGTXpOLUZzUDV3eVgzZFEiLCJzX2hhc2giOiItMGppOGVwY1RjRE9SSFNCMWRBTjdnIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL1JQLVNlY3VyaXR5LVRlc3QtUEFOXC8iLCJleHAiOjE2Mzk2ODI3MDIsIm5vbmNlIjoiZTlhYTIyYWFhMzJhZWQ1ZWYxNTA5NWY5MmY5MzAxNjlkY2YwYjBkNTg2OTM5OTM2MmI4N2JhNGJjOTY0MDM0MiIsImlhdCI6MTYzOTY4MjQwMn0.qL9t79eE1NFIrIxoqa2wwwxoIvtUn05qeTS10drwUCn8Y3jjNBstJkKiF_TZ612tW0bKuCELtFE5Jvaat0s7zgKnabsUvYdGkShdrYMX8SUmjioIsQRX2c59xekY_6UkEdZIhL9dBAO8WAsuqMwXn-VTU0hWhtcLRWncpUldz3bmfsCyze42kdNF6CTPfqwLz-Ph3jXQKG29BG9VXdmT6j3oTCEK6Wmtbq1MmR8O9IfNYS5ULMM80hiTTodAo2OEDu0zOYFB5TTJ9dl3Nq2QnsLiV_jQmxF5tdHg9g9FmiNmpMEAQc_XfXBkiScUJdVYGmYgMoIpgU7TJpjGNB7LQw
2021-12-16 19:20:02 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [https://api-openbanking-hml.bancopan.com.br/tpp/callback#state=f16d1e08154572c760ae601a0b06556b9b56f8082f7b05814327a689e65c822a&code=lg65cID4HBCoYDPE3k1bDs4PjhGkWCDX&id_token=eyJraWQiOiJYNWQ0dkZZZkx4YUcxZ2c4X2wzYkZZRmhVYVVWbUU2UGFFc1JXWDJFWXFNIiwiYWxnIjoiUFMyNTYifQ.eyJzdWIiOiJ1c2VyLXN1YmplY3QtMTIzNDUzMSIsImF1ZCI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImNfaGFzaCI6ImlJMUp0VDVGTXpOLUZzUDV3eVgzZFEiLCJzX2hhc2giOiItMGppOGVwY1RjRE9SSFNCMWRBTjdnIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL1JQLVNlY3VyaXR5LVRlc3QtUEFOXC8iLCJleHAiOjE2Mzk2ODI3MDIsIm5vbmNlIjoiZTlhYTIyYWFhMzJhZWQ1ZWYxNTA5NWY5MmY5MzAxNjlkY2YwYjBkNTg2OTM5OTM2MmI4N2JhNGJjOTY0MDM0MiIsImlhdCI6MTYzOTY4MjQwMn0.qL9t79eE1NFIrIxoqa2wwwxoIvtUn05qeTS10drwUCn8Y3jjNBstJkKiF_TZ612tW0bKuCELtFE5Jvaat0s7zgKnabsUvYdGkShdrYMX8SUmjioIsQRX2c59xekY_6UkEdZIhL9dBAO8WAsuqMwXn-VTU0hWhtcLRWncpUldz3bmfsCyze42kdNF6CTPfqwLz-Ph3jXQKG29BG9VXdmT6j3oTCEK6Wmtbq1MmR8O9IfNYS5ULMM80hiTTodAo2OEDu0zOYFB5TTJ9dl3Nq2QnsLiV_jQmxF5tdHg9g9FmiNmpMEAQc_XfXBkiScUJdVYGmYgMoIpgU7TJpjGNB7LQw]
outgoing_path
authorize
2021-12-16 19:20:04 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate, br",
  "connection": "close"
}
incoming_path
/test/a/RP-Security-Test-PAN/.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-12-16 19:20:04 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-12-16 19:20:04 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/userinfo",
  "mtls_endpoint_aliases": {
    "token_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token",
    "registration_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/register",
    "userinfo_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/userinfo",
    "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/par"
  },
  "tls_client_certificate_bound_access_tokens": true,
  "request_parameter_supported": true,
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "client_credentials",
    "refresh_token"
  ],
  "claims_parameter_supported": true,
  "request_object_encryption_alg_values_supported": [
    "RSA-OAEP"
  ],
  "request_object_encryption_enc_values_supported": [
    "A256GCM"
  ],
  "claims_supported": [
    "cpf",
    "cnpj",
    "acr"
  ],
  "acr_values_supported": [
    "urn:brasil:openbanking:loa2",
    "urn:brasil:openbanking:loa3"
  ],
  "id_token_signing_alg_values_supported": [
    "PS256"
  ],
  "request_object_signing_alg_values_supported": [
    "PS256"
  ],
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access",
    "consents",
    "resources",
    "payments"
  ],
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt"
  ],
  "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/par",
  "require_pushed_authorization_requests": true,
  "response_types_supported": [
    "code id_token"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS256"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-12-16 19:20:04 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate, br",
  "connection": "close"
}
incoming_path
/test/a/RP-Security-Test-PAN/jwks
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-12-16 19:20:04 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-12-16 19:20:04 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "X5d4vFYfLxaG1gg8_l3bFYFhUaUVmE6PaEsRWX2EYqM",
      "x5c": [
        "MIIGqzCCBZOgAwIBAgIUdUCw8bQZidnZ6uERKJuN9u4RGvcwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwxFTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNBTkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDgxNjA5NTUwMFoXDTIyMDkxNTA5NTUwMFowgacxCzAJBgNVBAYTAkJSMRMwEQYDVQQKEwpJQ1AtQnJhc2lsMS8wDAYDVQQLEwUxMjM0NTAOBgNVBAsTB2NlcnRtYW4wDwYDVQQLEwhhZ29vZG9uZTEcMBoGA1UEAxMTT3BlbiBCYW5raW5nIEJyYXNpbDE0MDIGCgmSJomT8ixkAQETJDc0ZTkyOWQ5LTMzYjYtNGQ4NS04YmE3LWMxNDZjODY3YTgxNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyF1agPcwq5ms99Flo82XsXUroWoD/6FX4AfmOUu113h4VOLYaO3N8HDYbKxgii2En/+O61e/Ptjn4T2PVq0iVcqiF6Gp4sKE5w/bKZRfdCe8qIPS4D+JKpFpesJvIHUeQvlAuBp5dA9nGSpxOjGe5P2+ZzNGXwvux/2ztdweGmKbtOvbYe4RVhiu6bOubog8XEBmD96EnqmoROasH1Hn9kDJIclbTP51j/TlQMzhrSfJJuE3Qq6vWhe/DaPbtmELmlDiYHjp8CjAY5oBMHLmkHvQxEBV4cwbUZj5ZpdqU8tkA78XtR4DkzrJ4fYoBb1+9ABq6GNzxWPpSQMQuBXdsCAwEAAaOCAwIwggL+MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJwv7oHX2exZL304ru+4eGVypHlxMB8GA1UdIwQYMBaAFIZ/WK0X9YK2TrQFs/uwzhFD30y+MEwGCCsGAQUFBwEBBEAwPjA8BggrBgEFBQcwAYYwaHR0cDovL29jc3Auc2FuZGJveC5wa2kub3BlbmJhbmtpbmdicmFzaWwub3JnLmJyMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwuc2FuZGJveC5wa2kub3BlbmJhbmtpbmdicmFzaWwub3JnLmJyL2lzc3Vlci5jcmwwXgYDVR0RBFcwVaAZBgVgTAEDAqAQDA5NaWNoYWVsIEZyYXNlcqAYBgVgTAEDA6APDA0xMzM1MzIzNjAwMTg5oA0GBWBMAQMEoAQMAm5voA8GBWBMAQMHoAYMBGFsb3QwDgYDVR0PAQH/BAQDAgbAMIIBoQYDVR0gBIIBmDCCAZQwggGQBgorBgEEAYO6L2QBMIIBgDCCATYGCCsGAQUFBwICMIIBKAyCASRUaGlzIENlcnRpZmljYXRlIGlzIHNvbGVseSBmb3IgdXNlIHdpdGggUmFpZGlhbSBTZXJ2aWNlcyBMaW1pdGVkIGFuZCBvdGhlciBwYXJ0aWNpcGF0aW5nIG9yZ2FuaXNhdGlvbnMgdXNpbmcgUmFpZGlhbSBTZXJ2aWNlcyBMaW1pdGVkcyBUcnVzdCBGcmFtZXdvcmsgU2VydmljZXMuIEl0cyByZWNlaXB0LCBwb3NzZXNzaW9uIG9yIHVzZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSYWlkaWFtIFNlcnZpY2VzIEx0ZCBDZXJ0aWNpY2F0ZSBQb2xpY3kgYW5kIHJlbGF0ZWQgZG9jdW1lbnRzIHRoZXJlaW4uMEQGCCsGAQUFBwIBFjhodHRwOi8vY3BzLnNhbmRib3gucGtpLm9wZW5iYW5raW5nYnJhc2lsLm9yZy5ici9wb2xpY2llczANBgkqhkiG9w0BAQsFAAOCAQEAtKn/QnJqKLp52YB14x+M21qwz67utFkWjhauQe0elXupjY5NWZb5wLrGYNOZQzRe2JRzcBbGN6P7lCweRfxMkSGh9YrXbrkBXLEPtLHpTVEy65v1tWl02lC+ooVPyQpSjAQL0L69OQ7s7rnIXyb3rkSUzuGSxsLU1AXpWj0oYFB4wdeIdPAVPs83frC5s4kz42JruSAE2vsbvQURTVPChh+hO6+R6Irz+ZEZ1NSgjQkxvOXHW53CkXZSjjHbAB/nbJYi7YyK7kck99r38Ba/WBfIfywdFVVYfiiW5TS6XbQeVeilmmt5MLxBz96FxR6E6WR+cQwybEe94Fb/jD6xHA\u003d\u003d"
      ],
      "alg": "PS256",
      "n": "3IXVqA9zCrmaz30WWjzZexdSuhagP_oVfgB-Y5S7XXeHhU4tho7c3wcNhsrGCKLYSf_47rV78-2OfhPY9WrSJVyqIXoaniwoTnD9splF90J7yog9LgP4kqkWl6wm8gdR5C-UC4Gnl0D2cZKnE6MZ7k_b5nM0ZfC-7H_bO13B4aYpu069th7hFWGK7ps65uiDxcQGYP3oSeqahE5qwfUef2QMkhyVtM_nWP9OVAzOGtJ8km4TdCrq9aF78No9u2YQuaUOJgeOnwKMBjmgEwcuaQe9DEQFXhzBtRmPlml2pTy2QDvxe1HgOTOsnh9igFvX70AGroY3PFY-lJAxC4Fd2w"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "0fe502dd-14f0-4f45-80f9-feb9a216f996",
      "alg": "RSA-OAEP",
      "n": "r4dl-ApW6c-fvDbfSVxHpdV8zi8VQW4b9-uHMRq7dzqCkvP8OAG1R3plSr1N6fL_YLiIr9y621XkyRiMEKR7-DeqGsLf2ZTaqrZ1LfYgjsc2i9o3NSOeSgBwKGmT7h1OgxZSbhLzo7Xaktu3CCUZCOWLzs7LKo_CvKkcTF7tPhK9jYjdTsdsnS0RJOPjYQe7JO83Mvhd1Ty3F-Qycd-cKKMSjcQRiHt9jKd09kA2fKVlFwbm2M1PM3NdtnMaOUw31-XC4ixay47XTMqnmX7-op7qYV9wXbeZmjTsAKFuTGwJiGJrOTfqciDLBW8IpGC2BzFJ5rYmRu0kAttpvkOG3Q"
    }
  ]
}
outgoing_path
jwks
2021-12-16 19:20:04 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "content-type": "application/x-www-form-urlencoded",
  "accept-encoding": "gzip, deflate, br",
  "content-length": "1291",
  "connection": "close"
}
incoming_path
/test-mtls/a/RP-Security-Test-PAN/token
incoming_body_form_params
{
  "grant_type": "authorization_code",
  "code": "lg65cID4HBCoYDPE3k1bDs4PjhGkWCDX",
  "redirect_uri": "https://api-openbanking-hml.bancopan.com.br/tpp/callback",
  "code_verifier": "CF_cq-95SG5AcDtCNU3QdVKk4fBgSf5my4yMD7pVp_s",
  "client_id": "SBSfBTOJMVQBBL848VGXI",
  "client_assertion": "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDQsImV4cCI6MTYzOTY4MjQ2NCwianRpIjoiT3cwYkcxMlRNZ2NPeW9wTmx1UFZyUk05RkVGX3M4NVVQMDdZdlRjQ3ppayIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.CfVsRrnHDisvQKgdkkHTJYzoiVDo0q3HEDFC1xbvgct19CfsuCEWphITu96GY2brPfACdtB3CGjHsbkMCAhMgML4Kh0pAVpZ_LBdxd-pMxtKkU0O6H16qFJ1ZYlzqfPMfFp6E0ElsAj8IlrkJNgtz-lCNLrBo5x28MJxYUS_ikCzADSummXrlhCJipxXDhkgE5I6j5YosoI3AsvaanjafOK2nnNDM9LDYRJFBpNVhaHLgV3GtpsHWym6qtbnXbOE35cB_VSwYEnZVR7nr-VkCQdXfVbdYpQLa4xzvpz1vLGW9dh-NkoeIr-LddlVnIAVIlw-P0p6XYDVnc4QOkt5TA",
  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
}
incoming_method
POST
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
-----BEGIN CERTIFICATE----- MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4 9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6 i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3 5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5 IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0 cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL 8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0 QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks= -----END CERTIFICATE-----
incoming_body_json
incoming_query_string_params
{}
incoming_body
grant_type=authorization_code&code=lg65cID4HBCoYDPE3k1bDs4PjhGkWCDX&redirect_uri=https%3A%2F%2Fapi-openbanking-hml.bancopan.com.br%2Ftpp%2Fcallback&code_verifier=CF_cq-95SG5AcDtCNU3QdVKk4fBgSf5my4yMD7pVp_s&client_id=SBSfBTOJMVQBBL848VGXI&client_assertion=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDQsImV4cCI6MTYzOTY4MjQ2NCwianRpIjoiT3cwYkcxMlRNZ2NPeW9wTmx1UFZyUk05RkVGX3M4NVVQMDdZdlRjQ3ppayIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.CfVsRrnHDisvQKgdkkHTJYzoiVDo0q3HEDFC1xbvgct19CfsuCEWphITu96GY2brPfACdtB3CGjHsbkMCAhMgML4Kh0pAVpZ_LBdxd-pMxtKkU0O6H16qFJ1ZYlzqfPMfFp6E0ElsAj8IlrkJNgtz-lCNLrBo5x28MJxYUS_ikCzADSummXrlhCJipxXDhkgE5I6j5YosoI3AsvaanjafOK2nnNDM9LDYRJFBpNVhaHLgV3GtpsHWym6qtbnXbOE35cB_VSwYEnZVR7nr-VkCQdXfVbdYpQLa4xzvpz1vLGW9dh-NkoeIr-LddlVnIAVIlw-P0p6XYDVnc4QOkt5TA&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
2021-12-16 19:20:04 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Token endpoint
2021-12-16 19:20:04 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4 9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6 i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3 5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5 IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0 cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL 8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0 QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL\nBQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx\nFTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB\nTkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz\nMjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD\no28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct\nNjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j\nb20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk\nYWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ\ncml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4\n9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r\niu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6\ni56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV\nCLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3\n5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC\nAtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO\nEUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z\nYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA\noD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v\ncmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB\nBQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC\nD2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k\nATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz\nb2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg\nb3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g\nU2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg\ncmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j\nZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5\nIGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0\ncDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s\naWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL\n8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs\nZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0\nQZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY\nYFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG\nOZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "1.3.6.1.4.1.311.60.2.1.3\u003d#13024252,2.5.4.15\u003d#131450726976617465204f7267616e697a6174696f6e,UID\u003dac60fe65-58ca-44c3-9352-6f556c5cb98e,2.5.4.5\u003d#130e3539323835343131303030313133,CN\u003dbancopan.com.br,OU\u003db6a214c7-6332-5a41-8464-a281fb9a4ca0,O\u003dBANCO PAN,L\u003dSão Paulo,ST\u003dSP,C\u003dBR"
  },
  "sanDnsNames": [
    "bancopan.com.br"
  ],
  "sanUris": [],
  "sanIPs": [],
  "sanEmails": []
}
2021-12-16 19:20:04 SUCCESS
CheckForClientCertificate
Found client certificate
2021-12-16 19:20:04 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL
BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx
FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB
TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz
MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD
o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct
NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j
b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk
YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ
cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4
9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r
iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6
i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV
CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3
5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC
AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO
EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z
YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA
oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v
cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC
D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k
ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz
b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg
b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g
U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg
cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j
ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5
IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0
cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s
aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL
8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs
ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0
QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY
YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG
OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks=
-----END CERTIFICATE-----
2021-12-16 19:20:04 SUCCESS
ExtractClientAssertion
Parsed client assertion
client_assertion
{
  "value": "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDQsImV4cCI6MTYzOTY4MjQ2NCwianRpIjoiT3cwYkcxMlRNZ2NPeW9wTmx1UFZyUk05RkVGX3M4NVVQMDdZdlRjQ3ppayIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.CfVsRrnHDisvQKgdkkHTJYzoiVDo0q3HEDFC1xbvgct19CfsuCEWphITu96GY2brPfACdtB3CGjHsbkMCAhMgML4Kh0pAVpZ_LBdxd-pMxtKkU0O6H16qFJ1ZYlzqfPMfFp6E0ElsAj8IlrkJNgtz-lCNLrBo5x28MJxYUS_ikCzADSummXrlhCJipxXDhkgE5I6j5YosoI3AsvaanjafOK2nnNDM9LDYRJFBpNVhaHLgV3GtpsHWym6qtbnXbOE35cB_VSwYEnZVR7nr-VkCQdXfVbdYpQLa4xzvpz1vLGW9dh-NkoeIr-LddlVnIAVIlw-P0p6XYDVnc4QOkt5TA",
  "header": {
    "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
    "typ": "JWT",
    "alg": "PS256"
  },
  "claims": {
    "sub": "SBSfBTOJMVQBBL848VGXI",
    "aud": [
      "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
      "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
      "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token"
    ],
    "iss": "SBSfBTOJMVQBBL848VGXI",
    "exp": 1639682464,
    "iat": 1639682404,
    "jti": "Ow0bG12TMgcOyopNluPVrRM9FEF_s85UP07YvTcCzik"
  }
}
2021-12-16 19:20:04
EnsureClientAssertionSignatureAlgorithmMatchesRegistered
token_endpoint_auth_signing_alg is not set for the client, any supported algorithm can be used
2021-12-16 19:20:04 SUCCESS
ValidateClientAssertionSignature
client_assertion signature validated
client_assertion
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDQsImV4cCI6MTYzOTY4MjQ2NCwianRpIjoiT3cwYkcxMlRNZ2NPeW9wTmx1UFZyUk05RkVGX3M4NVVQMDdZdlRjQ3ppayIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.CfVsRrnHDisvQKgdkkHTJYzoiVDo0q3HEDFC1xbvgct19CfsuCEWphITu96GY2brPfACdtB3CGjHsbkMCAhMgML4Kh0pAVpZ_LBdxd-pMxtKkU0O6H16qFJ1ZYlzqfPMfFp6E0ElsAj8IlrkJNgtz-lCNLrBo5x28MJxYUS_ikCzADSummXrlhCJipxXDhkgE5I6j5YosoI3AsvaanjafOK2nnNDM9LDYRJFBpNVhaHLgV3GtpsHWym6qtbnXbOE35cB_VSwYEnZVR7nr-VkCQdXfVbdYpQLa4xzvpz1vLGW9dh-NkoeIr-LddlVnIAVIlw-P0p6XYDVnc4QOkt5TA
2021-12-16 19:20:04 SUCCESS
EnsureClientAssertionTypeIsJwt
Found JWT assertion type
assertion type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2021-12-16 19:20:04 SUCCESS
ValidateClientAssertionClaims
Client Assertion passed all validation checks
2021-12-16 19:20:04 SUCCESS
ValidateAuthorizationCode
Found authorization code
authorization_code
lg65cID4HBCoYDPE3k1bDs4PjhGkWCDX
2021-12-16 19:20:04 SUCCESS
ValidateRedirectUri
Found redirect uri
redirect_uri
https://api-openbanking-hml.bancopan.com.br/tpp/callback
2021-12-16 19:20:04 SUCCESS
ValidateCodeVerifierWithS256
Validated code_verifier successfully
code_challenge_method
S256
code_verifier
CF_cq-95SG5AcDtCNU3QdVKk4fBgSf5my4yMD7pVp_s
code_challenge
r2jtBVfYECM29P65jm2DI1eap6T-cLmd7lLyOyDX5Fs
2021-12-16 19:20:04 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
nxh6vmvyHmGFCQUWOYaPIaWsJNXjeDrL80C3HlDA2LK2aY735N
2021-12-16 19:20:04 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
MTAiQRhfjEhTbj2HmsCPuw
2021-12-16 19:20:04
CreateRefreshToken
Created refresh token
refresh_token
VgsqBllKmgdUTAPRltOLEJiLekoXtPLJHBBzaRNiSuineWgmdW5664743817!*<>]
2021-12-16 19:20:04 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/a/RP-Security-Test-PAN/
sub
user-subject-1234531
aud
SBSfBTOJMVQBBL848VGXI
nonce
e9aa22aaa32aed5ef15095f92f930169dcf0b0d5869399362b87ba4bc9640342
iat
1639682404
exp
1639682704
2021-12-16 19:20:04
FAPIBrazilAddCPFAndCPNJToIdTokenClaims
Request object does not contain a claims element.id_token
2021-12-16 19:20:04 SUCCESS
AddAtHashToIdTokenClaims
Added at_hash to ID token claims
at_hash
MTAiQRhfjEhTbj2HmsCPuw
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "sub": "user-subject-1234531",
  "aud": "SBSfBTOJMVQBBL848VGXI",
  "nonce": "e9aa22aaa32aed5ef15095f92f930169dcf0b0d5869399362b87ba4bc9640342",
  "iat": 1639682404,
  "exp": 1639682704,
  "at_hash": "MTAiQRhfjEhTbj2HmsCPuw"
}
2021-12-16 19:20:04 INFO
FAPIBrazilAddACRClaimToIdTokenClaims
Skipped evaluation due to missing required string: requested_id_token_acr_values
expected
requested_id_token_acr_values
2021-12-16 19:20:04 SUCCESS
SignIdToken
Signed the ID token
id_token
eyJraWQiOiJYNWQ0dkZZZkx4YUcxZ2c4X2wzYkZZRmhVYVVWbUU2UGFFc1JXWDJFWXFNIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoiTVRBaVFSaGZqRWhUYmoySG1zQ1B1dyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiU0JTZkJUT0pNVlFCQkw4NDhWR1hJIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL1JQLVNlY3VyaXR5LVRlc3QtUEFOXC8iLCJleHAiOjE2Mzk2ODI3MDQsIm5vbmNlIjoiZTlhYTIyYWFhMzJhZWQ1ZWYxNTA5NWY5MmY5MzAxNjlkY2YwYjBkNTg2OTM5OTM2MmI4N2JhNGJjOTY0MDM0MiIsImlhdCI6MTYzOTY4MjQwNH0.fBArkoIbLbIjK_9V0c3GhrD7UMk2peYHF_trqUL2t_xjhmeJ86YeebilKRTGR_FPT6XlvKbLf7vHgs8HjpW7EiL7skO9AzcL95sKdcoVxTzl-WAelDH76eg6SV1w-Hf_avWgXN8600NKGI6mFsP8K6blAuDTpOl2R87B9INmmjKBNOvu9jfnF-OuVTfIE_g2SqXOZDghDkhgV69gpRJWNCKkdb-24V8Rj702B3lChwsuyU5xAd9FV22XF1gOOCH9i9TwE5NvNxavZYvFMpLnhnaffQSoE3F4TRW_Pzj9Xg80-f4aWwcTIthbY2ELxtwjWuvZukS2FX9py099zE5YxQ
2021-12-16 19:20:04 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
nxh6vmvyHmGFCQUWOYaPIaWsJNXjeDrL80C3HlDA2LK2aY735N
token_type
Bearer
id_token
eyJraWQiOiJYNWQ0dkZZZkx4YUcxZ2c4X2wzYkZZRmhVYVVWbUU2UGFFc1JXWDJFWXFNIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoiTVRBaVFSaGZqRWhUYmoySG1zQ1B1dyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiU0JTZkJUT0pNVlFCQkw4NDhWR1hJIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL1JQLVNlY3VyaXR5LVRlc3QtUEFOXC8iLCJleHAiOjE2Mzk2ODI3MDQsIm5vbmNlIjoiZTlhYTIyYWFhMzJhZWQ1ZWYxNTA5NWY5MmY5MzAxNjlkY2YwYjBkNTg2OTM5OTM2MmI4N2JhNGJjOTY0MDM0MiIsImlhdCI6MTYzOTY4MjQwNH0.fBArkoIbLbIjK_9V0c3GhrD7UMk2peYHF_trqUL2t_xjhmeJ86YeebilKRTGR_FPT6XlvKbLf7vHgs8HjpW7EiL7skO9AzcL95sKdcoVxTzl-WAelDH76eg6SV1w-Hf_avWgXN8600NKGI6mFsP8K6blAuDTpOl2R87B9INmmjKBNOvu9jfnF-OuVTfIE_g2SqXOZDghDkhgV69gpRJWNCKkdb-24V8Rj702B3lChwsuyU5xAd9FV22XF1gOOCH9i9TwE5NvNxavZYvFMpLnhnaffQSoE3F4TRW_Pzj9Xg80-f4aWwcTIthbY2ELxtwjWuvZukS2FX9py099zE5YxQ
refresh_token
VgsqBllKmgdUTAPRltOLEJiLekoXtPLJHBBzaRNiSuineWgmdW5664743817!*<>]
scope
openid consent:urn:conformance.oidf:RQjpfhyKq2 accounts resources
2021-12-16 19:20:04
RemoveIssuedAccessTokenFromEnvironment
Removed access_token and token_type from environment
2021-12-16 19:20:04 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "nxh6vmvyHmGFCQUWOYaPIaWsJNXjeDrL80C3HlDA2LK2aY735N",
  "token_type": "Bearer",
  "id_token": "eyJraWQiOiJYNWQ0dkZZZkx4YUcxZ2c4X2wzYkZZRmhVYVVWbUU2UGFFc1JXWDJFWXFNIiwiYWxnIjoiUFMyNTYifQ.eyJhdF9oYXNoIjoiTVRBaVFSaGZqRWhUYmoySG1zQ1B1dyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiU0JTZkJUT0pNVlFCQkw4NDhWR1hJIiwiaXNzIjoiaHR0cHM6XC9cL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXRcL3Rlc3RcL2FcL1JQLVNlY3VyaXR5LVRlc3QtUEFOXC8iLCJleHAiOjE2Mzk2ODI3MDQsIm5vbmNlIjoiZTlhYTIyYWFhMzJhZWQ1ZWYxNTA5NWY5MmY5MzAxNjlkY2YwYjBkNTg2OTM5OTM2MmI4N2JhNGJjOTY0MDM0MiIsImlhdCI6MTYzOTY4MjQwNH0.fBArkoIbLbIjK_9V0c3GhrD7UMk2peYHF_trqUL2t_xjhmeJ86YeebilKRTGR_FPT6XlvKbLf7vHgs8HjpW7EiL7skO9AzcL95sKdcoVxTzl-WAelDH76eg6SV1w-Hf_avWgXN8600NKGI6mFsP8K6blAuDTpOl2R87B9INmmjKBNOvu9jfnF-OuVTfIE_g2SqXOZDghDkhgV69gpRJWNCKkdb-24V8Rj702B3lChwsuyU5xAd9FV22XF1gOOCH9i9TwE5NvNxavZYvFMpLnhnaffQSoE3F4TRW_Pzj9Xg80-f4aWwcTIthbY2ELxtwjWuvZukS2FX9py099zE5YxQ",
  "refresh_token": "VgsqBllKmgdUTAPRltOLEJiLekoXtPLJHBBzaRNiSuineWgmdW5664743817!*\u003c\u003e]",
  "scope": "openid consent:urn:conformance.oidf:RQjpfhyKq2 accounts resources"
}
outgoing_path
token
2021-12-16 19:20:07 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate, br",
  "connection": "close"
}
incoming_path
/test/a/RP-Security-Test-PAN/.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-12-16 19:20:07 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-12-16 19:20:07 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/userinfo",
  "mtls_endpoint_aliases": {
    "token_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token",
    "registration_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/register",
    "userinfo_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/userinfo",
    "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/par"
  },
  "tls_client_certificate_bound_access_tokens": true,
  "request_parameter_supported": true,
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "client_credentials",
    "refresh_token"
  ],
  "claims_parameter_supported": true,
  "request_object_encryption_alg_values_supported": [
    "RSA-OAEP"
  ],
  "request_object_encryption_enc_values_supported": [
    "A256GCM"
  ],
  "claims_supported": [
    "cpf",
    "cnpj",
    "acr"
  ],
  "acr_values_supported": [
    "urn:brasil:openbanking:loa2",
    "urn:brasil:openbanking:loa3"
  ],
  "id_token_signing_alg_values_supported": [
    "PS256"
  ],
  "request_object_signing_alg_values_supported": [
    "PS256"
  ],
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access",
    "consents",
    "resources",
    "payments"
  ],
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt"
  ],
  "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/par",
  "require_pushed_authorization_requests": true,
  "response_types_supported": [
    "code id_token"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS256"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-12-16 19:20:07 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate, br",
  "connection": "close"
}
incoming_path
/test/a/RP-Security-Test-PAN/.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-12-16 19:20:07 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-12-16 19:20:07 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/userinfo",
  "mtls_endpoint_aliases": {
    "token_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token",
    "registration_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/register",
    "userinfo_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/userinfo",
    "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/par"
  },
  "tls_client_certificate_bound_access_tokens": true,
  "request_parameter_supported": true,
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "client_credentials",
    "refresh_token"
  ],
  "claims_parameter_supported": true,
  "request_object_encryption_alg_values_supported": [
    "RSA-OAEP"
  ],
  "request_object_encryption_enc_values_supported": [
    "A256GCM"
  ],
  "claims_supported": [
    "cpf",
    "cnpj",
    "acr"
  ],
  "acr_values_supported": [
    "urn:brasil:openbanking:loa2",
    "urn:brasil:openbanking:loa3"
  ],
  "id_token_signing_alg_values_supported": [
    "PS256"
  ],
  "request_object_signing_alg_values_supported": [
    "PS256"
  ],
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access",
    "consents",
    "resources",
    "payments"
  ],
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt"
  ],
  "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/par",
  "require_pushed_authorization_requests": true,
  "response_types_supported": [
    "code id_token"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS256"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-12-16 19:20:08 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "content-type": "application/x-www-form-urlencoded",
  "accept-encoding": "gzip, deflate, br",
  "content-length": "1198",
  "connection": "close"
}
incoming_path
/test-mtls/a/RP-Security-Test-PAN/token
incoming_body_form_params
{
  "grant_type": "refresh_token",
  "refresh_token": "VgsqBllKmgdUTAPRltOLEJiLekoXtPLJHBBzaRNiSuineWgmdW5664743817!*\u003c\u003e]",
  "client_id": "SBSfBTOJMVQBBL848VGXI",
  "client_assertion": "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDcsImV4cCI6MTYzOTY4MjQ2NywianRpIjoid1dwM05Pd2I1dTNnZll6SXdvbWJnMnd6VEFXc3JnempJU1lkQUduVjU4byIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.TeweBuJbqBvsSKk_uoRN_11G44w_DP_LmfeOHCeJEbMPZAY2APXgCmFJJ5Vs3UbeUuPsK8BMWgMB6Zn8e3EI7B-PUcUMjp8tStF3whX62Ne-sjCFj9jThSGfj1YJCBVD7v8aV_FGTiFKYeZzzri8COVxHrLyxWRsooopMp0XEfzHncolqKmC2SV9m-l9av7a1K_hc_mJPP4jsyAGhuruE0-_TDFeHFgYyJpmRdExA5bE8TxYU0bs-ldISPsQxP37spQjEr6UUrEnaHo09oB07lTMTG2bl8cQQcX9nemRg4uxb-C_eYm1DljLOSTA7zOpA1gml2Z_Ual0DH4wh-lndw",
  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
}
incoming_method
POST
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
-----BEGIN CERTIFICATE----- MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4 9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6 i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3 5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5 IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0 cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL 8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0 QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks= -----END CERTIFICATE-----
incoming_body_json
incoming_query_string_params
{}
incoming_body
grant_type=refresh_token&refresh_token=VgsqBllKmgdUTAPRltOLEJiLekoXtPLJHBBzaRNiSuineWgmdW5664743817%21*%3C%3E%5D&client_id=SBSfBTOJMVQBBL848VGXI&client_assertion=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDcsImV4cCI6MTYzOTY4MjQ2NywianRpIjoid1dwM05Pd2I1dTNnZll6SXdvbWJnMnd6VEFXc3JnempJU1lkQUduVjU4byIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.TeweBuJbqBvsSKk_uoRN_11G44w_DP_LmfeOHCeJEbMPZAY2APXgCmFJJ5Vs3UbeUuPsK8BMWgMB6Zn8e3EI7B-PUcUMjp8tStF3whX62Ne-sjCFj9jThSGfj1YJCBVD7v8aV_FGTiFKYeZzzri8COVxHrLyxWRsooopMp0XEfzHncolqKmC2SV9m-l9av7a1K_hc_mJPP4jsyAGhuruE0-_TDFeHFgYyJpmRdExA5bE8TxYU0bs-ldISPsQxP37spQjEr6UUrEnaHo09oB07lTMTG2bl8cQQcX9nemRg4uxb-C_eYm1DljLOSTA7zOpA1gml2Z_Ual0DH4wh-lndw&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
2021-12-16 19:20:08 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Token endpoint
2021-12-16 19:20:08 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4 9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6 i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3 5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5 IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0 cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL 8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0 QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL\nBQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx\nFTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB\nTkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz\nMjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD\no28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct\nNjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j\nb20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk\nYWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ\ncml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4\n9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r\niu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6\ni56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV\nCLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3\n5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC\nAtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO\nEUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z\nYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA\noD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v\ncmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB\nBQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC\nD2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k\nATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz\nb2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg\nb3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g\nU2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg\ncmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j\nZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5\nIGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0\ncDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s\naWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL\n8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs\nZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0\nQZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY\nYFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG\nOZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "1.3.6.1.4.1.311.60.2.1.3\u003d#13024252,2.5.4.15\u003d#131450726976617465204f7267616e697a6174696f6e,UID\u003dac60fe65-58ca-44c3-9352-6f556c5cb98e,2.5.4.5\u003d#130e3539323835343131303030313133,CN\u003dbancopan.com.br,OU\u003db6a214c7-6332-5a41-8464-a281fb9a4ca0,O\u003dBANCO PAN,L\u003dSão Paulo,ST\u003dSP,C\u003dBR"
  },
  "sanDnsNames": [
    "bancopan.com.br"
  ],
  "sanUris": [],
  "sanIPs": [],
  "sanEmails": []
}
2021-12-16 19:20:08 SUCCESS
CheckForClientCertificate
Found client certificate
2021-12-16 19:20:08 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL
BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx
FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB
TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz
MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD
o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct
NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j
b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk
YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ
cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4
9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r
iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6
i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV
CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3
5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC
AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO
EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z
YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA
oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v
cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC
D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k
ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz
b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg
b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g
U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg
cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j
ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5
IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0
cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s
aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL
8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs
ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0
QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY
YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG
OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks=
-----END CERTIFICATE-----
2021-12-16 19:20:08 SUCCESS
ExtractClientAssertion
Parsed client assertion
client_assertion
{
  "value": "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDcsImV4cCI6MTYzOTY4MjQ2NywianRpIjoid1dwM05Pd2I1dTNnZll6SXdvbWJnMnd6VEFXc3JnempJU1lkQUduVjU4byIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.TeweBuJbqBvsSKk_uoRN_11G44w_DP_LmfeOHCeJEbMPZAY2APXgCmFJJ5Vs3UbeUuPsK8BMWgMB6Zn8e3EI7B-PUcUMjp8tStF3whX62Ne-sjCFj9jThSGfj1YJCBVD7v8aV_FGTiFKYeZzzri8COVxHrLyxWRsooopMp0XEfzHncolqKmC2SV9m-l9av7a1K_hc_mJPP4jsyAGhuruE0-_TDFeHFgYyJpmRdExA5bE8TxYU0bs-ldISPsQxP37spQjEr6UUrEnaHo09oB07lTMTG2bl8cQQcX9nemRg4uxb-C_eYm1DljLOSTA7zOpA1gml2Z_Ual0DH4wh-lndw",
  "header": {
    "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
    "typ": "JWT",
    "alg": "PS256"
  },
  "claims": {
    "sub": "SBSfBTOJMVQBBL848VGXI",
    "aud": [
      "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
      "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
      "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token"
    ],
    "iss": "SBSfBTOJMVQBBL848VGXI",
    "exp": 1639682467,
    "iat": 1639682407,
    "jti": "wWp3NOwb5u3gfYzIwombg2wzTAWsrgzjISYdAGnV58o"
  }
}
2021-12-16 19:20:08
EnsureClientAssertionSignatureAlgorithmMatchesRegistered
token_endpoint_auth_signing_alg is not set for the client, any supported algorithm can be used
2021-12-16 19:20:08 SUCCESS
ValidateClientAssertionSignature
client_assertion signature validated
client_assertion
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDcsImV4cCI6MTYzOTY4MjQ2NywianRpIjoid1dwM05Pd2I1dTNnZll6SXdvbWJnMnd6VEFXc3JnempJU1lkQUduVjU4byIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.TeweBuJbqBvsSKk_uoRN_11G44w_DP_LmfeOHCeJEbMPZAY2APXgCmFJJ5Vs3UbeUuPsK8BMWgMB6Zn8e3EI7B-PUcUMjp8tStF3whX62Ne-sjCFj9jThSGfj1YJCBVD7v8aV_FGTiFKYeZzzri8COVxHrLyxWRsooopMp0XEfzHncolqKmC2SV9m-l9av7a1K_hc_mJPP4jsyAGhuruE0-_TDFeHFgYyJpmRdExA5bE8TxYU0bs-ldISPsQxP37spQjEr6UUrEnaHo09oB07lTMTG2bl8cQQcX9nemRg4uxb-C_eYm1DljLOSTA7zOpA1gml2Z_Ual0DH4wh-lndw
2021-12-16 19:20:08 SUCCESS
EnsureClientAssertionTypeIsJwt
Found JWT assertion type
assertion type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2021-12-16 19:20:08 SUCCESS
ValidateClientAssertionClaims
Client Assertion passed all validation checks
2021-12-16 19:20:08 SUCCESS
ValidateRefreshToken
refresh_token parameter matches the expected value.
refresh_token
VgsqBllKmgdUTAPRltOLEJiLekoXtPLJHBBzaRNiSuineWgmdW5664743817!*<>]
2021-12-16 19:20:08 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
crYOTJ1MjN048o3kDJkzTXDUl3eAV9oN1nHmJeUZ0ZwsrPGZjR
2021-12-16 19:20:08 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
XXbv_cHuGiQisWWsYItqGw
2021-12-16 19:20:08
CreateRefreshToken
Created refresh token
refresh_token
yoZHFSmoCrbiKfEanlAVapqnrgDeDizrgsncUIfrthuJLYcJoY5460604057:\;|~
2021-12-16 19:20:08 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
crYOTJ1MjN048o3kDJkzTXDUl3eAV9oN1nHmJeUZ0ZwsrPGZjR
token_type
Bearer
refresh_token
yoZHFSmoCrbiKfEanlAVapqnrgDeDizrgsncUIfrthuJLYcJoY5460604057:\;|~
scope
openid consent:urn:conformance.oidf:RQjpfhyKq2 accounts resources
2021-12-16 19:20:08 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "crYOTJ1MjN048o3kDJkzTXDUl3eAV9oN1nHmJeUZ0ZwsrPGZjR",
  "token_type": "Bearer",
  "refresh_token": "yoZHFSmoCrbiKfEanlAVapqnrgDeDizrgsncUIfrthuJLYcJoY5460604057:\\;|~",
  "scope": "openid consent:urn:conformance.oidf:RQjpfhyKq2 accounts resources"
}
outgoing_path
token
2021-12-16 19:20:08 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "application/json, text/plain, */*",
  "authorization": "Bearer crYOTJ1MjN048o3kDJkzTXDUl3eAV9oN1nHmJeUZ0ZwsrPGZjR",
  "user-agent": "axios/0.21.4",
  "connection": "close"
}
incoming_path
/test-mtls/a/RP-Security-Test-PAN/accounts/v1/accounts
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
-----BEGIN CERTIFICATE----- MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4 9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6 i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3 5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5 IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0 cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL 8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0 QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks= -----END CERTIFICATE-----
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-12-16 19:20:08 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Accounts endpoint (always rejected)
2021-12-16 19:20:08 SUCCESS
LogAccessTokenAlwaysRejectedToForceARefreshGrant
This call will be always rejected. The client must obtain a new access token twice using the refresh_token
2021-12-16 19:20:08 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
401
outgoing_headers
{
  "WWW-Authenticate": [
    "Bearer realm\u003d\"conformancesuite\", error\u003d\"invalid_token\", error_description\u003d\"Invalid access token. This test requires you to obtain a new access token twice using the refresh_token\""
  ]
}
outgoing_body
outgoing_path
accounts/v1/accounts
2021-12-16 19:20:08 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate, br",
  "connection": "close"
}
incoming_path
/test/a/RP-Security-Test-PAN/.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-12-16 19:20:08 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-12-16 19:20:08 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/userinfo",
  "mtls_endpoint_aliases": {
    "token_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token",
    "registration_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/register",
    "userinfo_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/userinfo",
    "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/par"
  },
  "tls_client_certificate_bound_access_tokens": true,
  "request_parameter_supported": true,
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "client_credentials",
    "refresh_token"
  ],
  "claims_parameter_supported": true,
  "request_object_encryption_alg_values_supported": [
    "RSA-OAEP"
  ],
  "request_object_encryption_enc_values_supported": [
    "A256GCM"
  ],
  "claims_supported": [
    "cpf",
    "cnpj",
    "acr"
  ],
  "acr_values_supported": [
    "urn:brasil:openbanking:loa2",
    "urn:brasil:openbanking:loa3"
  ],
  "id_token_signing_alg_values_supported": [
    "PS256"
  ],
  "request_object_signing_alg_values_supported": [
    "PS256"
  ],
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access",
    "consents",
    "resources",
    "payments"
  ],
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt"
  ],
  "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/par",
  "require_pushed_authorization_requests": true,
  "response_types_supported": [
    "code id_token"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS256"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-12-16 19:20:08 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "accept-encoding": "gzip, deflate, br",
  "connection": "close"
}
incoming_path
/test/a/RP-Security-Test-PAN/.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-12-16 19:20:08 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
2021-12-16 19:20:08 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/jwks",
  "registration_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/register",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/userinfo",
  "mtls_endpoint_aliases": {
    "token_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token",
    "registration_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/register",
    "userinfo_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/userinfo",
    "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/par"
  },
  "tls_client_certificate_bound_access_tokens": true,
  "request_parameter_supported": true,
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "client_credentials",
    "refresh_token"
  ],
  "claims_parameter_supported": true,
  "request_object_encryption_alg_values_supported": [
    "RSA-OAEP"
  ],
  "request_object_encryption_enc_values_supported": [
    "A256GCM"
  ],
  "claims_supported": [
    "cpf",
    "cnpj",
    "acr"
  ],
  "acr_values_supported": [
    "urn:brasil:openbanking:loa2",
    "urn:brasil:openbanking:loa3"
  ],
  "id_token_signing_alg_values_supported": [
    "PS256"
  ],
  "request_object_signing_alg_values_supported": [
    "PS256"
  ],
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access",
    "consents",
    "resources",
    "payments"
  ],
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt"
  ],
  "pushed_authorization_request_endpoint": "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/par",
  "require_pushed_authorization_requests": true,
  "response_types_supported": [
    "code id_token"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS256"
  ]
}
outgoing_path
.well-known/openid-configuration
2021-12-16 19:20:08 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "user-agent": "openid-client/4.9.1 (https://github.com/panva/node-openid-client)",
  "accept": "application/json",
  "content-type": "application/x-www-form-urlencoded",
  "accept-encoding": "gzip, deflate, br",
  "content-length": "1200",
  "connection": "close"
}
incoming_path
/test-mtls/a/RP-Security-Test-PAN/token
incoming_body_form_params
{
  "grant_type": "refresh_token",
  "refresh_token": "yoZHFSmoCrbiKfEanlAVapqnrgDeDizrgsncUIfrthuJLYcJoY5460604057:\\;|~",
  "client_id": "SBSfBTOJMVQBBL848VGXI",
  "client_assertion": "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDgsImV4cCI6MTYzOTY4MjQ2OCwianRpIjoiOFRVX3FRSXNEbGhUd0o2Zy1qcFhlWUtGNU5wXzFKb1prbm5NdGJDNFNVVSIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.abQRTkpb1Twdx3hdOob6r_sDtXvZ9mc-CnMjpwIwS1Gpd8BJUSRAXB_jSffOqDRBWcuLFfnAwjzpRLrHOTPN_Gz8nYN7Vo9EGjDFCVPKRSua5mW-uGwKN_FwtJxGd_wpzXxE7XLufVyjPoShtQcC_YRSyb6NHHHvo9jI7hjBwvyucQU3CkWgBA1WF3xvHxKfKpE5QrhxKgRZHeDz23-QxpHHwsQIJFesEDUEo99HCHWbbyqpkdo_CEmZmGnUSuGuDAsF3vD7MiZZzlatsTlNIY0N8_TkOW5kz4B2HdfdBMQe2DOcbkB4TAVcbD-q66NeWTA7Hfb7NDMNyaWDAApEPw",
  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
}
incoming_method
POST
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
-----BEGIN CERTIFICATE----- MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4 9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6 i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3 5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5 IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0 cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL 8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0 QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks= -----END CERTIFICATE-----
incoming_body_json
incoming_query_string_params
{}
incoming_body
grant_type=refresh_token&refresh_token=yoZHFSmoCrbiKfEanlAVapqnrgDeDizrgsncUIfrthuJLYcJoY5460604057%3A%5C%3B%7C%7E&client_id=SBSfBTOJMVQBBL848VGXI&client_assertion=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDgsImV4cCI6MTYzOTY4MjQ2OCwianRpIjoiOFRVX3FRSXNEbGhUd0o2Zy1qcFhlWUtGNU5wXzFKb1prbm5NdGJDNFNVVSIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.abQRTkpb1Twdx3hdOob6r_sDtXvZ9mc-CnMjpwIwS1Gpd8BJUSRAXB_jSffOqDRBWcuLFfnAwjzpRLrHOTPN_Gz8nYN7Vo9EGjDFCVPKRSua5mW-uGwKN_FwtJxGd_wpzXxE7XLufVyjPoShtQcC_YRSyb6NHHHvo9jI7hjBwvyucQU3CkWgBA1WF3xvHxKfKpE5QrhxKgRZHeDz23-QxpHHwsQIJFesEDUEo99HCHWbbyqpkdo_CEmZmGnUSuGuDAsF3vD7MiZZzlatsTlNIY0N8_TkOW5kz4B2HdfdBMQe2DOcbkB4TAVcbD-q66NeWTA7Hfb7NDMNyaWDAApEPw&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
2021-12-16 19:20:08 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Token endpoint
2021-12-16 19:20:08 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4 9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6 i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3 5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5 IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0 cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL 8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0 QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL\nBQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx\nFTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB\nTkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz\nMjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD\no28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct\nNjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j\nb20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk\nYWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ\ncml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4\n9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r\niu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6\ni56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV\nCLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3\n5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC\nAtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO\nEUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z\nYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA\noD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v\ncmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB\nBQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC\nD2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k\nATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz\nb2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg\nb3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g\nU2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg\ncmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j\nZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5\nIGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0\ncDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s\naWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL\n8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs\nZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0\nQZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY\nYFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG\nOZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "1.3.6.1.4.1.311.60.2.1.3\u003d#13024252,2.5.4.15\u003d#131450726976617465204f7267616e697a6174696f6e,UID\u003dac60fe65-58ca-44c3-9352-6f556c5cb98e,2.5.4.5\u003d#130e3539323835343131303030313133,CN\u003dbancopan.com.br,OU\u003db6a214c7-6332-5a41-8464-a281fb9a4ca0,O\u003dBANCO PAN,L\u003dSão Paulo,ST\u003dSP,C\u003dBR"
  },
  "sanDnsNames": [
    "bancopan.com.br"
  ],
  "sanUris": [],
  "sanIPs": [],
  "sanEmails": []
}
2021-12-16 19:20:08 SUCCESS
CheckForClientCertificate
Found client certificate
2021-12-16 19:20:08 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL
BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx
FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB
TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz
MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD
o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct
NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j
b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk
YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ
cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4
9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r
iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6
i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV
CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3
5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC
AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO
EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z
YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA
oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v
cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC
D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k
ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz
b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg
b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g
U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg
cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j
ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5
IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0
cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s
aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL
8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs
ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0
QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY
YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG
OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks=
-----END CERTIFICATE-----
2021-12-16 19:20:08 SUCCESS
ExtractClientAssertion
Parsed client assertion
client_assertion
{
  "value": "eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDgsImV4cCI6MTYzOTY4MjQ2OCwianRpIjoiOFRVX3FRSXNEbGhUd0o2Zy1qcFhlWUtGNU5wXzFKb1prbm5NdGJDNFNVVSIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.abQRTkpb1Twdx3hdOob6r_sDtXvZ9mc-CnMjpwIwS1Gpd8BJUSRAXB_jSffOqDRBWcuLFfnAwjzpRLrHOTPN_Gz8nYN7Vo9EGjDFCVPKRSua5mW-uGwKN_FwtJxGd_wpzXxE7XLufVyjPoShtQcC_YRSyb6NHHHvo9jI7hjBwvyucQU3CkWgBA1WF3xvHxKfKpE5QrhxKgRZHeDz23-QxpHHwsQIJFesEDUEo99HCHWbbyqpkdo_CEmZmGnUSuGuDAsF3vD7MiZZzlatsTlNIY0N8_TkOW5kz4B2HdfdBMQe2DOcbkB4TAVcbD-q66NeWTA7Hfb7NDMNyaWDAApEPw",
  "header": {
    "kid": "5gYHIHbtw0UB4BwjtqUnhtFN6WthEW2mdX7dfUBQHII",
    "typ": "JWT",
    "alg": "PS256"
  },
  "claims": {
    "sub": "SBSfBTOJMVQBBL848VGXI",
    "aud": [
      "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/",
      "https://www.certification.openid.net/test/a/RP-Security-Test-PAN/token",
      "https://www.certification.openid.net/test-mtls/a/RP-Security-Test-PAN/token"
    ],
    "iss": "SBSfBTOJMVQBBL848VGXI",
    "exp": 1639682468,
    "iat": 1639682408,
    "jti": "8TU_qQIsDlhTwJ6g-jpXeYKF5Np_1JoZknnMtbC4SUU"
  }
}
2021-12-16 19:20:08
EnsureClientAssertionSignatureAlgorithmMatchesRegistered
token_endpoint_auth_signing_alg is not set for the client, any supported algorithm can be used
2021-12-16 19:20:08 SUCCESS
ValidateClientAssertionSignature
client_assertion signature validated
client_assertion
eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjVnWUhJSGJ0dzBVQjRCd2p0cVVuaHRGTjZXdGhFVzJtZFg3ZGZVQlFISUkifQ.eyJpYXQiOjE2Mzk2ODI0MDgsImV4cCI6MTYzOTY4MjQ2OCwianRpIjoiOFRVX3FRSXNEbGhUd0o2Zy1qcFhlWUtGNU5wXzFKb1prbm5NdGJDNFNVVSIsImlzcyI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsInN1YiI6IlNCU2ZCVE9KTVZRQkJMODQ4VkdYSSIsImF1ZCI6WyJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL1JQLVNlY3VyaXR5LVRlc3QtUEFOLyIsImh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldC90ZXN0L2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iLCJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC1tdGxzL2EvUlAtU2VjdXJpdHktVGVzdC1QQU4vdG9rZW4iXX0.abQRTkpb1Twdx3hdOob6r_sDtXvZ9mc-CnMjpwIwS1Gpd8BJUSRAXB_jSffOqDRBWcuLFfnAwjzpRLrHOTPN_Gz8nYN7Vo9EGjDFCVPKRSua5mW-uGwKN_FwtJxGd_wpzXxE7XLufVyjPoShtQcC_YRSyb6NHHHvo9jI7hjBwvyucQU3CkWgBA1WF3xvHxKfKpE5QrhxKgRZHeDz23-QxpHHwsQIJFesEDUEo99HCHWbbyqpkdo_CEmZmGnUSuGuDAsF3vD7MiZZzlatsTlNIY0N8_TkOW5kz4B2HdfdBMQe2DOcbkB4TAVcbD-q66NeWTA7Hfb7NDMNyaWDAApEPw
2021-12-16 19:20:08 SUCCESS
EnsureClientAssertionTypeIsJwt
Found JWT assertion type
assertion type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2021-12-16 19:20:08 SUCCESS
ValidateClientAssertionClaims
Client Assertion passed all validation checks
2021-12-16 19:20:08 SUCCESS
ValidateRefreshToken
refresh_token parameter matches the expected value.
refresh_token
yoZHFSmoCrbiKfEanlAVapqnrgDeDizrgsncUIfrthuJLYcJoY5460604057:\;|~
2021-12-16 19:20:08 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
ZDzFrmMR6q3XJNPPu02Xl9qWPXTqgN3wWq2fmmgl5YVSpZuJ9z
2021-12-16 19:20:08 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
FUVNq3lD7DPPX3Z-qoWHrA
2021-12-16 19:20:08
CreateRefreshToken
Created refresh token
refresh_token
XKkCWmKTJIifTQbmFgQIPUzCUeSnOOxSDBWJpMsJtujioLYxWg2617756032}&<:[
2021-12-16 19:20:08 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
ZDzFrmMR6q3XJNPPu02Xl9qWPXTqgN3wWq2fmmgl5YVSpZuJ9z
token_type
Bearer
refresh_token
XKkCWmKTJIifTQbmFgQIPUzCUeSnOOxSDBWJpMsJtujioLYxWg2617756032}&<:[
scope
openid consent:urn:conformance.oidf:RQjpfhyKq2 accounts resources
2021-12-16 19:20:08 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "ZDzFrmMR6q3XJNPPu02Xl9qWPXTqgN3wWq2fmmgl5YVSpZuJ9z",
  "token_type": "Bearer",
  "refresh_token": "XKkCWmKTJIifTQbmFgQIPUzCUeSnOOxSDBWJpMsJtujioLYxWg2617756032}\u0026\u003c:[",
  "scope": "openid consent:urn:conformance.oidf:RQjpfhyKq2 accounts resources"
}
outgoing_path
token
2021-12-16 19:20:09 INCOMING
fapi1-advanced-final-client-refresh-token-test
Incoming HTTP request to test instance fZUv1IHHkndpsue
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "application/json, text/plain, */*",
  "authorization": "Bearer ZDzFrmMR6q3XJNPPu02Xl9qWPXTqgN3wWq2fmmgl5YVSpZuJ9z",
  "user-agent": "axios/0.21.4",
  "connection": "close"
}
incoming_path
/test-mtls/a/RP-Security-Test-PAN/accounts/v1/accounts
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_tls_cert
-----BEGIN CERTIFICATE----- MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4 9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6 i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3 5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5 IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0 cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL 8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0 QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks= -----END CERTIFICATE-----
incoming_body_json
incoming_query_string_params
{}
incoming_body
2021-12-16 19:20:09 SUCCESS
EnsureIncomingTls12WithSecureCipherOrTls13
TLS 1.2 in use and cipher is one recommended by BCP195
actual
ECDHE-RSA-AES128-GCM-SHA256
recommended
[
  "DHE-RSA-AES128-GCM-SHA256",
  "ECDHE-RSA-AES128-GCM-SHA256",
  "DHE-RSA-AES256-GCM-SHA384",
  "ECDHE-RSA-AES256-GCM-SHA384"
]
Accounts endpoint
2021-12-16 19:20:09 SUCCESS
ExtractClientCertificateFromTokenEndpointRequestHeaders
Extracted client certificate
client_certificate
{
  "cert": "-----BEGIN CERTIFICATE----- MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4 9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6 i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3 5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5 IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0 cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL 8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0 QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d -----END CERTIFICATE-----",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL\nBQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx\nFTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB\nTkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz\nMjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD\no28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct\nNjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j\nb20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk\nYWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ\ncml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4\n9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r\niu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6\ni56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV\nCLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3\n5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC\nAtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO\nEUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z\nYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA\noD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v\ncmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB\nBQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC\nD2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k\nATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz\nb2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg\nb3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g\nU2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg\ncmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j\nZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5\nIGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0\ncDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s\naWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL\n8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs\nZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0\nQZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY\nYFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG\nOZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks\u003d\n-----END CERTIFICATE-----",
  "subject": {
    "dn": "1.3.6.1.4.1.311.60.2.1.3\u003d#13024252,2.5.4.15\u003d#131450726976617465204f7267616e697a6174696f6e,UID\u003dac60fe65-58ca-44c3-9352-6f556c5cb98e,2.5.4.5\u003d#130e3539323835343131303030313133,CN\u003dbancopan.com.br,OU\u003db6a214c7-6332-5a41-8464-a281fb9a4ca0,O\u003dBANCO PAN,L\u003dSão Paulo,ST\u003dSP,C\u003dBR"
  },
  "sanDnsNames": [
    "bancopan.com.br"
  ],
  "sanUris": [],
  "sanIPs": [],
  "sanEmails": []
}
2021-12-16 19:20:09 SUCCESS
CheckForClientCertificate
Found client certificate
2021-12-16 19:20:09 SUCCESS
EnsureClientCertificateMatches
Presented certificate matches registered certificate
actual
-----BEGIN CERTIFICATE-----
MIIG5TCCBc2gAwIBAgIUPz5BkF1/67noL2gNUfej8F/Srk8wDQYJKoZIhvcNAQEL
BQAwcTELMAkGA1UEBhMCQlIxHDAaBgNVBAoTE09wZW4gQmFua2luZyBCcmFzaWwx
FTATBgNVBAsTDE9wZW4gQmFua2luZzEtMCsGA1UEAxMkT3BlbiBCYW5raW5nIFNB
TkRCT1ggSXNzdWluZyBDQSAtIEcxMB4XDTIxMDYyNTEzMjEwMFoXDTIyMDcyNTEz
MjEwMFowggEPMQswCQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEzARBgNVBAcMClPD
o28gUGF1bG8xEjAQBgNVBAoTCUJBTkNPIFBBTjEtMCsGA1UECxMkYjZhMjE0Yzct
NjMzMi01YTQxLTg0NjQtYTI4MWZiOWE0Y2EwMRgwFgYDVQQDEw9iYW5jb3Bhbi5j
b20uYnIxFzAVBgNVBAUTDjU5Mjg1NDExMDAwMTEzMTQwMgYKCZImiZPyLGQBARMk
YWM2MGZlNjUtNThjYS00NGMzLTkzNTItNmY1NTZjNWNiOThlMR0wGwYDVQQPExRQ
cml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgEDEwJCUjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9iTsg4Msxj3uccgD/6XTlbFz27VtV4
9PJqZf23TvhEbz6o80y2VMZ+5Q57lh9RbN2uAmGLO/jpfbzrCsWS7Zh53dvesi0r
iu6TwOHdJ1n2kLgSOtH3lZFYKHesnWNi+DndNMRDWeZeWJMSXoMNK8zQP7NMUhO6
i56vB8Dv6OLAyZ0HgC/xpfUj9GCyDDFa2HvqEJsf5YwAEnXBWqvDTVLIkt8on+WV
CLrlgYJsNunCZrpAJ9/ws7V4WZCEoJBjl7eFe8LuqRQ5G3L/5Lsd2jBtgS4u2xG3
5iTWbWWQ+FnBN9enlw0lw7djwQohndIxSVhMy/YL+b6rO5vJFWD7s3sCAwEAAaOC
AtMwggLPMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUhn9YrRf1grZOtAWz+7DO
EUPfTL4wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5z
YW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIwSwYDVR0fBEQwQjBA
oD6gPIY6aHR0cDovL2NybC5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5v
cmcuYnIvaXNzdWVyLmNybDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB
BQUHAwIwHQYDVR0OBBYEFKoNhBSY0ndO3mFsjapYiGGn82PGMBoGA1UdEQQTMBGC
D2JhbmNvcGFuLmNvbS5icjCCAaEGA1UdIASCAZgwggGUMIIBkAYKKwYBBAGDui9k
ATCCAYAwggE2BggrBgEFBQcCAjCCASgMggEkVGhpcyBDZXJ0aWZpY2F0ZSBpcyBz
b2xlbHkgZm9yIHVzZSB3aXRoIFJhaWRpYW0gU2VydmljZXMgTGltaXRlZCBhbmQg
b3RoZXIgcGFydGljaXBhdGluZyBvcmdhbmlzYXRpb25zIHVzaW5nIFJhaWRpYW0g
U2VydmljZXMgTGltaXRlZHMgVHJ1c3QgRnJhbWV3b3JrIFNlcnZpY2VzLiBJdHMg
cmVjZWlwdCwgcG9zc2Vzc2lvbiBvciB1c2UgY29uc3RpdHV0ZXMgYWNjZXB0YW5j
ZSBvZiB0aGUgUmFpZGlhbSBTZXJ2aWNlcyBMdGQgQ2VydGljaWNhdGUgUG9saWN5
IGFuZCByZWxhdGVkIGRvY3VtZW50cyB0aGVyZWluLjBEBggrBgEFBQcCARY4aHR0
cDovL2Nwcy5zYW5kYm94LnBraS5vcGVuYmFua2luZ2JyYXNpbC5vcmcuYnIvcG9s
aWNpZXMwDQYJKoZIhvcNAQELBQADggEBAISLc+dYvh4KZpPGgr5BT59CVtAETbyL
8ztUdhATHzRouH1HhG5UhXPzsgpsceF9DL/OuKVuAHMGvlPVBUdfMNo/dztdNfZs
ZG7XT/OLzF5KPfjbNcP0z3NgmGzLE61QafJ7a88eBkUJR6VqI/FAQEJ339NYh5i0
QZRll4z7H2c9NO+oS7rEd3EC9ixUY+hMnibtX/F9XXPc4rNlmhTL1Jx3R3EjTRrY
YFTmIjrI8KTz2+UX1tV6/6WgkDxujsbpQmOTtoC6Sy7HQoeN9pGJ/20/AOFDTMsG
OZOp5hfqEfELz3nzHp7ZETCx0Jg4YgaeQmQh7/5Y1UlRd1IRGbDDdks=
-----END CERTIFICATE-----
2021-12-16 19:20:09 SUCCESS
EnsureBearerAccessTokenNotInParams
Client correctly did not send access token in query parameters or form body
2021-12-16 19:20:09 SUCCESS
ExtractBearerAccessTokenFromHeader
Found access token on incoming request
access_token
ZDzFrmMR6q3XJNPPu02Xl9qWPXTqgN3wWq2fmmgl5YVSpZuJ9z
2021-12-16 19:20:09 SUCCESS
RequireBearerAccessToken
Found access token in request
actual
ZDzFrmMR6q3XJNPPu02Xl9qWPXTqgN3wWq2fmmgl5YVSpZuJ9z
2021-12-16 19:20:09 INFO
ExtractFapiDateHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-auth-date
path
headers.x-fapi-auth-date
mapped
object
incoming_request
2021-12-16 19:20:09 INFO
ExtractFapiIpAddressHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-customer-ip-address
path
headers.x-fapi-customer-ip-address
mapped
object
incoming_request
2021-12-16 19:20:09 INFO
ExtractFapiInteractionIdHeader
Skipped evaluation due to missing required element: incoming_request headers.x-fapi-interaction-id
path
headers.x-fapi-interaction-id
mapped
object
incoming_request
2021-12-16 19:20:09 SUCCESS
FAPIBrazilEnsureAuthorizationRequestScopesContainAccounts
'accounts' was included in authorization request scopes
actual
openid consent:urn:conformance.oidf:RQjpfhyKq2 accounts resources
expected
accounts
2021-12-16 19:20:09 INFO
CreateFapiInteractionIdIfNeeded
Found existing FAPI interaction ID
fapi_interaction_id
7a337f39-f182-4b3c-af80-a8659297df4c
2021-12-16 19:20:09 SUCCESS
CreateFAPIAccountEndpointResponse
Created account response object
accounts_endpoint_response
{
  "conformance-test-finished": "true"
}
accounts_endpoint_response_headers
{
  "x-fapi-interaction-id": "7a337f39-f182-4b3c-af80-a8659297df4c",
  "content-type": "application/json; charset\u003dUTF-8"
}
2021-12-16 19:20:09 SUCCESS
CreateBrazilAccountsEndpointResponse
Created Brazil accounts response (Please note that this is a hardcoded response copied from API documentation)
accounts_endpoint_response
{
  "data": [
    {
      "brandName": "Organização A",
      "companyCnpj": "21128159000166",
      "type": "CONTA_DEPOSITO_A_VISTA",
      "compeCode": "001",
      "branchCode": "6272",
      "number": "94088392",
      "checkDigit": "4",
      "accountId": "92792126019929279212650822221989319252576"
    }
  ],
  "links": {
    "self": "https://api.banco.com.br/open-banking/api/v1/resource",
    "first": "https://api.banco.com.br/open-banking/api/v1/resource",
    "prev": "https://api.banco.com.br/open-banking/api/v1/resource",
    "next": "https://api.banco.com.br/open-banking/api/v1/resource",
    "last": "https://api.banco.com.br/open-banking/api/v1/resource"
  },
  "meta": {
    "totalRecords": 1,
    "totalPages": 1,
    "requestDateTime": "2021-12-16T19:20:09Z"
  }
}
accounts_endpoint_response_headers
{
  "x-fapi-interaction-id": "7a337f39-f182-4b3c-af80-a8659297df4c",
  "content-type": "application/json"
}
2021-12-16 19:20:09
ClearAccessTokenFromRequest
Condition ran but did not log anything
2021-12-16 19:20:09 OUTGOING
fapi1-advanced-final-client-refresh-token-test
Response to HTTP request to test instance fZUv1IHHkndpsue
outgoing_status_code
200
outgoing_headers
{
  "x-fapi-interaction-id": [
    "7a337f39-f182-4b3c-af80-a8659297df4c"
  ],
  "content-type": [
    "application/json"
  ]
}
outgoing_body
{
  "data": [
    {
      "brandName": "Organização A",
      "companyCnpj": "21128159000166",
      "type": "CONTA_DEPOSITO_A_VISTA",
      "compeCode": "001",
      "branchCode": "6272",
      "number": "94088392",
      "checkDigit": "4",
      "accountId": "92792126019929279212650822221989319252576"
    }
  ],
  "links": {
    "self": "https://api.banco.com.br/open-banking/api/v1/resource",
    "first": "https://api.banco.com.br/open-banking/api/v1/resource",
    "prev": "https://api.banco.com.br/open-banking/api/v1/resource",
    "next": "https://api.banco.com.br/open-banking/api/v1/resource",
    "last": "https://api.banco.com.br/open-banking/api/v1/resource"
  },
  "meta": {
    "totalRecords": 1,
    "totalPages": 1,
    "requestDateTime": "2021-12-16T19:20:09Z"
  }
}
outgoing_path
accounts/v1/accounts
2021-12-16 19:20:09 FINISHED
fapi1-advanced-final-client-refresh-token-test
Test has run to completion
testmodule_result
PASSED
2021-12-16 19:20:13
TEST-RUNNER
Alias has now been claimed by another test
alias
RP-Security-Test-PAN
new_test_id
bELM9nBmnZLLgNa
Test Results