Test Summary

Test Results

Expand All Collapse All
All times are UTC
2020-09-05 05:50:45 INFO
TEST-RUNNER
Test instance OEXnd3KiqpglwG2 created
baseUrl
https://www.certification.openid.net/test/a/NC7000-3A-OC
variant
{
  "client_auth_type": "private_key_jwt",
  "fapi_auth_request_method": "by_value",
  "fapi_profile": "plain_fapi",
  "fapi_response_mode": "plain_response"
}
alias
NC7000-3A-OC
description
NC7000-3A-OC FAPI Conformance Test
planId
0EXGX3mqQUPdO
config
{
  "alias": "NC7000-3A-OC",
  "description": "NC7000-3A-OC FAPI Conformance Test",
  "server": {
    "discoveryUrl": "https://3a-rplib-test3.cloud-idauth.com/oc/.well-known/openid-configuration",
    "jwks": {
      "keys": [
        {
          "kty": "EC",
          "alg": "ES256",
          "crv": "P-256",
          "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
          "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
          "kid": "kid2019040100001"
        }
      ]
    }
  },
  "client": {
    "client_id": "OIDFCERT0003",
    "scope": "openid SCOPE0002 offline_access",
    "fapi_financial_id": "https://3a-rplib-test3.cloud-idauth.com/",
    "client_secret": "confidencial_client_es256_0003",
    "client_secret_jwt_alg": "HS256",
    "jwks": {
      "keys": [
        {
          "kty": "EC",
          "alg": "ES256",
          "crv": "P-256",
          "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
          "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
          "d": "dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng",
          "kid": "kid2019040100008"
        }
      ]
    },
    "certificate": "-----BEGIN CERTIFICATE-----\nMIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJ\nBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H\nbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcN\nMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4g\nQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/\nHDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFC\nJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQ\nrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKND\nu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEY\nv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisC\nAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQw\nRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0\nL2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2Nz\ncDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBB\nBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2ln\nbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDww\nOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZh\nbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91\nZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNV\nHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWB\nhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYB\nSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5\nKE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+u\nll8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCD\nDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNO\nIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgU\nh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxA\nMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyh\nAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kT\nAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/\nYWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0B\nAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3\nEDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjt\nLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904Mony\nRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKo\nBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLw\nyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg\u003d\u003d\n-----END CERTIFICATE-----\n"
  },
  "resource": {
    "resourceUrl": "https://3a-rplib-test3.cloud-idauth.com/oc/accounts",
    "institution_id": "nc7000-3a-oc"
  },
  "client2": {
    "client_id": "OIDFCERT0004",
    "client_secret": "confidencial_client_es256_0004",
    "scope": "openid SCOPE0002 offline_access",
    "client_secret_jwt_alg": "HS256",
    "jwks": {
      "keys": [
        {
          "kty": "EC",
          "alg": "ES256",
          "crv": "P-256",
          "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
          "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
          "d": "HpYL8OKVwC01B02FpXQi23lTrE8oT3V7-eOdSgX9v8c",
          "kid": "kid2019040100009"
        }
      ]
    }
  },
  "mtls": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJ\nBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H\nbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcN\nMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4g\nQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/\nHDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFC\nJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQ\nrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKND\nu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEY\nv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisC\nAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQw\nRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0\nL2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2Nz\ncDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBB\nBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2ln\nbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDww\nOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZh\nbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91\nZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNV\nHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWB\nhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYB\nSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5\nKE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+u\nll8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCD\nDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNO\nIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgU\nh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxA\nMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyh\nAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kT\nAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/\nYWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0B\nAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3\nEDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjt\nLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904Mony\nRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKo\nBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLw\nyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg\u003d\u003d\n-----END CERTIFICATE-----\n",
    "key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCA0KTVHpR5eIM\nlmMkbaORPxwyEUjuGD559soOExVElDLJfvbjYcu/UAAgeINk8yF1pOTdCo+KZG/V\npeytga8BQiQHwwgFCt50S24kUtScJ18Q4qy/ew2M/qxCooavKw66jpduuuONAp07\n/z0/ZlYs0K2B+P2lQVqQwqlf1NbTudC7CQnt6sut5p8v/bOAx/9gkMnjvQTW8blO\nk6O6M0SjQ7u8M6vyHTxCp3ZXSfonkJ8HodIEJe6EM51TZ1xxUa5o1oNesrELR+mU\nIiUDIUyRGL9J6rbPNAVP5h1muVEjahpZxfyH7mvzRfK9uLvpBJ4snKtS/KM7IZMW\neT1zm24rAgMBAAECggEAaOdYgKhZSlvC2YU+2dXddQUHKx7nSbYmMyL+Rfz/3CX4\nFL1tWGtAi01xzMFww7Op+9LhF7m9uFzyH+GR5y4Ml2dWyyyC/A6ZEB0M8iIjixv5\niRZdbONNO8cCF4IsSorjh4QmjCIgGVdSp2Z7dPyN6/s1BPpzLzRcbxGiuMBz1sGg\nakJANcyD4/frMBppbbmPDVpUTQ3LEZ3YRVIfqJQatiCNUlYlOERY4xlnZuCCpHzm\njRYuccWH2Q9OSEGgW6JU+ujFx22rfeeYK3r4TayQPJ9wtBVmK3C03ccnPyjx2yUW\nIczjrp+SI6K16F1pSDhkm4ylbGhCngiyr8AU4dzhgQKBgQDFSDeZmhvW7PNgJAMa\n1lgfKikp2gb/A/YEXZFHKawjQRUR1+tP0mrxAWYvuPfUu+42kr3izXMbPiS0aNX6\nHPZeJcsnhWf2D9NPt2vqFWrXNcSm3dy3Is20rxsKWQXp2L8nP3GRbAFvu2aTEhX7\na4vnZE7/BWIAiO/t/cXP6HUs/wKBgQCotX80ab64aUmd0SkuHv9YKYBTjP4stgxP\n/3GRVuFuU+AaqDxRNbnNRYEM/O/OLZeqU0oL1bONpThQhN2Pu8ApUEz2dGyknkIR\nmRNRHgXw28GOm0ZWu4xYdW+SXVO8yTOAqdh1WvYLTp8xJEzD3vvJ+Rib/jhsSjCi\nbAhgmT0C1QKBgDgrBoF6CgEYN3ag6i1i53YAB/Y9eA51Lz8w8KLlL3heGESbSAjS\n7NWvQ0vFCvKLixgIkX2YZvRTrhmbW4i5ZD+L3RpkdiPtf4lLvLLJ5EBfs5yawDN3\n+j8+N6GrlO5uYoYnHwt7R7FrFpo65P1PMmbv/TnIa42hb0ZAIWi/U1U7AoGASilm\nnpqxbQ1TgB121cBojM/JinDbNrpcFTp8KOChPkd+pxk3UpekcpjQDu6NV/vwxL3S\nOfuZ73UmmTae0tU8tqyG+HvbWk37SxMYS7s/704a+t5FAFF3c1dEUXnXGpDzo+aF\nsajnqbbJAegsGppF4tYuPDx3fxrp4CxPTm9uQ3UCgYEAscF3RcCOsOzIGEUbCfh+\nA3BLbFQso5XdmYWY5QGgxv1wkSe0H1lUDk0NCmEPVUd8YXJH6u5bTWwl4hcv3gD/\nX/c1PVXELuvRf1hCl+VO51KpFShJnaphVS9pKs8AL+3RioA7GZF2rwQklyTZGEfH\npPylmNcfY4XXW8WwkngGCFg\u003d\n-----END PRIVATE KEY-----\n"
  },
  "mtls2": {
    "cert": "-----BEGIN CERTIFICATE-----\nMIIDTjCCAjYCCQCjUTxEpwknBTANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJK\nUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1RhbWFjaGkxDDAKBgNVBAoMA05F\nQzEMMAoGA1UECwwDTkVDMRwwGgYDVQQDDBN3d3cuM2FzZWN1cmVrZXkuY29tMB4X\nDTE4MDQyNzAyMDAwOFoXDTI4MDQyNDAyMDAwOFowaTELMAkGA1UEBhMCSlAxDjAM\nBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdUYW1hY2hpMQwwCgYDVQQKDANORUMxDDAK\nBgNVBAsMA05FQzEcMBoGA1UEAwwTd3d3LjNhc2VjdXJla2V5LmNvbTCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLD3g7pwzFMzbRh5cCGuR0KBCzD5Xk3\nw/Zj+3hpBq5/xSaQjmOfLF3LLiFD7sZXRPFVFXii4Y2GuFccSQ3MI9sMS/HDDTmO\nLPIWta/U9ZtcwjNyclXrX0IR8Fxuk5E9lRf//JwlMZHAxfESvBe5WMnzGDTVdp5H\nv6sWZAdkgdwQTMFM4vpHhBD6qJsxSG7jBvqVYd8w9pCZ9k1mSfKKgqPfpOA6jv2A\nTiwv9r9ZQNtKl/MbHY9/R59GU+S7WSPtqM5O3bJGGCXFvpZF2CghcYqn9vDhIrNO\nD/xo3ZF0Z+doEl8e0e1IAr2JiGD4JPpz4W67pjUVb9G+NTRtQ71YqccCAwEAATAN\nBgkqhkiG9w0BAQUFAAOCAQEAETj+cEVPthSghrIJamsmddV+GFHYjOfvQw0r8LZY\nkqJZlK1FOeWwBM+kDzpxOErtPiyjvv2eBPGm9LcLZpDbMLg77Lv3HjaWy+yISRQ/\nwGUb9tlJ8AUeEd2uoPUzDQf5VpTBEq/M9E7CB3g2hZvwRYvq6PfsDexCwq9OWogK\n3WpEozIMVyOL3jYpkSJzDqPuN3nFiNc5eMJ7lo+b/K1rUEqwuN21TjwAn1DXfW0d\nD1a/ig004xecHU1wsIMP2ARQ/qOD7P0emE/umlwLQ0kw3HB2ideAJzU4OstiqUH4\n1LKwIIzUu6rz6/S9PMcmVfqv9PfhITQSs8vCqC8uaWLtGg\u003d\u003d\n-----END CERTIFICATE-----\n",
    "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEAosPeDunDMUzNtGHlwIa5HQoELMPleTfD9mP7eGkGrn/FJpCO\nY58sXcsuIUPuxldE8VUVeKLhjYa4VxxJDcwj2wxL8cMNOY4s8ha1r9T1m1zCM3Jy\nVetfQhHwXG6TkT2VF//8nCUxkcDF8RK8F7lYyfMYNNV2nke/qxZkB2SB3BBMwUzi\n+keEEPqomzFIbuMG+pVh3zD2kJn2TWZJ8oqCo9+k4DqO/YBOLC/2v1lA20qX8xsd\nj39Hn0ZT5LtZI+2ozk7dskYYJcW+lkXYKCFxiqf28OEis04P/GjdkXRn52gSXx7R\n7UgCvYmIYPgk+nPhbrumNRVv0b41NG1DvVipxwIDAQABAoIBAQCVFUrD5iG/elXA\nLxs+KShNDOueBSCe0xFPEW04cRqJosZ1+FozrYv5rSznk02VpkGjuwcbpDVsaEVY\npLPVS3JcJPs6yinG2g8Y/uwTzb/ZOjE25lELmbd60OuT/kRz+DAj93jtnLO2iRfF\nJB/cqwxEjcFSQ2OOvrE0iCG/E7ROV7m3C5OOjKhSypP++04nWajIqW//uMDaFoFq\nuf7x4aoHc9wRD1IyHGha9hIZA7JiY5KlwyQV/AEoz+C+O9Z8FYpqZT76fnzQvLvb\nk6fYr4q1a0gm/J9HTp4l0bQ9NMKVvt4PGlJmxQhQfIJixARsnKEDtu0uUcgbVXRB\n6pRtmG6BAoGBAM+hvgN+TX8c4fMmDvGpNB0+PvA2ZC6JJd0oLmpZMMdLRl+0A5j3\nnHv2nR04FlB1brD9ucInVHZYlgL5ab3/x27iV+H5spIN6cST7WH+Sjqsi43tKGyx\n9oXosL6RN+4HM7rTWbCxwq0tVunk01IR5FeO8xZss4UDyev6vStBjmzXAoGBAMiu\neG4ALkIGqTw/sTNl7vwmMcyPbjA6h68I9FkTGI0G5YHy7yWlEhdD/rUYSXVCXlh+\n3aftbfJ4CP9nWaM6NMREoysCQ3y/kulgJ0imPEFwnqWQMljQV1zRg9gthdixyBI6\nYZ62MUF6i/XYfUs0KQ9baHuzB4ejMs7U8bGENpyRAoGAHjynt0qFbqV+IjLAqmDB\nviB6efDx1fUTFonreIFUoTFNJlLI01X76/GWH9MzLLRtUkkg7C1eF33/Gp/HzmuZ\nV4SO19HNN4ffK0l/oG2v0aufByQqZunjxMyGMLplMrzJw8NTpG++sgmQRq+UNrd0\nUWv36qQZ4J0UotD5C3uYijECgYEAoAnDMLYkLbNyMwH4Jq0bsSokfKXFkeCbZBMY\nChEYex8M2F0MKlFB5BvtfC4qJsEOzDQgQFMwYzUmt8eLzIgWnI7AMQRVHZ8JYeO0\ncFNhqi5N1mrwO7Oqd/L92eAz5WOh0ieMwi05iqZYB27mPJsUQ5L59+wGDT0wv5FC\nTfbKNoECgYEAoMHJZ1a/Bzq1raDHauJLk3JA+DN+5o7xDGVvda9x3rphQ4U7Vehp\ncg70AVWMyGoVv5N6vJdrAeZzBWP5b6ED+csRyNaLswHycsPzGy8t5Ose1P+ZlzCz\nDmRtynq0cQQvWl4zJAT2Wacgu2IqOrQOl+n67te3QlWrnq9IrSsWJFU\u003d\n-----END RSA PRIVATE KEY-----\n"
  }
}
testName
fapi-rw-id2-refresh-token
2020-09-05 05:50:45 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
2020-09-05 05:50:45
GetDynamicServerConfiguration
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/oc/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2020-09-05 05:50:46 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
200
response_headers
{
  "date": "Sat, 05 Sep 2020 05:50:46 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003d9BAF360BB7E4050A86BB5D192310EA97; Path\u003d/oc; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "1663",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body

{
  "authorization_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/AuthorizationEndpoint/",
  "claims_parameter_supported":true,
  "claims_supported":["acr"],
  "code_challenge_methods_supported":["S256"],
  "grant_types_supported":["authorization_code","urn:openid:params:grant-type:ciba"],
  "id_token_signing_alg_values_supported":["ES256"],
  "issuer":"https://3a-rplib-test3.cloud-idauth.com/oc/",
  "jwks_uri":"https://3a-rplib-test3.cloud-idauth.com/oc/jwks.json",
  "request_object_signing_alg_values_supported":["ES256"],
  "request_parameter_supported":true,
  "response_types_supported":["code","id_token","code token","code id_token","token id_token","code token id_token"],
  "scopes_supported":["openid","accounts","payments"],
  "subject_types_supported":["pairwise","public"],
  "token_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/",
  "token_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic","client_secret_jwt","private_key_jwt","tls_client_auth","self_signed_tls_client_auth"],
  "token_endpoint_auth_signing_alg_values_supported":["HS256","ES256"],
  "token_endpoint_signing_alg_values_supported":["ES256"],
  "userinfo_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/UserInfoEndpoint/",
  "userinfo_signing_alg_values_supported":["ES256"],
  "tls_client_certificate_bound_access_tokens":true,
  "backchannel_token_delivery_modes_supported":["push","poll","ping"],
  "backchannel_authentication_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/BackchannelEndpoint/",
  "backchannel_authentication_request_signing_alg_values_supported":["ES256"]
}
2020-09-05 05:50:46
GetDynamicServerConfiguration
Downloaded server configuration
server_config_string

{
  "authorization_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/AuthorizationEndpoint/",
  "claims_parameter_supported":true,
  "claims_supported":["acr"],
  "code_challenge_methods_supported":["S256"],
  "grant_types_supported":["authorization_code","urn:openid:params:grant-type:ciba"],
  "id_token_signing_alg_values_supported":["ES256"],
  "issuer":"https://3a-rplib-test3.cloud-idauth.com/oc/",
  "jwks_uri":"https://3a-rplib-test3.cloud-idauth.com/oc/jwks.json",
  "request_object_signing_alg_values_supported":["ES256"],
  "request_parameter_supported":true,
  "response_types_supported":["code","id_token","code token","code id_token","token id_token","code token id_token"],
  "scopes_supported":["openid","accounts","payments"],
  "subject_types_supported":["pairwise","public"],
  "token_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/",
  "token_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic","client_secret_jwt","private_key_jwt","tls_client_auth","self_signed_tls_client_auth"],
  "token_endpoint_auth_signing_alg_values_supported":["HS256","ES256"],
  "token_endpoint_signing_alg_values_supported":["ES256"],
  "userinfo_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/UserInfoEndpoint/",
  "userinfo_signing_alg_values_supported":["ES256"],
  "tls_client_certificate_bound_access_tokens":true,
  "backchannel_token_delivery_modes_supported":["push","poll","ping"],
  "backchannel_authentication_endpoint":"https://3a-rplib-test3.cloud-idauth.com/oc/BackchannelEndpoint/",
  "backchannel_authentication_request_signing_alg_values_supported":["ES256"]
}
2020-09-05 05:50:46 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
authorization_endpoint
https://3a-rplib-test3.cloud-idauth.com/oc/AuthorizationEndpoint/
claims_parameter_supported
true
claims_supported
[
  "acr"
]
code_challenge_methods_supported
[
  "S256"
]
grant_types_supported
[
  "authorization_code",
  "urn:openid:params:grant-type:ciba"
]
id_token_signing_alg_values_supported
[
  "ES256"
]
issuer
https://3a-rplib-test3.cloud-idauth.com/oc/
jwks_uri
https://3a-rplib-test3.cloud-idauth.com/oc/jwks.json
request_object_signing_alg_values_supported
[
  "ES256"
]
request_parameter_supported
true
response_types_supported
[
  "code",
  "id_token",
  "code token",
  "code id_token",
  "token id_token",
  "code token id_token"
]
scopes_supported
[
  "openid",
  "accounts",
  "payments"
]
subject_types_supported
[
  "pairwise",
  "public"
]
token_endpoint
https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/
token_endpoint_auth_methods_supported
[
  "client_secret_post",
  "client_secret_basic",
  "client_secret_jwt",
  "private_key_jwt",
  "tls_client_auth",
  "self_signed_tls_client_auth"
]
token_endpoint_auth_signing_alg_values_supported
[
  "HS256",
  "ES256"
]
token_endpoint_signing_alg_values_supported
[
  "ES256"
]
userinfo_endpoint
https://3a-rplib-test3.cloud-idauth.com/oc/UserInfoEndpoint/
userinfo_signing_alg_values_supported
[
  "ES256"
]
tls_client_certificate_bound_access_tokens
true
backchannel_token_delivery_modes_supported
[
  "push",
  "poll",
  "ping"
]
backchannel_authentication_endpoint
https://3a-rplib-test3.cloud-idauth.com/oc/BackchannelEndpoint/
backchannel_authentication_request_signing_alg_values_supported
[
  "ES256"
]
2020-09-05 05:50:46 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2020-09-05 05:50:46 SUCCESS
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
registration_endpoint
authorization_endpoint
{
  "testHost": "3a-rplib-test3.cloud-idauth.com",
  "testPort": 443
}
token_endpoint
{
  "testHost": "3a-rplib-test3.cloud-idauth.com",
  "testPort": 443
}
userinfo_endpoint
{
  "testHost": "3a-rplib-test3.cloud-idauth.com",
  "testPort": 443
}
2020-09-05 05:50:46
FetchServerKeys
Fetching server key
jwks_uri
https://3a-rplib-test3.cloud-idauth.com/oc/jwks.json
2020-09-05 05:50:46
FetchServerKeys
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/oc/jwks.json
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/cbor, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2020-09-05 05:50:47 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
200
response_headers
{
  "date": "Sat, 05 Sep 2020 05:50:47 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "accept-ranges": "bytes",
  "etag": "W/\"250-1554082818000\"",
  "last-modified": "Mon, 01 Apr 2019 01:40:18 GMT",
  "content-type": "application/json",
  "content-length": "250",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"keys":
  [
    {
      "kty":"EC",
      "alg":"ES256",
      "crv":"P-256",
      "x":"ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y":"AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "kid":"kid2019040100001"
    }
  ]
}
2020-09-05 05:50:47
FetchServerKeys
Found JWK set string
jwk_string
{"keys":
  [
    {
      "kty":"EC",
      "alg":"ES256",
      "crv":"P-256",
      "x":"ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y":"AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "kid":"kid2019040100001"
    }
  ]
}
2020-09-05 05:50:47 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "kid": "kid2019040100001"
    }
  ]
}
2020-09-05 05:50:47 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "kid": "kid2019040100001"
    }
  ]
}
2020-09-05 05:50:47 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2020-09-05 05:50:47 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2020-09-05 05:50:47 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2020-09-05 05:50:47 SUCCESS
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
server_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "kid": "kid2019040100001"
    }
  ]
}
2020-09-05 05:50:47 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
OIDFCERT0003
scope
openid SCOPE0002 offline_access
fapi_financial_id
https://3a-rplib-test3.cloud-idauth.com/
client_secret
confidencial_client_es256_0003
client_secret_jwt_alg
HS256
jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
      "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
      "d": "dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng",
      "kid": "kid2019040100008"
    }
  ]
}
certificate
-----BEGIN CERTIFICATE-----
MIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H
bG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcN
MTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4g
Q29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/
HDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFC
JAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQ
rYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKND
u7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEY
v0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisC
AwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQw
RwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0
L2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2Nz
cDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBB
BgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2ln
bi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDww
OjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZh
bHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91
ZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNV
HQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWB
hiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYB
SuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5
KE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+u
ll8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCD
DwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNO
IlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgU
h7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxA
MgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyh
AvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kT
AAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/
YWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0B
AQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3
EDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjt
LeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904Mony
RQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKo
BUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLw
yDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg==
-----END CERTIFICATE-----
2020-09-05 05:50:47
ValidateMTLSCertificatesHeader
No certificate authority found for MTLS
2020-09-05 05:50:47 SUCCESS
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
2020-09-05 05:50:47
ExtractMTLSCertificatesFromConfiguration
No certificate authority found for MTLS
2020-09-05 05:50:47 SUCCESS
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/HDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFCJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKNDu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEYv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisCAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZhbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91ZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5KE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+ull8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNOIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxAMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyhAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/YWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0BAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3EDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjtLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904MonyRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKoBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLwyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg==
key
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCA0KTVHpR5eIMlmMkbaORPxwyEUjuGD559soOExVElDLJfvbjYcu/UAAgeINk8yF1pOTdCo+KZG/Vpeytga8BQiQHwwgFCt50S24kUtScJ18Q4qy/ew2M/qxCooavKw66jpduuuONAp07/z0/ZlYs0K2B+P2lQVqQwqlf1NbTudC7CQnt6sut5p8v/bOAx/9gkMnjvQTW8blOk6O6M0SjQ7u8M6vyHTxCp3ZXSfonkJ8HodIEJe6EM51TZ1xxUa5o1oNesrELR+mUIiUDIUyRGL9J6rbPNAVP5h1muVEjahpZxfyH7mvzRfK9uLvpBJ4snKtS/KM7IZMWeT1zm24rAgMBAAECggEAaOdYgKhZSlvC2YU+2dXddQUHKx7nSbYmMyL+Rfz/3CX4FL1tWGtAi01xzMFww7Op+9LhF7m9uFzyH+GR5y4Ml2dWyyyC/A6ZEB0M8iIjixv5iRZdbONNO8cCF4IsSorjh4QmjCIgGVdSp2Z7dPyN6/s1BPpzLzRcbxGiuMBz1sGgakJANcyD4/frMBppbbmPDVpUTQ3LEZ3YRVIfqJQatiCNUlYlOERY4xlnZuCCpHzmjRYuccWH2Q9OSEGgW6JU+ujFx22rfeeYK3r4TayQPJ9wtBVmK3C03ccnPyjx2yUWIczjrp+SI6K16F1pSDhkm4ylbGhCngiyr8AU4dzhgQKBgQDFSDeZmhvW7PNgJAMa1lgfKikp2gb/A/YEXZFHKawjQRUR1+tP0mrxAWYvuPfUu+42kr3izXMbPiS0aNX6HPZeJcsnhWf2D9NPt2vqFWrXNcSm3dy3Is20rxsKWQXp2L8nP3GRbAFvu2aTEhX7a4vnZE7/BWIAiO/t/cXP6HUs/wKBgQCotX80ab64aUmd0SkuHv9YKYBTjP4stgxP/3GRVuFuU+AaqDxRNbnNRYEM/O/OLZeqU0oL1bONpThQhN2Pu8ApUEz2dGyknkIRmRNRHgXw28GOm0ZWu4xYdW+SXVO8yTOAqdh1WvYLTp8xJEzD3vvJ+Rib/jhsSjCibAhgmT0C1QKBgDgrBoF6CgEYN3ag6i1i53YAB/Y9eA51Lz8w8KLlL3heGESbSAjS7NWvQ0vFCvKLixgIkX2YZvRTrhmbW4i5ZD+L3RpkdiPtf4lLvLLJ5EBfs5yawDN3+j8+N6GrlO5uYoYnHwt7R7FrFpo65P1PMmbv/TnIa42hb0ZAIWi/U1U7AoGASilmnpqxbQ1TgB121cBojM/JinDbNrpcFTp8KOChPkd+pxk3UpekcpjQDu6NV/vwxL3SOfuZ73UmmTae0tU8tqyG+HvbWk37SxMYS7s/704a+t5FAFF3c1dEUXnXGpDzo+aFsajnqbbJAegsGppF4tYuPDx3fxrp4CxPTm9uQ3UCgYEAscF3RcCOsOzIGEUbCfh+A3BLbFQso5XdmYWY5QGgxv1wkSe0H1lUDk0NCmEPVUd8YXJH6u5bTWwl4hcv3gD/X/c1PVXELuvRf1hCl+VO51KpFShJnaphVS9pKs8AL+3RioA7GZF2rwQklyTZGEfHpPylmNcfY4XXW8WwkngGCFg=
2020-09-05 05:50:47 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2020-09-05 05:50:47 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
      "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
      "d": "dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng",
      "kid": "kid2019040100008"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "crv": "P-256",
      "kid": "kid2019040100008",
      "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
      "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
      "alg": "ES256"
    }
  ]
}
2020-09-05 05:50:47 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2020-09-05 05:50:47 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-09-05 05:50:47 SUCCESS
FAPICheckKeyAlgInClientJWKs
Found a key with alg PS256 or ES256
2020-09-05 05:50:47 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm",
      "y": "AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd",
      "d": "dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng",
      "kid": "kid2019040100008"
    }
  ]
}
2020-09-05 05:50:47 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
Verify configuration of second client
2020-09-05 05:50:47 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
OIDFCERT0004
client_secret
confidencial_client_es256_0004
scope
openid SCOPE0002 offline_access
client_secret_jwt_alg
HS256
jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "d": "HpYL8OKVwC01B02FpXQi23lTrE8oT3V7-eOdSgX9v8c",
      "kid": "kid2019040100009"
    }
  ]
}
2020-09-05 05:50:47
ValidateMTLSCertificates2Header
No certificate authority found for MTLS
2020-09-05 05:50:47 SUCCESS
ValidateMTLSCertificates2Header
MTLS certificates header is valid
2020-09-05 05:50:47
ExtractMTLSCertificates2FromConfiguration
No certificate authority found for MTLS
2020-09-05 05:50:47 SUCCESS
ExtractMTLSCertificates2FromConfiguration
Mutual TLS authentication credentials loaded
cert
MIIDTjCCAjYCCQCjUTxEpwknBTANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1RhbWFjaGkxDDAKBgNVBAoMA05FQzEMMAoGA1UECwwDTkVDMRwwGgYDVQQDDBN3d3cuM2FzZWN1cmVrZXkuY29tMB4XDTE4MDQyNzAyMDAwOFoXDTI4MDQyNDAyMDAwOFowaTELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdUYW1hY2hpMQwwCgYDVQQKDANORUMxDDAKBgNVBAsMA05FQzEcMBoGA1UEAwwTd3d3LjNhc2VjdXJla2V5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLD3g7pwzFMzbRh5cCGuR0KBCzD5Xk3w/Zj+3hpBq5/xSaQjmOfLF3LLiFD7sZXRPFVFXii4Y2GuFccSQ3MI9sMS/HDDTmOLPIWta/U9ZtcwjNyclXrX0IR8Fxuk5E9lRf//JwlMZHAxfESvBe5WMnzGDTVdp5Hv6sWZAdkgdwQTMFM4vpHhBD6qJsxSG7jBvqVYd8w9pCZ9k1mSfKKgqPfpOA6jv2ATiwv9r9ZQNtKl/MbHY9/R59GU+S7WSPtqM5O3bJGGCXFvpZF2CghcYqn9vDhIrNOD/xo3ZF0Z+doEl8e0e1IAr2JiGD4JPpz4W67pjUVb9G+NTRtQ71YqccCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAETj+cEVPthSghrIJamsmddV+GFHYjOfvQw0r8LZYkqJZlK1FOeWwBM+kDzpxOErtPiyjvv2eBPGm9LcLZpDbMLg77Lv3HjaWy+yISRQ/wGUb9tlJ8AUeEd2uoPUzDQf5VpTBEq/M9E7CB3g2hZvwRYvq6PfsDexCwq9OWogK3WpEozIMVyOL3jYpkSJzDqPuN3nFiNc5eMJ7lo+b/K1rUEqwuN21TjwAn1DXfW0dD1a/ig004xecHU1wsIMP2ARQ/qOD7P0emE/umlwLQ0kw3HB2ideAJzU4OstiqUH41LKwIIzUu6rz6/S9PMcmVfqv9PfhITQSs8vCqC8uaWLtGg==
key
MIIEpQIBAAKCAQEAosPeDunDMUzNtGHlwIa5HQoELMPleTfD9mP7eGkGrn/FJpCOY58sXcsuIUPuxldE8VUVeKLhjYa4VxxJDcwj2wxL8cMNOY4s8ha1r9T1m1zCM3JyVetfQhHwXG6TkT2VF//8nCUxkcDF8RK8F7lYyfMYNNV2nke/qxZkB2SB3BBMwUzi+keEEPqomzFIbuMG+pVh3zD2kJn2TWZJ8oqCo9+k4DqO/YBOLC/2v1lA20qX8xsdj39Hn0ZT5LtZI+2ozk7dskYYJcW+lkXYKCFxiqf28OEis04P/GjdkXRn52gSXx7R7UgCvYmIYPgk+nPhbrumNRVv0b41NG1DvVipxwIDAQABAoIBAQCVFUrD5iG/elXALxs+KShNDOueBSCe0xFPEW04cRqJosZ1+FozrYv5rSznk02VpkGjuwcbpDVsaEVYpLPVS3JcJPs6yinG2g8Y/uwTzb/ZOjE25lELmbd60OuT/kRz+DAj93jtnLO2iRfFJB/cqwxEjcFSQ2OOvrE0iCG/E7ROV7m3C5OOjKhSypP++04nWajIqW//uMDaFoFquf7x4aoHc9wRD1IyHGha9hIZA7JiY5KlwyQV/AEoz+C+O9Z8FYpqZT76fnzQvLvbk6fYr4q1a0gm/J9HTp4l0bQ9NMKVvt4PGlJmxQhQfIJixARsnKEDtu0uUcgbVXRB6pRtmG6BAoGBAM+hvgN+TX8c4fMmDvGpNB0+PvA2ZC6JJd0oLmpZMMdLRl+0A5j3nHv2nR04FlB1brD9ucInVHZYlgL5ab3/x27iV+H5spIN6cST7WH+Sjqsi43tKGyx9oXosL6RN+4HM7rTWbCxwq0tVunk01IR5FeO8xZss4UDyev6vStBjmzXAoGBAMiueG4ALkIGqTw/sTNl7vwmMcyPbjA6h68I9FkTGI0G5YHy7yWlEhdD/rUYSXVCXlh+3aftbfJ4CP9nWaM6NMREoysCQ3y/kulgJ0imPEFwnqWQMljQV1zRg9gthdixyBI6YZ62MUF6i/XYfUs0KQ9baHuzB4ejMs7U8bGENpyRAoGAHjynt0qFbqV+IjLAqmDBviB6efDx1fUTFonreIFUoTFNJlLI01X76/GWH9MzLLRtUkkg7C1eF33/Gp/HzmuZV4SO19HNN4ffK0l/oG2v0aufByQqZunjxMyGMLplMrzJw8NTpG++sgmQRq+UNrd0UWv36qQZ4J0UotD5C3uYijECgYEAoAnDMLYkLbNyMwH4Jq0bsSokfKXFkeCbZBMYChEYex8M2F0MKlFB5BvtfC4qJsEOzDQgQFMwYzUmt8eLzIgWnI7AMQRVHZ8JYeO0cFNhqi5N1mrwO7Oqd/L92eAz5WOh0ieMwi05iqZYB27mPJsUQ5L59+wGDT0wv5FCTfbKNoECgYEAoMHJZ1a/Bzq1raDHauJLk3JA+DN+5o7xDGVvda9x3rphQ4U7Vehpcg70AVWMyGoVv5N6vJdrAeZzBWP5b6ED+csRyNaLswHycsPzGy8t5Ose1P+ZlzCzDmRtynq0cQQvWl4zJAT2Wacgu2IqOrQOl+n67te3QlWrnq9IrSsWJFU=
2020-09-05 05:50:47 SUCCESS
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
2020-09-05 05:50:47 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "d": "HpYL8OKVwC01B02FpXQi23lTrE8oT3V7-eOdSgX9v8c",
      "kid": "kid2019040100009"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "crv": "P-256",
      "kid": "kid2019040100009",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "alg": "ES256"
    }
  ]
}
2020-09-05 05:50:47 SUCCESS
CheckForKeyIdInClientJWKs
All keys contain kids
2020-09-05 05:50:47 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2020-09-05 05:50:47 SUCCESS
FAPICheckKeyAlgInClientJWKs
Found a key with alg PS256 or ES256
2020-09-05 05:50:47 SUCCESS
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
client_jwks
{
  "keys": [
    {
      "kty": "EC",
      "alg": "ES256",
      "crv": "P-256",
      "x": "ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1",
      "y": "AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9",
      "d": "HpYL8OKVwC01B02FpXQi23lTrE8oT3V7-eOdSgX9v8c",
      "kid": "kid2019040100009"
    }
  ]
}
2020-09-05 05:50:47 SUCCESS
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
2020-09-05 05:50:47 SUCCESS
GetResourceEndpointConfiguration
Found a resource endpoint object
resourceUrl
https://3a-rplib-test3.cloud-idauth.com/oc/accounts
institution_id
nc7000-3a-oc
2020-09-05 05:50:47 SUCCESS
SetProtectedResourceUrlToSingleResourceEndpoint
Set protected resource URL
protected_resource_url
https://3a-rplib-test3.cloud-idauth.com/oc/accounts
2020-09-05 05:50:47 SUCCESS
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
resource_endpoint
{
  "testHost": "3a-rplib-test3.cloud-idauth.com",
  "testPort": 443
}
2020-09-05 05:50:47 SUCCESS
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
accounts_resource_endpoint
{
  "testHost": "3a-rplib-test3.cloud-idauth.com",
  "testPort": 443
}
accounts_request_endpoint
{
  "testHost": "3a-rplib-test3.cloud-idauth.com",
  "testPort": 443
}
2020-09-05 05:50:47
fapi-rw-id2-refresh-token
Setup Done
Make request to authorization endpoint
2020-09-05 05:50:47 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
OIDFCERT0003
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
scope
openid SCOPE0002 offline_access
2020-09-05 05:50:47 SUCCESS
AddAcrClaimToAuthorizationEndpointRequest
Added acr claim to authorization_endpoint_request
authorization_endpoint_request
{
  "client_id": "OIDFCERT0003",
  "redirect_uri": "https://www.certification.openid.net/test/a/NC7000-3A-OC/callback",
  "scope": "openid SCOPE0002 offline_access",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  }
}
2020-09-05 05:50:47
CreateRandomStateValue
Created state value
requested_state_length
10
state
ZyEdORvuF9
2020-09-05 05:50:47 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
OIDFCERT0003
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
scope
openid SCOPE0002 offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
ZyEdORvuF9
2020-09-05 05:50:47
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
knozbp4ZLW
2020-09-05 05:50:47 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
OIDFCERT0003
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
scope
openid SCOPE0002 offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
ZyEdORvuF9
nonce
knozbp4ZLW
2020-09-05 05:50:47 SUCCESS
SetAuthorizationEndpointRequestResponseTypeToCodeIdtoken
Added response_type parameter to request
client_id
OIDFCERT0003
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
scope
openid SCOPE0002 offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
ZyEdORvuF9
nonce
knozbp4ZLW
response_type
code id_token
2020-09-05 05:50:47 SUCCESS
AddPromptConsentToAuthorizationEndpointRequestIfScopeContainsOfflineAccess
Added prompt=consent to authorization endpoint request
client_id
OIDFCERT0003
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
scope
openid SCOPE0002 offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
ZyEdORvuF9
nonce
knozbp4ZLW
response_type
code id_token
prompt
consent
2020-09-05 05:50:47 SUCCESS
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
request_object_claims
{
  "client_id": "OIDFCERT0003",
  "redirect_uri": "https://www.certification.openid.net/test/a/NC7000-3A-OC/callback",
  "scope": "openid SCOPE0002 offline_access",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "state": "ZyEdORvuF9",
  "nonce": "knozbp4ZLW",
  "response_type": "code id_token",
  "prompt": "consent"
}
2020-09-05 05:50:47 SUCCESS
AddExpToRequestObject
Added exp to request object claims
exp
1.599285347E9
2020-09-05 05:50:47 SUCCESS
AddAudToRequestObject
Added aud to request object claims
aud
https://3a-rplib-test3.cloud-idauth.com/oc/
2020-09-05 05:50:47 SUCCESS
AddIssToRequestObject
Added iss to request object claims
iss
OIDFCERT0003
2020-09-05 05:50:47 SUCCESS
AddClientIdToRequestObject
Added client_id to request object claims
client_id
OIDFCERT0003
2020-09-05 05:50:47 SUCCESS
SignRequestObject
Signed the request object
claims
{"aud":"https:\/\/3a-rplib-test3.cloud-idauth.com\/oc\/","scope":"openid SCOPE0002 offline_access","claims":{"id_token":{"acr":{"value":"urn:mace:incommon:iap:silver","essential":true}}},"iss":"OIDFCERT0003","response_type":"code id_token","redirect_uri":"https:\/\/www.certification.openid.net\/test\/a\/NC7000-3A-OC\/callback","state":"ZyEdORvuF9","exp":1599285347,"nonce":"knozbp4ZLW","prompt":"consent","client_id":"OIDFCERT0003"}
header
{"kid":"kid2019040100008","alg":"ES256"}
request_object
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsInNjb3BlIjoib3BlbmlkIFNDT1BFMDAwMiBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJPSURGQ0VSVDAwMDMiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9OQzcwMDAtM0EtT0NcL2NhbGxiYWNrIiwic3RhdGUiOiJaeUVkT1J2dUY5IiwiZXhwIjoxNTk5Mjg1MzQ3LCJub25jZSI6Imtub3picDRaTFciLCJwcm9tcHQiOiJjb25zZW50IiwiY2xpZW50X2lkIjoiT0lERkNFUlQwMDAzIn0.8c5DQ4kt43h0Hs0uIkAxyl2Tz00Cz1VT58DbIGkMdG62DrOBB4C5o2CPTe_ru6IjvlMYWbcD5MAHfOK-IjHMNA
key
{"kty":"EC","d":"dmvti8HQQId6Z3S8xjGvjvWawEfQhVP3OkUfloQP1Ng","crv":"P-256","kid":"kid2019040100008","x":"ANEu_EHg_NrZKPNXVbnw89IQC0hzPkAEuV4osYzM8tKm","y":"AKe9Ioa4y1ly1aOAmJafI89dHzapU4WYHHReIFXjPJxd","alg":"ES256"}
2020-09-05 05:50:47 SUCCESS
BuildRequestObjectByValueRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://3a-rplib-test3.cloud-idauth.com/oc/AuthorizationEndpoint/?request=eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsInNjb3BlIjoib3BlbmlkIFNDT1BFMDAwMiBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJPSURGQ0VSVDAwMDMiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9OQzcwMDAtM0EtT0NcL2NhbGxiYWNrIiwic3RhdGUiOiJaeUVkT1J2dUY5IiwiZXhwIjoxNTk5Mjg1MzQ3LCJub25jZSI6Imtub3picDRaTFciLCJwcm9tcHQiOiJjb25zZW50IiwiY2xpZW50X2lkIjoiT0lERkNFUlQwMDAzIn0.8c5DQ4kt43h0Hs0uIkAxyl2Tz00Cz1VT58DbIGkMdG62DrOBB4C5o2CPTe_ru6IjvlMYWbcD5MAHfOK-IjHMNA&client_id=OIDFCERT0003&redirect_uri=https://www.certification.openid.net/test/a/NC7000-3A-OC/callback&scope=openid%20SCOPE0002%20offline_access&response_type=code%20id_token
2020-09-05 05:50:47 REDIRECT
fapi-rw-id2-refresh-token
Redirecting to authorization endpoint
redirect_to
https://3a-rplib-test3.cloud-idauth.com/oc/AuthorizationEndpoint/?request=eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsInNjb3BlIjoib3BlbmlkIFNDT1BFMDAwMiBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJPSURGQ0VSVDAwMDMiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9OQzcwMDAtM0EtT0NcL2NhbGxiYWNrIiwic3RhdGUiOiJaeUVkT1J2dUY5IiwiZXhwIjoxNTk5Mjg1MzQ3LCJub25jZSI6Imtub3picDRaTFciLCJwcm9tcHQiOiJjb25zZW50IiwiY2xpZW50X2lkIjoiT0lERkNFUlQwMDAzIn0.8c5DQ4kt43h0Hs0uIkAxyl2Tz00Cz1VT58DbIGkMdG62DrOBB4C5o2CPTe_ru6IjvlMYWbcD5MAHfOK-IjHMNA&client_id=OIDFCERT0003&redirect_uri=https://www.certification.openid.net/test/a/NC7000-3A-OC/callback&scope=openid%20SCOPE0002%20offline_access&response_type=code%20id_token
2020-09-05 05:51:02 INCOMING
fapi-rw-id2-refresh-token
Incoming HTTP request to test instance OEXnd3KiqpglwG2
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://3a-rplib-test3.cloud-idauth.com/oc/InternalAuthoriEndpoint/?client_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_client_uri\u0026logo_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_logo_uri\u0026tos_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_tos_uri\u0026prompt\u003dconsent\u0026client_name\u003dOIDF_CertTest_Client_0003\u0026client_id\u003dOIDFCERT0003\u0026policy_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_policy_uri\u0026loa\u003durn%3Amace%3Aincommon%3Aiap%3Asilver",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "ja,en-US;q\u003d0.9,en;q\u003d0.8",
  "cookie": "__utma\u003d201319536.1292565018.1574312754.1579157407.1595894834.4; __utmz\u003d201319536.1595894834.4.1.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d3D84CDEC0C1E6B5D0E5DBE39C46730C9",
  "connection": "close",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
callback
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{}
incoming_body
2020-09-05 05:51:02 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/ydvj1SajXPs0NWiqZfyC",
  "fullUrl": "https://www.certification.openid.net/test/a/NC7000-3A-OC/implicit/ydvj1SajXPs0NWiqZfyC"
}
2020-09-05 05:51:02 OUTGOING
fapi-rw-id2-refresh-token
Response to HTTP request to test instance OEXnd3KiqpglwG2
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/NC7000-3A-OC/implicit/ydvj1SajXPs0NWiqZfyC, returnUrl=/log-detail.html?log=OEXnd3KiqpglwG2}]
outgoing_path
callback
2020-09-05 05:51:02 INCOMING
fapi-rw-id2-refresh-token
Incoming HTTP request to test instance OEXnd3KiqpglwG2
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "*/*",
  "x-requested-with": "XMLHttpRequest",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
  "content-type": "text/plain",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/NC7000-3A-OC/callback",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "ja,en-US;q\u003d0.9,en;q\u003d0.8",
  "cookie": "__utma\u003d201319536.1292565018.1574312754.1579157407.1595894834.4; __utmz\u003d201319536.1595894834.4.1.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d3D84CDEC0C1E6B5D0E5DBE39C46730C9",
  "content-length": "569",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/ydvj1SajXPs0NWiqZfyC
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
#code=ax6C6ClGd7vYos9SyKGJl6u3X7EzSVZq&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6IjRaYVdXdUVHemRMSGJMYy1PODVUS2ciLCJzX2hhc2giOiJfSGphd2ltSjYxOEJpMUhfbkFYUHR3IiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4NjYyLCJpYXQiOjE1OTkyODUwNjIsIm5vbmNlIjoia25vemJwNFpMVyJ9.LuzKRYkRvn6Ro2-L7TaZmScAghUMGADn4sILfYHgMjaxVajl6fLzgNCvWnTYLlo8weC1risPGyPOAnYBmUTGbQ&state=ZyEdORvuF9
2020-09-05 05:51:02 OUTGOING
fapi-rw-id2-refresh-token
Response to HTTP request to test instance OEXnd3KiqpglwG2
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [/log-detail.html?log=OEXnd3KiqpglwG2]
outgoing_path
implicit/ydvj1SajXPs0NWiqZfyC
2020-09-05 05:51:02
ExtractImplicitHashToCallbackResponse
Extracted response from URL fragment
parameters
[
  {
    "name": "code",
    "value": "ax6C6ClGd7vYos9SyKGJl6u3X7EzSVZq"
  },
  {
    "name": "id_token",
    "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6IjRaYVdXdUVHemRMSGJMYy1PODVUS2ciLCJzX2hhc2giOiJfSGphd2ltSjYxOEJpMUhfbkFYUHR3IiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4NjYyLCJpYXQiOjE1OTkyODUwNjIsIm5vbmNlIjoia25vemJwNFpMVyJ9.LuzKRYkRvn6Ro2-L7TaZmScAghUMGADn4sILfYHgMjaxVajl6fLzgNCvWnTYLlo8weC1risPGyPOAnYBmUTGbQ"
  },
  {
    "name": "state",
    "value": "ZyEdORvuF9"
  }
]
2020-09-05 05:51:02 SUCCESS
ExtractImplicitHashToCallbackResponse
Extracted the hash values
code
ax6C6ClGd7vYos9SyKGJl6u3X7EzSVZq
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6IjRaYVdXdUVHemRMSGJMYy1PODVUS2ciLCJzX2hhc2giOiJfSGphd2ltSjYxOEJpMUhfbkFYUHR3IiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4NjYyLCJpYXQiOjE1OTkyODUwNjIsIm5vbmNlIjoia25vemJwNFpMVyJ9.LuzKRYkRvn6Ro2-L7TaZmScAghUMGADn4sILfYHgMjaxVajl6fLzgNCvWnTYLlo8weC1risPGyPOAnYBmUTGbQ
state
ZyEdORvuF9
2020-09-05 05:51:02 REDIRECT-IN
fapi-rw-id2-refresh-token
Authorization endpoint response captured
url_query
{}
headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://3a-rplib-test3.cloud-idauth.com/oc/InternalAuthoriEndpoint/?client_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_client_uri\u0026logo_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_logo_uri\u0026tos_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_tos_uri\u0026prompt\u003dconsent\u0026client_name\u003dOIDF_CertTest_Client_0003\u0026client_id\u003dOIDFCERT0003\u0026policy_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_policy_uri\u0026loa\u003durn%3Amace%3Aincommon%3Aiap%3Asilver",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "ja,en-US;q\u003d0.9,en;q\u003d0.8",
  "cookie": "__utma\u003d201319536.1292565018.1574312754.1579157407.1595894834.4; __utmz\u003d201319536.1595894834.4.1.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d3D84CDEC0C1E6B5D0E5DBE39C46730C9",
  "connection": "close",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{
  "code": "ax6C6ClGd7vYos9SyKGJl6u3X7EzSVZq",
  "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6IjRaYVdXdUVHemRMSGJMYy1PODVUS2ciLCJzX2hhc2giOiJfSGphd2ltSjYxOEJpMUhfbkFYUHR3IiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4NjYyLCJpYXQiOjE1OTkyODUwNjIsIm5vbmNlIjoia25vemJwNFpMVyJ9.LuzKRYkRvn6Ro2-L7TaZmScAghUMGADn4sILfYHgMjaxVajl6fLzgNCvWnTYLlo8weC1risPGyPOAnYBmUTGbQ",
  "state": "ZyEdORvuF9"
}
post_body
Verify authorization endpoint response
2020-09-05 05:51:02 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2020-09-05 05:51:02 SUCCESS
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
2020-09-05 05:51:02 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2020-09-05 05:51:02 SUCCESS
RejectStateInUrlQueryForHybridFlow
state is correctly not present in URL query returned from authorization endpoint (as in the hybrid flow it must be returned in the URL fragment/hash only)
2020-09-05 05:51:02 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2020-09-05 05:51:02 SUCCESS
ValidateSuccessfulHybridResponseFromAuthorizationEndpoint
authorization endpoint response does not include unexpected parameters
code
ax6C6ClGd7vYos9SyKGJl6u3X7EzSVZq
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6IjRaYVdXdUVHemRMSGJMYy1PODVUS2ciLCJzX2hhc2giOiJfSGphd2ltSjYxOEJpMUhfbkFYUHR3IiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4NjYyLCJpYXQiOjE1OTkyODUwNjIsIm5vbmNlIjoia25vemJwNFpMVyJ9.LuzKRYkRvn6Ro2-L7TaZmScAghUMGADn4sILfYHgMjaxVajl6fLzgNCvWnTYLlo8weC1risPGyPOAnYBmUTGbQ
state
ZyEdORvuF9
2020-09-05 05:51:02 SUCCESS
CheckMatchingStateParameter
State parameter correctly returned
state
ZyEdORvuF9
2020-09-05 05:51:02 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
ax6C6ClGd7vYos9SyKGJl6u3X7EzSVZq
2020-09-05 05:51:02 SUCCESS
EnsureMinimumAuthorizationCodeLength
Authorization code is of sufficient length
actual
256
required
128
2020-09-05 05:51:02 SUCCESS
EnsureMinimumAuthorizationCodeEntropy
Calculated shannon entropy seems sufficient
actual
145.24511249783654
expected
96.0
2020-09-05 05:51:02 SUCCESS
ExtractIdTokenFromAuthorizationResponse
Found and parsed the id_token from authorization_endpoint_response
value
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6IjRaYVdXdUVHemRMSGJMYy1PODVUS2ciLCJzX2hhc2giOiJfSGphd2ltSjYxOEJpMUhfbkFYUHR3IiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4NjYyLCJpYXQiOjE1OTkyODUwNjIsIm5vbmNlIjoia25vemJwNFpMVyJ9.LuzKRYkRvn6Ro2-L7TaZmScAghUMGADn4sILfYHgMjaxVajl6fLzgNCvWnTYLlo8weC1risPGyPOAnYBmUTGbQ
header
{
  "typ": "JWT",
  "alg": "ES256"
}
claims
{
  "sub": "1",
  "aud": "OIDFCERT0003",
  "acr": "urn:mace:incommon:iap:silver",
  "c_hash": "4ZaWWuEGzdLHbLc-O85TKg",
  "s_hash": "_HjawimJ618Bi1H_nAXPtw",
  "azp": "OIDFCERT0003",
  "amr": "AUTH_OP",
  "iss": "https://3a-rplib-test3.cloud-idauth.com/oc/",
  "exp": 1599288662,
  "iat": 1599285062,
  "nonce": "knozbp4ZLW"
}
2020-09-05 05:51:02 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2020-09-05 05:51:02 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
knozbp4ZLW
2020-09-05 05:51:02 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6IjRaYVdXdUVHemRMSGJMYy1PODVUS2ciLCJzX2hhc2giOiJfSGphd2ltSjYxOEJpMUhfbkFYUHR3IiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4NjYyLCJpYXQiOjE1OTkyODUwNjIsIm5vbmNlIjoia25vemJwNFpMVyJ9.LuzKRYkRvn6Ro2-L7TaZmScAghUMGADn4sILfYHgMjaxVajl6fLzgNCvWnTYLlo8weC1risPGyPOAnYBmUTGbQ
2020-09-05 05:51:02 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6IjRaYVdXdUVHemRMSGJMYy1PODVUS2ciLCJzX2hhc2giOiJfSGphd2ltSjYxOEJpMUhfbkFYUHR3IiwiYXpwIjoiT0lERkNFUlQwMDAzIiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4NjYyLCJpYXQiOjE1OTkyODUwNjIsIm5vbmNlIjoia25vemJwNFpMVyJ9.LuzKRYkRvn6Ro2-L7TaZmScAghUMGADn4sILfYHgMjaxVajl6fLzgNCvWnTYLlo8weC1risPGyPOAnYBmUTGbQ
2020-09-05 05:51:02 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
1
2020-09-05 05:51:02 SUCCESS
FAPIValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
alg
ES256
2020-09-05 05:51:02 INFO
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2020-09-05 05:51:02 SUCCESS
ExtractSHash
Extracted s_hash from ID Token
s_hash
_HjawimJ618Bi1H_nAXPtw
alg
ES256
2020-09-05 05:51:02 SUCCESS
ValidateSHash
s_hash validated successfully
expected_hash
_HjawimJ618Bi1H_nAXPtw
unhashed_value
ZyEdORvuF9
id_token_hash
_HjawimJ618Bi1H_nAXPtw
2020-09-05 05:51:02 SUCCESS
ExtractCHash
Extracted c_hash from ID Token
c_hash
4ZaWWuEGzdLHbLc-O85TKg
alg
ES256
2020-09-05 05:51:02 SUCCESS
ValidateCHash
c_hash validated successfully
expected_hash
4ZaWWuEGzdLHbLc-O85TKg
unhashed_value
ax6C6ClGd7vYos9SyKGJl6u3X7EzSVZq
id_token_hash
4ZaWWuEGzdLHbLc-O85TKg
2020-09-05 05:51:02 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
grant_type
authorization_code
code
ax6C6ClGd7vYos9SyKGJl6u3X7EzSVZq
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
2020-09-05 05:51:02 SUCCESS
CreateClientAuthenticationAssertionClaims
Created client assertion claims
iss
OIDFCERT0003
sub
OIDFCERT0003
aud
https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/
jti
6hVa5GEjxxomC8fUQBEk
iat
1599285062
exp
1599285122
2020-09-05 05:51:02 SUCCESS
SignClientAuthenticationAssertion
Signed the client assertion
client_assertion
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDMiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwMyIsImV4cCI6MTU5OTI4NTEyMiwiaWF0IjoxNTk5Mjg1MDYyLCJqdGkiOiI2aFZhNUdFanh4b21DOGZVUUJFayJ9.I0pPk4c92A6Kue3TqdiKowJ8TRFEgObFAvVPZ6j1wfR4ArGLI6BaGKfAZMAGsVnR6IBGkuMWwmHB5cOm_Bx3tQ
2020-09-05 05:51:02
AddClientAssertionToTokenEndpointRequest
Added client assertion
grant_type
authorization_code
code
ax6C6ClGd7vYos9SyKGJl6u3X7EzSVZq
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback
client_assertion
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDMiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwMyIsImV4cCI6MTU5OTI4NTEyMiwiaWF0IjoxNTk5Mjg1MDYyLCJqdGkiOiI2aFZhNUdFanh4b21DOGZVUUJFayJ9.I0pPk4c92A6Kue3TqdiKowJ8TRFEgObFAvVPZ6j1wfR4ArGLI6BaGKfAZMAGsVnR6IBGkuMWwmHB5cOm_Bx3tQ
client_assertion_type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2020-09-05 05:51:02
CallTokenEndpoint
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "643"
}
request_body
grant_type=authorization_code&code=ax6C6ClGd7vYos9SyKGJl6u3X7EzSVZq&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2FNC7000-3A-OC%2Fcallback&client_assertion=eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDMiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwMyIsImV4cCI6MTU5OTI4NTEyMiwiaWF0IjoxNTk5Mjg1MDYyLCJqdGkiOiI2aFZhNUdFanh4b21DOGZVUUJFayJ9.I0pPk4c92A6Kue3TqdiKowJ8TRFEgObFAvVPZ6j1wfR4ArGLI6BaGKfAZMAGsVnR6IBGkuMWwmHB5cOm_Bx3tQ&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
request_mutual_tls
{
  "cert": "MIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/HDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFCJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKNDu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEYv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisCAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZhbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91ZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5KE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+ull8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNOIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxAMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyhAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/YWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0BAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3EDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjtLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904MonyRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKoBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLwyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg\u003d\u003d",
  "key": "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCA0KTVHpR5eIMlmMkbaORPxwyEUjuGD559soOExVElDLJfvbjYcu/UAAgeINk8yF1pOTdCo+KZG/Vpeytga8BQiQHwwgFCt50S24kUtScJ18Q4qy/ew2M/qxCooavKw66jpduuuONAp07/z0/ZlYs0K2B+P2lQVqQwqlf1NbTudC7CQnt6sut5p8v/bOAx/9gkMnjvQTW8blOk6O6M0SjQ7u8M6vyHTxCp3ZXSfonkJ8HodIEJe6EM51TZ1xxUa5o1oNesrELR+mUIiUDIUyRGL9J6rbPNAVP5h1muVEjahpZxfyH7mvzRfK9uLvpBJ4snKtS/KM7IZMWeT1zm24rAgMBAAECggEAaOdYgKhZSlvC2YU+2dXddQUHKx7nSbYmMyL+Rfz/3CX4FL1tWGtAi01xzMFww7Op+9LhF7m9uFzyH+GR5y4Ml2dWyyyC/A6ZEB0M8iIjixv5iRZdbONNO8cCF4IsSorjh4QmjCIgGVdSp2Z7dPyN6/s1BPpzLzRcbxGiuMBz1sGgakJANcyD4/frMBppbbmPDVpUTQ3LEZ3YRVIfqJQatiCNUlYlOERY4xlnZuCCpHzmjRYuccWH2Q9OSEGgW6JU+ujFx22rfeeYK3r4TayQPJ9wtBVmK3C03ccnPyjx2yUWIczjrp+SI6K16F1pSDhkm4ylbGhCngiyr8AU4dzhgQKBgQDFSDeZmhvW7PNgJAMa1lgfKikp2gb/A/YEXZFHKawjQRUR1+tP0mrxAWYvuPfUu+42kr3izXMbPiS0aNX6HPZeJcsnhWf2D9NPt2vqFWrXNcSm3dy3Is20rxsKWQXp2L8nP3GRbAFvu2aTEhX7a4vnZE7/BWIAiO/t/cXP6HUs/wKBgQCotX80ab64aUmd0SkuHv9YKYBTjP4stgxP/3GRVuFuU+AaqDxRNbnNRYEM/O/OLZeqU0oL1bONpThQhN2Pu8ApUEz2dGyknkIRmRNRHgXw28GOm0ZWu4xYdW+SXVO8yTOAqdh1WvYLTp8xJEzD3vvJ+Rib/jhsSjCibAhgmT0C1QKBgDgrBoF6CgEYN3ag6i1i53YAB/Y9eA51Lz8w8KLlL3heGESbSAjS7NWvQ0vFCvKLixgIkX2YZvRTrhmbW4i5ZD+L3RpkdiPtf4lLvLLJ5EBfs5yawDN3+j8+N6GrlO5uYoYnHwt7R7FrFpo65P1PMmbv/TnIa42hb0ZAIWi/U1U7AoGASilmnpqxbQ1TgB121cBojM/JinDbNrpcFTp8KOChPkd+pxk3UpekcpjQDu6NV/vwxL3SOfuZ73UmmTae0tU8tqyG+HvbWk37SxMYS7s/704a+t5FAFF3c1dEUXnXGpDzo+aFsajnqbbJAegsGppF4tYuPDx3fxrp4CxPTm9uQ3UCgYEAscF3RcCOsOzIGEUbCfh+A3BLbFQso5XdmYWY5QGgxv1wkSe0H1lUDk0NCmEPVUd8YXJH6u5bTWwl4hcv3gD/X/c1PVXELuvRf1hCl+VO51KpFShJnaphVS9pKs8AL+3RioA7GZF2rwQklyTZGEfHpPylmNcfY4XXW8WwkngGCFg\u003d"
}
2020-09-05 05:51:03 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
200
response_headers
{
  "date": "Sat, 05 Sep 2020 05:51:03 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003d4AEBA103A46C15026DA2F279DC0C9111; Path\u003d/oc; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "588",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"ivxunoAdr03SCmdIkcGGYUPo1OCE3LB2","refresh_token":"CdjFJSz8HJpqyjxq8hQYVx2XbT5G8jzO","scope":"SCOPE0002","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwMyIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY2MywiaWF0IjoxNTk5Mjg1MDYzLCJub25jZSI6Imtub3picDRaTFcifQ.DQZ8khYZ0in5SzywKjDYQmZ_DqeQmsf6teMuch_csnHQZl3hw3pClXghRA9yjnwERUqbW5-o49Q5mmGsEYkGrg","token_type":"Bearer","expires_in":60}
2020-09-05 05:51:03
CallTokenEndpoint
Token endpoint response
token_endpoint_response
{"access_token":"ivxunoAdr03SCmdIkcGGYUPo1OCE3LB2","refresh_token":"CdjFJSz8HJpqyjxq8hQYVx2XbT5G8jzO","scope":"SCOPE0002","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwMyIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY2MywiaWF0IjoxNTk5Mjg1MDYzLCJub25jZSI6Imtub3picDRaTFcifQ.DQZ8khYZ0in5SzywKjDYQmZ_DqeQmsf6teMuch_csnHQZl3hw3pClXghRA9yjnwERUqbW5-o49Q5mmGsEYkGrg","token_type":"Bearer","expires_in":60}
2020-09-05 05:51:03 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
access_token
ivxunoAdr03SCmdIkcGGYUPo1OCE3LB2
refresh_token
CdjFJSz8HJpqyjxq8hQYVx2XbT5G8jzO
scope
SCOPE0002
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwMyIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY2MywiaWF0IjoxNTk5Mjg1MDYzLCJub25jZSI6Imtub3picDRaTFcifQ.DQZ8khYZ0in5SzywKjDYQmZ_DqeQmsf6teMuch_csnHQZl3hw3pClXghRA9yjnwERUqbW5-o49Q5mmGsEYkGrg
token_type
Bearer
expires_in
60
2020-09-05 05:51:03 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2020-09-05 05:51:03 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
ivxunoAdr03SCmdIkcGGYUPo1OCE3LB2
2020-09-05 05:51:03 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
ivxunoAdr03SCmdIkcGGYUPo1OCE3LB2
type
Bearer
2020-09-05 05:51:03 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
60
2020-09-05 05:51:03 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
60
2020-09-05 05:51:03 SUCCESS
CheckForRefreshTokenValue
Found a refresh token
refresh_token
CdjFJSz8HJpqyjxq8hQYVx2XbT5G8jzO
2020-09-05 05:51:03 SUCCESS
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
actual
256
required
128
2020-09-05 05:51:03 SUCCESS
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
actual
142.49022499567306
expected
96.0
2020-09-05 05:51:03 SUCCESS
EnsureMinimumAccessTokenLength
Access token is of sufficient length
actual
256
required
128
2020-09-05 05:51:03 SUCCESS
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
actual
150.0
expected
96.0
2020-09-05 05:51:03 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwMyIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY2MywiaWF0IjoxNTk5Mjg1MDYzLCJub25jZSI6Imtub3picDRaTFcifQ.DQZ8khYZ0in5SzywKjDYQmZ_DqeQmsf6teMuch_csnHQZl3hw3pClXghRA9yjnwERUqbW5-o49Q5mmGsEYkGrg
header
{
  "typ": "JWT",
  "alg": "ES256"
}
claims
{
  "sub": "1",
  "aud": "OIDFCERT0003",
  "acr": "urn:mace:incommon:iap:silver",
  "azp": "OIDFCERT0003",
  "amr": "AUTH_OP",
  "iss": "https://3a-rplib-test3.cloud-idauth.com/oc/",
  "exp": 1599288663,
  "iat": 1599285063,
  "nonce": "knozbp4ZLW"
}
2020-09-05 05:51:03 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2020-09-05 05:51:03 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
knozbp4ZLW
2020-09-05 05:51:03 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
acr value in id_token is (one of) the requested values
actual
urn:mace:incommon:iap:silver
requested
[
  "urn:mace:incommon:iap:silver"
]
2020-09-05 05:51:03 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwMyIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY2MywiaWF0IjoxNTk5Mjg1MDYzLCJub25jZSI6Imtub3picDRaTFcifQ.DQZ8khYZ0in5SzywKjDYQmZ_DqeQmsf6teMuch_csnHQZl3hw3pClXghRA9yjnwERUqbW5-o49Q5mmGsEYkGrg
2020-09-05 05:51:03 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwMyIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY2MywiaWF0IjoxNTk5Mjg1MDYzLCJub25jZSI6Imtub3picDRaTFcifQ.DQZ8khYZ0in5SzywKjDYQmZ_DqeQmsf6teMuch_csnHQZl3hw3pClXghRA9yjnwERUqbW5-o49Q5mmGsEYkGrg
2020-09-05 05:51:03 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
1
2020-09-05 05:51:03 SUCCESS
FAPIValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
alg
ES256
2020-09-05 05:51:03 INFO
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2020-09-05 05:51:03 INFO
ExtractCHash
Couldn't find c_hash in ID token
2020-09-05 05:51:03 INFO
ExtractSHash
Couldn't find s_hash in ID token
2020-09-05 05:51:03 INFO
ExtractAtHash
Couldn't find at_hash in ID token
2020-09-05 05:51:03 INFO
ValidateCHash
Skipped evaluation due to missing required object: c_hash
expected
c_hash
mapped
2020-09-05 05:51:03 INFO
ValidateSHash
Skipped evaluation due to missing required object: s_hash
expected
s_hash
mapped
2020-09-05 05:51:03 INFO
ValidateAtHash
Skipped evaluation due to missing required object: at_hash
expected
at_hash
mapped
Verify at_hash in the authorization endpoint id_token
2020-09-05 05:51:03 INFO
ExtractAtHash
Couldn't find at_hash in ID token
2020-09-05 05:51:03 INFO
ValidateAtHash
Skipped evaluation due to missing required object: at_hash
expected
at_hash
mapped
Check for refresh token
2020-09-05 05:51:03 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
CdjFJSz8HJpqyjxq8hQYVx2XbT5G8jzO
2020-09-05 05:51:03 WARNING
EnsureServerConfigurationSupportsRefreshToken
The server issued a refresh token but does not claim to support this grant type
supported_grant_types
[
  "authorization_code",
  "urn:openid:params:grant-type:ciba"
]
2020-09-05 05:51:03 SUCCESS
EnsureRefreshTokenContainsAllowedCharactersOnly
Refresh token does not contain any illegal characters
Refresh Token Request
2020-09-05 05:51:03 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
CdjFJSz8HJpqyjxq8hQYVx2XbT5G8jzO
2020-09-05 05:51:03 SUCCESS
AddScopeToTokenEndpointRequest
Added scope of 'openid SCOPE0002 offline_access' to token endpoint request
grant_type
refresh_token
refresh_token
CdjFJSz8HJpqyjxq8hQYVx2XbT5G8jzO
scope
openid SCOPE0002 offline_access
2020-09-05 05:51:03 SUCCESS
CreateClientAuthenticationAssertionClaims
Created client assertion claims
iss
OIDFCERT0003
sub
OIDFCERT0003
aud
https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/
jti
8n9Rs02gbEC8hnaa5wUm
iat
1599285063
exp
1599285123
2020-09-05 05:51:03 SUCCESS
SignClientAuthenticationAssertion
Signed the client assertion
client_assertion
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDMiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwMyIsImV4cCI6MTU5OTI4NTEyMywiaWF0IjoxNTk5Mjg1MDYzLCJqdGkiOiI4bjlSczAyZ2JFQzhobmFhNXdVbSJ9.kJgXgiPHlr--I2bLpz-JW0H7IyfgDtEAzhePhnMX7-RCfHQnf48YSJypBgyeAJAa4P4FTFKS4UTDtGMzgH4tYA
2020-09-05 05:51:03
AddClientAssertionToTokenEndpointRequest
Added client assertion
grant_type
refresh_token
refresh_token
CdjFJSz8HJpqyjxq8hQYVx2XbT5G8jzO
scope
openid SCOPE0002 offline_access
client_assertion
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDMiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwMyIsImV4cCI6MTU5OTI4NTEyMywiaWF0IjoxNTk5Mjg1MDYzLCJqdGkiOiI4bjlSczAyZ2JFQzhobmFhNXdVbSJ9.kJgXgiPHlr--I2bLpz-JW0H7IyfgDtEAzhePhnMX7-RCfHQnf48YSJypBgyeAJAa4P4FTFKS4UTDtGMzgH4tYA
client_assertion_type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2020-09-05 05:51:03 SUCCESS
WaitForOneSecond
Pausing for 1 seconds
2020-09-05 05:51:04 SUCCESS
WaitForOneSecond
Woke up after 1 seconds sleep
2020-09-05 05:51:04
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "592"
}
request_body
grant_type=refresh_token&refresh_token=CdjFJSz8HJpqyjxq8hQYVx2XbT5G8jzO&scope=openid+SCOPE0002+offline_access&client_assertion=eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDMiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwMyIsImV4cCI6MTU5OTI4NTEyMywiaWF0IjoxNTk5Mjg1MDYzLCJqdGkiOiI4bjlSczAyZ2JFQzhobmFhNXdVbSJ9.kJgXgiPHlr--I2bLpz-JW0H7IyfgDtEAzhePhnMX7-RCfHQnf48YSJypBgyeAJAa4P4FTFKS4UTDtGMzgH4tYA&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
request_mutual_tls
{
  "cert": "MIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/HDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFCJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKNDu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEYv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisCAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZhbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91ZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5KE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+ull8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNOIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxAMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyhAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/YWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0BAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3EDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjtLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904MonyRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKoBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLwyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg\u003d\u003d",
  "key": "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCA0KTVHpR5eIMlmMkbaORPxwyEUjuGD559soOExVElDLJfvbjYcu/UAAgeINk8yF1pOTdCo+KZG/Vpeytga8BQiQHwwgFCt50S24kUtScJ18Q4qy/ew2M/qxCooavKw66jpduuuONAp07/z0/ZlYs0K2B+P2lQVqQwqlf1NbTudC7CQnt6sut5p8v/bOAx/9gkMnjvQTW8blOk6O6M0SjQ7u8M6vyHTxCp3ZXSfonkJ8HodIEJe6EM51TZ1xxUa5o1oNesrELR+mUIiUDIUyRGL9J6rbPNAVP5h1muVEjahpZxfyH7mvzRfK9uLvpBJ4snKtS/KM7IZMWeT1zm24rAgMBAAECggEAaOdYgKhZSlvC2YU+2dXddQUHKx7nSbYmMyL+Rfz/3CX4FL1tWGtAi01xzMFww7Op+9LhF7m9uFzyH+GR5y4Ml2dWyyyC/A6ZEB0M8iIjixv5iRZdbONNO8cCF4IsSorjh4QmjCIgGVdSp2Z7dPyN6/s1BPpzLzRcbxGiuMBz1sGgakJANcyD4/frMBppbbmPDVpUTQ3LEZ3YRVIfqJQatiCNUlYlOERY4xlnZuCCpHzmjRYuccWH2Q9OSEGgW6JU+ujFx22rfeeYK3r4TayQPJ9wtBVmK3C03ccnPyjx2yUWIczjrp+SI6K16F1pSDhkm4ylbGhCngiyr8AU4dzhgQKBgQDFSDeZmhvW7PNgJAMa1lgfKikp2gb/A/YEXZFHKawjQRUR1+tP0mrxAWYvuPfUu+42kr3izXMbPiS0aNX6HPZeJcsnhWf2D9NPt2vqFWrXNcSm3dy3Is20rxsKWQXp2L8nP3GRbAFvu2aTEhX7a4vnZE7/BWIAiO/t/cXP6HUs/wKBgQCotX80ab64aUmd0SkuHv9YKYBTjP4stgxP/3GRVuFuU+AaqDxRNbnNRYEM/O/OLZeqU0oL1bONpThQhN2Pu8ApUEz2dGyknkIRmRNRHgXw28GOm0ZWu4xYdW+SXVO8yTOAqdh1WvYLTp8xJEzD3vvJ+Rib/jhsSjCibAhgmT0C1QKBgDgrBoF6CgEYN3ag6i1i53YAB/Y9eA51Lz8w8KLlL3heGESbSAjS7NWvQ0vFCvKLixgIkX2YZvRTrhmbW4i5ZD+L3RpkdiPtf4lLvLLJ5EBfs5yawDN3+j8+N6GrlO5uYoYnHwt7R7FrFpo65P1PMmbv/TnIa42hb0ZAIWi/U1U7AoGASilmnpqxbQ1TgB121cBojM/JinDbNrpcFTp8KOChPkd+pxk3UpekcpjQDu6NV/vwxL3SOfuZ73UmmTae0tU8tqyG+HvbWk37SxMYS7s/704a+t5FAFF3c1dEUXnXGpDzo+aFsajnqbbJAegsGppF4tYuPDx3fxrp4CxPTm9uQ3UCgYEAscF3RcCOsOzIGEUbCfh+A3BLbFQso5XdmYWY5QGgxv1wkSe0H1lUDk0NCmEPVUd8YXJH6u5bTWwl4hcv3gD/X/c1PVXELuvRf1hCl+VO51KpFShJnaphVS9pKs8AL+3RioA7GZF2rwQklyTZGEfHpPylmNcfY4XXW8WwkngGCFg\u003d"
}
2020-09-05 05:51:05 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
200 OK
response_status_text
200
response_headers
{
  "date": "Sat, 05 Sep 2020 05:51:05 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003d78AED9FF78B231F81039ABA59104333B; Path\u003d/oc; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "509",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"GFMs5yiil4wJ6TBiohxFFNnk2eobYvwP","scope":"SCOPE0002","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwMyIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY2NSwiaWF0IjoxNTk5Mjg1MDY1fQ.WguRrp7gEj7Ejh0SFwERf_PmL4IaDjTBF7n7_Ep122W_gTRrA4-rDfpurdsK8oeqNXD0m9SuANWPPpb0K1-vlA","token_type":"Bearer","expires_in":60}
2020-09-05 05:51:05 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
access_token
GFMs5yiil4wJ6TBiohxFFNnk2eobYvwP
scope
SCOPE0002
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwMyIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY2NSwiaWF0IjoxNTk5Mjg1MDY1fQ.WguRrp7gEj7Ejh0SFwERf_PmL4IaDjTBF7n7_Ep122W_gTRrA4-rDfpurdsK8oeqNXD0m9SuANWPPpb0K1-vlA
token_type
Bearer
expires_in
60
2020-09-05 05:51:05 SUCCESS
CheckTokenEndpointHttpStatus200
Token endpoint http status code was 200
2020-09-05 05:51:05 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2020-09-05 05:51:05 SUCCESS
CheckTokenEndpointCacheHeaders
Checked 'pragma' and 'cache-control' in the headers of token_endpoint_response.
2020-09-05 05:51:05 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2020-09-05 05:51:05 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
GFMs5yiil4wJ6TBiohxFFNnk2eobYvwP
type
Bearer
2020-09-05 05:51:05 SUCCESS
CheckTokenTypeIsBearer
Token type is bearer
2020-09-05 05:51:05 SUCCESS
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
actual
146.49022499567306
expected
96.0
2020-09-05 05:51:05 SUCCESS
EnsureAccessTokenContainsAllowedCharactersOnly
Access token does not contain any illegal characters
2020-09-05 05:51:05 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
60
2020-09-05 05:51:05 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
60
2020-09-05 05:51:05 SUCCESS
EnsureAccessTokenValuesAreDifferent
Access token values are not the same
first_access_token
ivxunoAdr03SCmdIkcGGYUPo1OCE3LB2
second_access_token
GFMs5yiil4wJ6TBiohxFFNnk2eobYvwP
2020-09-05 05:51:05 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDAzIiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwMyIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY2NSwiaWF0IjoxNTk5Mjg1MDY1fQ.WguRrp7gEj7Ejh0SFwERf_PmL4IaDjTBF7n7_Ep122W_gTRrA4-rDfpurdsK8oeqNXD0m9SuANWPPpb0K1-vlA
header
{
  "typ": "JWT",
  "alg": "ES256"
}
claims
{
  "sub": "1",
  "aud": "OIDFCERT0003",
  "acr": "urn:mace:incommon:iap:silver",
  "azp": "OIDFCERT0003",
  "amr": "AUTH_OP",
  "iss": "https://3a-rplib-test3.cloud-idauth.com/oc/",
  "exp": 1599288665,
  "iat": 1599285065
}
2020-09-05 05:51:05 INFO
ExtractRefreshTokenFromTokenResponse
Token endpoint response does not contain a refresh token
2020-09-05 05:51:05 INFO
EnsureMinimumRefreshTokenLength
Skipped evaluation due to missing required element: token_endpoint_response refresh_token
path
refresh_token
mapped
object
token_endpoint_response
2020-09-05 05:51:05 INFO
EnsureMinimumRefreshTokenEntropy
Skipped evaluation due to missing required element: token_endpoint_response refresh_token
path
refresh_token
mapped
object
token_endpoint_response
2020-09-05 05:51:05 SUCCESS
CompareIdTokenClaims
Validated id token claims successfully
iss
{
  "first": "https://3a-rplib-test3.cloud-idauth.com/oc/",
  "second": "https://3a-rplib-test3.cloud-idauth.com/oc/",
  "note": "Values are expected to be equal"
}
sub
{
  "first": "1",
  "second": "1",
  "note": "Values are expected to be equal"
}
iat
{
  "first": 1599285063,
  "second": 1599285065,
  "note": "Values are expected to be different"
}
aud
{
  "first": "OIDFCERT0003",
  "second": "OIDFCERT0003",
  "note": "Values are expected to be equal"
}
azp
{
  "first": "OIDFCERT0003",
  "second": "OIDFCERT0003",
  "note": "Values are expected to be equal"
}
Resource server endpoint tests
2020-09-05 05:51:05
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
resource_endpoint_request_headers
{}
2020-09-05 05:51:05 SUCCESS
AddFAPIAuthDateToResourceEndpointRequest
Added x-fapi-auth-date to resource endpoint request headers
resource_endpoint_request_headers
{
  "x-fapi-auth-date": "Sat, 05 Sep 2020 05:51:05 GMT"
}
2020-09-05 05:51:05
AddIpV4FapiCustomerIpAddressToResourceEndpointRequest
Added x-fapi-customer-ip-address containing IPv4 address to resource endpoint request headers
resource_endpoint_request_headers
{
  "x-fapi-auth-date": "Sat, 05 Sep 2020 05:51:05 GMT",
  "x-fapi-customer-ip-address": "198.51.100.119"
}
2020-09-05 05:51:05
CreateRandomFAPIInteractionId
Created interaction ID
fapi_interaction_id
09968fd7-c727-4c24-bf68-bce05b4aadbb
2020-09-05 05:51:05
AddFAPIInteractionIdToResourceEndpointRequest
Condition ran but did not log anything
2020-09-05 05:51:05
CallProtectedResourceWithBearerTokenAndCustomHeaders
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/oc/accounts
request_method
GET
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "x-fapi-auth-date": "Sat, 05 Sep 2020 05:51:05 GMT",
  "x-fapi-customer-ip-address": "198.51.100.119",
  "x-fapi-interaction-id": "09968fd7-c727-4c24-bf68-bce05b4aadbb",
  "authorization": "Bearer GFMs5yiil4wJ6TBiohxFFNnk2eobYvwP",
  "accept-charset": "utf-8",
  "content-length": "0"
}
request_body

                                
request_mutual_tls
{
  "cert": "MIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/HDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFCJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKNDu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEYv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisCAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZhbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91ZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5KE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+ull8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNOIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxAMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyhAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/YWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0BAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3EDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjtLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904MonyRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKoBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLwyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg\u003d\u003d",
  "key": "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCA0KTVHpR5eIMlmMkbaORPxwyEUjuGD559soOExVElDLJfvbjYcu/UAAgeINk8yF1pOTdCo+KZG/Vpeytga8BQiQHwwgFCt50S24kUtScJ18Q4qy/ew2M/qxCooavKw66jpduuuONAp07/z0/ZlYs0K2B+P2lQVqQwqlf1NbTudC7CQnt6sut5p8v/bOAx/9gkMnjvQTW8blOk6O6M0SjQ7u8M6vyHTxCp3ZXSfonkJ8HodIEJe6EM51TZ1xxUa5o1oNesrELR+mUIiUDIUyRGL9J6rbPNAVP5h1muVEjahpZxfyH7mvzRfK9uLvpBJ4snKtS/KM7IZMWeT1zm24rAgMBAAECggEAaOdYgKhZSlvC2YU+2dXddQUHKx7nSbYmMyL+Rfz/3CX4FL1tWGtAi01xzMFww7Op+9LhF7m9uFzyH+GR5y4Ml2dWyyyC/A6ZEB0M8iIjixv5iRZdbONNO8cCF4IsSorjh4QmjCIgGVdSp2Z7dPyN6/s1BPpzLzRcbxGiuMBz1sGgakJANcyD4/frMBppbbmPDVpUTQ3LEZ3YRVIfqJQatiCNUlYlOERY4xlnZuCCpHzmjRYuccWH2Q9OSEGgW6JU+ujFx22rfeeYK3r4TayQPJ9wtBVmK3C03ccnPyjx2yUWIczjrp+SI6K16F1pSDhkm4ylbGhCngiyr8AU4dzhgQKBgQDFSDeZmhvW7PNgJAMa1lgfKikp2gb/A/YEXZFHKawjQRUR1+tP0mrxAWYvuPfUu+42kr3izXMbPiS0aNX6HPZeJcsnhWf2D9NPt2vqFWrXNcSm3dy3Is20rxsKWQXp2L8nP3GRbAFvu2aTEhX7a4vnZE7/BWIAiO/t/cXP6HUs/wKBgQCotX80ab64aUmd0SkuHv9YKYBTjP4stgxP/3GRVuFuU+AaqDxRNbnNRYEM/O/OLZeqU0oL1bONpThQhN2Pu8ApUEz2dGyknkIRmRNRHgXw28GOm0ZWu4xYdW+SXVO8yTOAqdh1WvYLTp8xJEzD3vvJ+Rib/jhsSjCibAhgmT0C1QKBgDgrBoF6CgEYN3ag6i1i53YAB/Y9eA51Lz8w8KLlL3heGESbSAjS7NWvQ0vFCvKLixgIkX2YZvRTrhmbW4i5ZD+L3RpkdiPtf4lLvLLJ5EBfs5yawDN3+j8+N6GrlO5uYoYnHwt7R7FrFpo65P1PMmbv/TnIa42hb0ZAIWi/U1U7AoGASilmnpqxbQ1TgB121cBojM/JinDbNrpcFTp8KOChPkd+pxk3UpekcpjQDu6NV/vwxL3SOfuZ73UmmTae0tU8tqyG+HvbWk37SxMYS7s/704a+t5FAFF3c1dEUXnXGpDzo+aFsajnqbbJAegsGppF4tYuPDx3fxrp4CxPTm9uQ3UCgYEAscF3RcCOsOzIGEUbCfh+A3BLbFQso5XdmYWY5QGgxv1wkSe0H1lUDk0NCmEPVUd8YXJH6u5bTWwl4hcv3gD/X/c1PVXELuvRf1hCl+VO51KpFShJnaphVS9pKs8AL+3RioA7GZF2rwQklyTZGEfHpPylmNcfY4XXW8WwkngGCFg\u003d"
}
2020-09-05 05:51:06 RESPONSE
CallProtectedResourceWithBearerTokenAndCustomHeaders
HTTP response
response_status_code
200 OK
response_status_text
200
response_headers
{
  "date": "Sat, 05 Sep 2020 05:51:06 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003d98E36A7870723E5748129F8F0AE3E34B; Path\u003d/oc; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "x-fapi-interaction-id": "09968fd7-c727-4c24-bf68-bce05b4aadbb",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "133",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"iss":"https:\/\/3a-rplib-test3.cloud-idauth.com\/oc\/","sub":"1","aud":"OIDFCERT0003","country":"japan","postal_code":"105-0001"}
2020-09-05 05:51:06 SUCCESS
CallProtectedResourceWithBearerTokenAndCustomHeaders
Got a response from the resource endpoint
headers
{
  "date": "Sat, 05 Sep 2020 05:51:06 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003d98E36A7870723E5748129F8F0AE3E34B; Path\u003d/oc; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "x-fapi-interaction-id": "09968fd7-c727-4c24-bf68-bce05b4aadbb",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "133",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
status_code
{
  "code": 200
}
body
{"iss":"https:\/\/3a-rplib-test3.cloud-idauth.com\/oc\/","sub":"1","aud":"OIDFCERT0003","country":"japan","postal_code":"105-0001"}
2020-09-05 05:51:06 SUCCESS
CheckForDateHeaderInResourceResponse
Date header present and validated
date
Sat, 05 Sep 2020 05:51:06 GMT
skew
599
2020-09-05 05:51:06 SUCCESS
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
interaction_id
09968fd7-c727-4c24-bf68-bce05b4aadbb
2020-09-05 05:51:06 SUCCESS
EnsureMatchingFAPIInteractionId
Interaction ID matched
fapi_interaction_id
09968fd7-c727-4c24-bf68-bce05b4aadbb
2020-09-05 05:51:06 SUCCESS
EnsureResourceResponseReturnedJsonContentType
Response content type is JSON
content_type
application/json;charset=UTF-8
Second client: Setup
2020-09-05 05:51:06 SUCCESS
AddRedirectUriQuerySuffix
Created redirect URI query suffix to test that query sections in the registered redirect url are handled correctly. The redirect url, including this suffix, must be registered for the client as per http://openid.net/certification/fapi_op_testing/
redirect_uri_suffix
?dummy1=lorem&dummy2=ipsum
2020-09-05 05:51:06
CreateRedirectUri
Appending suffix to redirect URI
suffix
?dummy1=lorem&dummy2=ipsum
2020-09-05 05:51:06 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback?dummy1=lorem&dummy2=ipsum
Second client: Make request to authorization endpoint
2020-09-05 05:51:06 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
OIDFCERT0004
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback?dummy1=lorem&dummy2=ipsum
scope
openid SCOPE0002 offline_access
2020-09-05 05:51:06 SUCCESS
AddAcrClaimToAuthorizationEndpointRequest
Added acr claim to authorization_endpoint_request
authorization_endpoint_request
{
  "client_id": "OIDFCERT0004",
  "redirect_uri": "https://www.certification.openid.net/test/a/NC7000-3A-OC/callback?dummy1\u003dlorem\u0026dummy2\u003dipsum",
  "scope": "openid SCOPE0002 offline_access",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  }
}
2020-09-05 05:51:06
CreateRandomStateValue
Created state value
requested_state_length
10
state
prO8DL3zYE
2020-09-05 05:51:06 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
OIDFCERT0004
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback?dummy1=lorem&dummy2=ipsum
scope
openid SCOPE0002 offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
prO8DL3zYE
2020-09-05 05:51:06
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
75zQJabPsE
2020-09-05 05:51:06 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
OIDFCERT0004
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback?dummy1=lorem&dummy2=ipsum
scope
openid SCOPE0002 offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
prO8DL3zYE
nonce
75zQJabPsE
2020-09-05 05:51:06 SUCCESS
SetAuthorizationEndpointRequestResponseTypeToCodeIdtoken
Added response_type parameter to request
client_id
OIDFCERT0004
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback?dummy1=lorem&dummy2=ipsum
scope
openid SCOPE0002 offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
prO8DL3zYE
nonce
75zQJabPsE
response_type
code id_token
2020-09-05 05:51:06 SUCCESS
AddPromptConsentToAuthorizationEndpointRequestIfScopeContainsOfflineAccess
Added prompt=consent to authorization endpoint request
client_id
OIDFCERT0004
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback?dummy1=lorem&dummy2=ipsum
scope
openid SCOPE0002 offline_access
claims
{
  "id_token": {
    "acr": {
      "value": "urn:mace:incommon:iap:silver",
      "essential": true
    }
  }
}
state
prO8DL3zYE
nonce
75zQJabPsE
response_type
code id_token
prompt
consent
2020-09-05 05:51:06 SUCCESS
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
request_object_claims
{
  "client_id": "OIDFCERT0004",
  "redirect_uri": "https://www.certification.openid.net/test/a/NC7000-3A-OC/callback?dummy1\u003dlorem\u0026dummy2\u003dipsum",
  "scope": "openid SCOPE0002 offline_access",
  "claims": {
    "id_token": {
      "acr": {
        "value": "urn:mace:incommon:iap:silver",
        "essential": true
      }
    }
  },
  "state": "prO8DL3zYE",
  "nonce": "75zQJabPsE",
  "response_type": "code id_token",
  "prompt": "consent"
}
2020-09-05 05:51:06 SUCCESS
AddIatToRequestObject
Added iat to request object claims
iat
1.599285066E9
2020-09-05 05:51:06 SUCCESS
AddExpToRequestObject
Added exp to request object claims
exp
1.599285366E9
2020-09-05 05:51:06 SUCCESS
AddAudToRequestObject
Added aud to request object claims
aud
https://3a-rplib-test3.cloud-idauth.com/oc/
2020-09-05 05:51:06 SUCCESS
AddIssToRequestObject
Added iss to request object claims
iss
OIDFCERT0004
2020-09-05 05:51:06 SUCCESS
AddClientIdToRequestObject
Added client_id to request object claims
client_id
OIDFCERT0004
2020-09-05 05:51:06 SUCCESS
SignRequestObject
Signed the request object
claims
{"aud":"https:\/\/3a-rplib-test3.cloud-idauth.com\/oc\/","scope":"openid SCOPE0002 offline_access","claims":{"id_token":{"acr":{"value":"urn:mace:incommon:iap:silver","essential":true}}},"iss":"OIDFCERT0004","response_type":"code id_token","redirect_uri":"https:\/\/www.certification.openid.net\/test\/a\/NC7000-3A-OC\/callback?dummy1=lorem&dummy2=ipsum","state":"prO8DL3zYE","exp":1599285366,"nonce":"75zQJabPsE","prompt":"consent","iat":1599285066,"client_id":"OIDFCERT0004"}
header
{"kid":"kid2019040100009","alg":"ES256"}
request_object
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA5IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsInNjb3BlIjoib3BlbmlkIFNDT1BFMDAwMiBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJPSURGQ0VSVDAwMDQiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9OQzcwMDAtM0EtT0NcL2NhbGxiYWNrP2R1bW15MT1sb3JlbSZkdW1teTI9aXBzdW0iLCJzdGF0ZSI6InByTzhETDN6WUUiLCJleHAiOjE1OTkyODUzNjYsIm5vbmNlIjoiNzV6UUphYlBzRSIsInByb21wdCI6ImNvbnNlbnQiLCJpYXQiOjE1OTkyODUwNjYsImNsaWVudF9pZCI6Ik9JREZDRVJUMDAwNCJ9.MX4DbswaeW8GEWS-u4rff0SdVpBXlQ7hOKtJPZdrvI7P9HwXyQlyzBLoYq5SgxYAr90Yyu13nw5s84-R5DvXTw
key
{"kty":"EC","d":"HpYL8OKVwC01B02FpXQi23lTrE8oT3V7-eOdSgX9v8c","crv":"P-256","kid":"kid2019040100009","x":"ANonMLNTYTO8jPBnw4EHqKF2DRFkmAAnA5Hiv1_0pYg1","y":"AKLfnzY4VFB_ZyjgBW8GxhLtA6ZPVgMHq7S_Z70Uabi9","alg":"ES256"}
2020-09-05 05:51:06 SUCCESS
BuildRequestObjectByValueRedirectToAuthorizationEndpoint
Sending to authorization endpoint
redirect_to_authorization_endpoint
https://3a-rplib-test3.cloud-idauth.com/oc/AuthorizationEndpoint/?request=eyJraWQiOiJraWQyMDE5MDQwMTAwMDA5IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsInNjb3BlIjoib3BlbmlkIFNDT1BFMDAwMiBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJPSURGQ0VSVDAwMDQiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9OQzcwMDAtM0EtT0NcL2NhbGxiYWNrP2R1bW15MT1sb3JlbSZkdW1teTI9aXBzdW0iLCJzdGF0ZSI6InByTzhETDN6WUUiLCJleHAiOjE1OTkyODUzNjYsIm5vbmNlIjoiNzV6UUphYlBzRSIsInByb21wdCI6ImNvbnNlbnQiLCJpYXQiOjE1OTkyODUwNjYsImNsaWVudF9pZCI6Ik9JREZDRVJUMDAwNCJ9.MX4DbswaeW8GEWS-u4rff0SdVpBXlQ7hOKtJPZdrvI7P9HwXyQlyzBLoYq5SgxYAr90Yyu13nw5s84-R5DvXTw&client_id=OIDFCERT0004&redirect_uri=https://www.certification.openid.net/test/a/NC7000-3A-OC/callback?dummy1%3Dlorem%26dummy2%3Dipsum&scope=openid%20SCOPE0002%20offline_access&response_type=code%20id_token
2020-09-05 05:51:06 REDIRECT
fapi-rw-id2-refresh-token
Redirecting to authorization endpoint
redirect_to
https://3a-rplib-test3.cloud-idauth.com/oc/AuthorizationEndpoint/?request=eyJraWQiOiJraWQyMDE5MDQwMTAwMDA5IiwiYWxnIjoiRVMyNTYifQ.eyJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsInNjb3BlIjoib3BlbmlkIFNDT1BFMDAwMiBvZmZsaW5lX2FjY2VzcyIsImNsYWltcyI6eyJpZF90b2tlbiI6eyJhY3IiOnsidmFsdWUiOiJ1cm46bWFjZTppbmNvbW1vbjppYXA6c2lsdmVyIiwiZXNzZW50aWFsIjp0cnVlfX19LCJpc3MiOiJPSURGQ0VSVDAwMDQiLCJyZXNwb25zZV90eXBlIjoiY29kZSBpZF90b2tlbiIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC9OQzcwMDAtM0EtT0NcL2NhbGxiYWNrP2R1bW15MT1sb3JlbSZkdW1teTI9aXBzdW0iLCJzdGF0ZSI6InByTzhETDN6WUUiLCJleHAiOjE1OTkyODUzNjYsIm5vbmNlIjoiNzV6UUphYlBzRSIsInByb21wdCI6ImNvbnNlbnQiLCJpYXQiOjE1OTkyODUwNjYsImNsaWVudF9pZCI6Ik9JREZDRVJUMDAwNCJ9.MX4DbswaeW8GEWS-u4rff0SdVpBXlQ7hOKtJPZdrvI7P9HwXyQlyzBLoYq5SgxYAr90Yyu13nw5s84-R5DvXTw&client_id=OIDFCERT0004&redirect_uri=https://www.certification.openid.net/test/a/NC7000-3A-OC/callback?dummy1%3Dlorem%26dummy2%3Dipsum&scope=openid%20SCOPE0002%20offline_access&response_type=code%20id_token
2020-09-05 05:51:19 INCOMING
fapi-rw-id2-refresh-token
Incoming HTTP request to test instance OEXnd3KiqpglwG2
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://3a-rplib-test3.cloud-idauth.com/oc/InternalAuthoriEndpoint/?client_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_client_uri\u0026logo_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_logo_uri\u0026tos_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_tos_uri\u0026prompt\u003dconsent\u0026client_name\u003dOIDF_CertTest_Client_0004\u0026client_id\u003dOIDFCERT0004\u0026policy_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_policy_uri\u0026loa\u003durn%3Amace%3Aincommon%3Aiap%3Asilver",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "ja,en-US;q\u003d0.9,en;q\u003d0.8",
  "cookie": "__utma\u003d201319536.1292565018.1574312754.1579157407.1595894834.4; __utmz\u003d201319536.1595894834.4.1.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d3D84CDEC0C1E6B5D0E5DBE39C46730C9",
  "connection": "close",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
incoming_path
callback
incoming_body_form_params
incoming_method
GET
incoming_body_json
incoming_query_string_params
{
  "dummy1": "lorem",
  "dummy2": "ipsum"
}
incoming_body
2020-09-05 05:51:19 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/H8Cw3XCryXV7DVBmDFX7",
  "fullUrl": "https://www.certification.openid.net/test/a/NC7000-3A-OC/implicit/H8Cw3XCryXV7DVBmDFX7"
}
2020-09-05 05:51:19 OUTGOING
fapi-rw-id2-refresh-token
Response to HTTP request to test instance OEXnd3KiqpglwG2
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/NC7000-3A-OC/implicit/H8Cw3XCryXV7DVBmDFX7, returnUrl=/log-detail.html?log=OEXnd3KiqpglwG2}]
outgoing_path
callback
2020-09-05 05:51:19 INCOMING
fapi-rw-id2-refresh-token
Incoming HTTP request to test instance OEXnd3KiqpglwG2
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "*/*",
  "x-requested-with": "XMLHttpRequest",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
  "content-type": "text/plain",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/NC7000-3A-OC/callback?dummy1\u003dlorem\u0026dummy2\u003dipsum",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "ja,en-US;q\u003d0.9,en;q\u003d0.8",
  "cookie": "__utma\u003d201319536.1292565018.1574312754.1579157407.1595894834.4; __utmz\u003d201319536.1595894834.4.1.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d3D84CDEC0C1E6B5D0E5DBE39C46730C9",
  "content-length": "569",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net",
  "connection": "close"
}
incoming_path
implicit/H8Cw3XCryXV7DVBmDFX7
incoming_body_form_params
incoming_method
POST
incoming_body_json
incoming_query_string_params
{}
incoming_body
#code=2RJwQF26NQV8t1iBe6piDwB4VzZSSReM&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InZ4TjZYRHlJNF8tN2kzVzVUNlhySWciLCJzX2hhc2giOiI3Q0lxZzVHZHZKUFVrcXc4SENwd29nIiwiYXpwIjoiT0lERkNFUlQwMDA0IiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4Njc5LCJpYXQiOjE1OTkyODUwNzksIm5vbmNlIjoiNzV6UUphYlBzRSJ9.a4G5uOecM0KgntZK8XpCsUhkBP8L3D74cbIJD4Oih5XYsv6AjqRHwFbtTfjjk3NctLpiDjtgFmVpkQ_dgXbOJw&state=prO8DL3zYE
2020-09-05 05:51:19 OUTGOING
fapi-rw-id2-refresh-token
Response to HTTP request to test instance OEXnd3KiqpglwG2
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [/log-detail.html?log=OEXnd3KiqpglwG2]
outgoing_path
implicit/H8Cw3XCryXV7DVBmDFX7
2020-09-05 05:51:19
ExtractImplicitHashToCallbackResponse
Extracted response from URL fragment
parameters
[
  {
    "name": "code",
    "value": "2RJwQF26NQV8t1iBe6piDwB4VzZSSReM"
  },
  {
    "name": "id_token",
    "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InZ4TjZYRHlJNF8tN2kzVzVUNlhySWciLCJzX2hhc2giOiI3Q0lxZzVHZHZKUFVrcXc4SENwd29nIiwiYXpwIjoiT0lERkNFUlQwMDA0IiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4Njc5LCJpYXQiOjE1OTkyODUwNzksIm5vbmNlIjoiNzV6UUphYlBzRSJ9.a4G5uOecM0KgntZK8XpCsUhkBP8L3D74cbIJD4Oih5XYsv6AjqRHwFbtTfjjk3NctLpiDjtgFmVpkQ_dgXbOJw"
  },
  {
    "name": "state",
    "value": "prO8DL3zYE"
  }
]
2020-09-05 05:51:19 SUCCESS
ExtractImplicitHashToCallbackResponse
Extracted the hash values
code
2RJwQF26NQV8t1iBe6piDwB4VzZSSReM
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InZ4TjZYRHlJNF8tN2kzVzVUNlhySWciLCJzX2hhc2giOiI3Q0lxZzVHZHZKUFVrcXc4SENwd29nIiwiYXpwIjoiT0lERkNFUlQwMDA0IiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4Njc5LCJpYXQiOjE1OTkyODUwNzksIm5vbmNlIjoiNzV6UUphYlBzRSJ9.a4G5uOecM0KgntZK8XpCsUhkBP8L3D74cbIJD4Oih5XYsv6AjqRHwFbtTfjjk3NctLpiDjtgFmVpkQ_dgXbOJw
state
prO8DL3zYE
2020-09-05 05:51:19 REDIRECT-IN
fapi-rw-id2-refresh-token
Authorization endpoint response captured
url_query
{
  "dummy1": "lorem",
  "dummy2": "ipsum"
}
headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "referer": "https://3a-rplib-test3.cloud-idauth.com/oc/InternalAuthoriEndpoint/?client_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_client_uri\u0026logo_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_logo_uri\u0026tos_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_tos_uri\u0026prompt\u003dconsent\u0026client_name\u003dOIDF_CertTest_Client_0004\u0026client_id\u003dOIDFCERT0004\u0026policy_uri\u003dhttp%3A%2F%2Flocalhost%2Ftest_policy_uri\u0026loa\u003durn%3Amace%3Aincommon%3Aiap%3Asilver",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "ja,en-US;q\u003d0.9,en;q\u003d0.8",
  "cookie": "__utma\u003d201319536.1292565018.1574312754.1579157407.1595894834.4; __utmz\u003d201319536.1595894834.4.1.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d3D84CDEC0C1E6B5D0E5DBE39C46730C9",
  "connection": "close",
  "x-ssl-cipher": "ECDHE-RSA-AES256-GCM-SHA384",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{
  "code": "2RJwQF26NQV8t1iBe6piDwB4VzZSSReM",
  "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InZ4TjZYRHlJNF8tN2kzVzVUNlhySWciLCJzX2hhc2giOiI3Q0lxZzVHZHZKUFVrcXc4SENwd29nIiwiYXpwIjoiT0lERkNFUlQwMDA0IiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4Njc5LCJpYXQiOjE1OTkyODUwNzksIm5vbmNlIjoiNzV6UUphYlBzRSJ9.a4G5uOecM0KgntZK8XpCsUhkBP8L3D74cbIJD4Oih5XYsv6AjqRHwFbtTfjjk3NctLpiDjtgFmVpkQ_dgXbOJw",
  "state": "prO8DL3zYE"
}
post_body
Second client: Verify authorization endpoint response
2020-09-05 05:51:19 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2020-09-05 05:51:19 SUCCESS
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
2020-09-05 05:51:19 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
dummy1
lorem
dummy2
ipsum
2020-09-05 05:51:19 SUCCESS
RejectStateInUrlQueryForHybridFlow
state is correctly not present in URL query returned from authorization endpoint (as in the hybrid flow it must be returned in the URL fragment/hash only)
2020-09-05 05:51:19 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2020-09-05 05:51:19 SUCCESS
ValidateSuccessfulHybridResponseFromAuthorizationEndpoint
authorization endpoint response does not include unexpected parameters
code
2RJwQF26NQV8t1iBe6piDwB4VzZSSReM
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InZ4TjZYRHlJNF8tN2kzVzVUNlhySWciLCJzX2hhc2giOiI3Q0lxZzVHZHZKUFVrcXc4SENwd29nIiwiYXpwIjoiT0lERkNFUlQwMDA0IiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4Njc5LCJpYXQiOjE1OTkyODUwNzksIm5vbmNlIjoiNzV6UUphYlBzRSJ9.a4G5uOecM0KgntZK8XpCsUhkBP8L3D74cbIJD4Oih5XYsv6AjqRHwFbtTfjjk3NctLpiDjtgFmVpkQ_dgXbOJw
state
prO8DL3zYE
2020-09-05 05:51:19 SUCCESS
CheckMatchingStateParameter
State parameter correctly returned
state
prO8DL3zYE
2020-09-05 05:51:19 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
2RJwQF26NQV8t1iBe6piDwB4VzZSSReM
2020-09-05 05:51:19 SUCCESS
EnsureMinimumAuthorizationCodeLength
Authorization code is of sufficient length
actual
256
required
128
2020-09-05 05:51:19 SUCCESS
EnsureMinimumAuthorizationCodeEntropy
Calculated shannon entropy seems sufficient
actual
140.0
expected
96.0
2020-09-05 05:51:19 SUCCESS
ExtractIdTokenFromAuthorizationResponse
Found and parsed the id_token from authorization_endpoint_response
value
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InZ4TjZYRHlJNF8tN2kzVzVUNlhySWciLCJzX2hhc2giOiI3Q0lxZzVHZHZKUFVrcXc4SENwd29nIiwiYXpwIjoiT0lERkNFUlQwMDA0IiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4Njc5LCJpYXQiOjE1OTkyODUwNzksIm5vbmNlIjoiNzV6UUphYlBzRSJ9.a4G5uOecM0KgntZK8XpCsUhkBP8L3D74cbIJD4Oih5XYsv6AjqRHwFbtTfjjk3NctLpiDjtgFmVpkQ_dgXbOJw
header
{
  "typ": "JWT",
  "alg": "ES256"
}
claims
{
  "sub": "1",
  "aud": "OIDFCERT0004",
  "acr": "urn:mace:incommon:iap:silver",
  "c_hash": "vxN6XDyI4_-7i3W5T6XrIg",
  "s_hash": "7CIqg5GdvJPUkqw8HCpwog",
  "azp": "OIDFCERT0004",
  "amr": "AUTH_OP",
  "iss": "https://3a-rplib-test3.cloud-idauth.com/oc/",
  "exp": 1599288679,
  "iat": 1599285079,
  "nonce": "75zQJabPsE"
}
2020-09-05 05:51:19 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2020-09-05 05:51:19 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
75zQJabPsE
2020-09-05 05:51:19 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InZ4TjZYRHlJNF8tN2kzVzVUNlhySWciLCJzX2hhc2giOiI3Q0lxZzVHZHZKUFVrcXc4SENwd29nIiwiYXpwIjoiT0lERkNFUlQwMDA0IiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4Njc5LCJpYXQiOjE1OTkyODUwNzksIm5vbmNlIjoiNzV6UUphYlBzRSJ9.a4G5uOecM0KgntZK8XpCsUhkBP8L3D74cbIJD4Oih5XYsv6AjqRHwFbtTfjjk3NctLpiDjtgFmVpkQ_dgXbOJw
2020-09-05 05:51:19 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImNfaGFzaCI6InZ4TjZYRHlJNF8tN2kzVzVUNlhySWciLCJzX2hhc2giOiI3Q0lxZzVHZHZKUFVrcXc4SENwd29nIiwiYXpwIjoiT0lERkNFUlQwMDA0IiwiYW1yIjoiQVVUSF9PUCIsImlzcyI6Imh0dHBzOlwvXC8zYS1ycGxpYi10ZXN0My5jbG91ZC1pZGF1dGguY29tXC9vY1wvIiwiZXhwIjoxNTk5Mjg4Njc5LCJpYXQiOjE1OTkyODUwNzksIm5vbmNlIjoiNzV6UUphYlBzRSJ9.a4G5uOecM0KgntZK8XpCsUhkBP8L3D74cbIJD4Oih5XYsv6AjqRHwFbtTfjjk3NctLpiDjtgFmVpkQ_dgXbOJw
2020-09-05 05:51:19 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
1
2020-09-05 05:51:19 SUCCESS
FAPIValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
alg
ES256
2020-09-05 05:51:19 INFO
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2020-09-05 05:51:19 SUCCESS
ExtractSHash
Extracted s_hash from ID Token
s_hash
7CIqg5GdvJPUkqw8HCpwog
alg
ES256
2020-09-05 05:51:19 SUCCESS
ValidateSHash
s_hash validated successfully
expected_hash
7CIqg5GdvJPUkqw8HCpwog
unhashed_value
prO8DL3zYE
id_token_hash
7CIqg5GdvJPUkqw8HCpwog
2020-09-05 05:51:19 SUCCESS
ExtractCHash
Extracted c_hash from ID Token
c_hash
vxN6XDyI4_-7i3W5T6XrIg
alg
ES256
2020-09-05 05:51:19 SUCCESS
ValidateCHash
c_hash validated successfully
expected_hash
vxN6XDyI4_-7i3W5T6XrIg
unhashed_value
2RJwQF26NQV8t1iBe6piDwB4VzZSSReM
id_token_hash
vxN6XDyI4_-7i3W5T6XrIg
2020-09-05 05:51:19 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
grant_type
authorization_code
code
2RJwQF26NQV8t1iBe6piDwB4VzZSSReM
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback?dummy1=lorem&dummy2=ipsum
2020-09-05 05:51:19 SUCCESS
CreateClientAuthenticationAssertionClaims
Created client assertion claims
iss
OIDFCERT0004
sub
OIDFCERT0004
aud
https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/
jti
dyPqpdvdajyvICi7fImj
iat
1599285079
exp
1599285139
2020-09-05 05:51:19 SUCCESS
SignClientAuthenticationAssertion
Signed the client assertion
client_assertion
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA5IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDQiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwNCIsImV4cCI6MTU5OTI4NTEzOSwiaWF0IjoxNTk5Mjg1MDc5LCJqdGkiOiJkeVBxcGR2ZGFqeXZJQ2k3ZkltaiJ9.ACn4GMwZJ-UgKkqX8_quu5U6out83koDlpfFXPoaGWAlnjvUYGtPKMxpbQBV8PsOIrYwOnIOc2hlBJC13GFjkA
2020-09-05 05:51:19
AddClientAssertionToTokenEndpointRequest
Added client assertion
grant_type
authorization_code
code
2RJwQF26NQV8t1iBe6piDwB4VzZSSReM
redirect_uri
https://www.certification.openid.net/test/a/NC7000-3A-OC/callback?dummy1=lorem&dummy2=ipsum
client_assertion
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA5IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDQiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwNCIsImV4cCI6MTU5OTI4NTEzOSwiaWF0IjoxNTk5Mjg1MDc5LCJqdGkiOiJkeVBxcGR2ZGFqeXZJQ2k3ZkltaiJ9.ACn4GMwZJ-UgKkqX8_quu5U6out83koDlpfFXPoaGWAlnjvUYGtPKMxpbQBV8PsOIrYwOnIOc2hlBJC13GFjkA
client_assertion_type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2020-09-05 05:51:19
CallTokenEndpoint
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "677"
}
request_body
grant_type=authorization_code&code=2RJwQF26NQV8t1iBe6piDwB4VzZSSReM&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2FNC7000-3A-OC%2Fcallback%3Fdummy1%3Dlorem%26dummy2%3Dipsum&client_assertion=eyJraWQiOiJraWQyMDE5MDQwMTAwMDA5IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDQiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwNCIsImV4cCI6MTU5OTI4NTEzOSwiaWF0IjoxNTk5Mjg1MDc5LCJqdGkiOiJkeVBxcGR2ZGFqeXZJQ2k3ZkltaiJ9.ACn4GMwZJ-UgKkqX8_quu5U6out83koDlpfFXPoaGWAlnjvUYGtPKMxpbQBV8PsOIrYwOnIOc2hlBJC13GFjkA&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
request_mutual_tls
{
  "cert": "MIIDTjCCAjYCCQCjUTxEpwknBTANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1RhbWFjaGkxDDAKBgNVBAoMA05FQzEMMAoGA1UECwwDTkVDMRwwGgYDVQQDDBN3d3cuM2FzZWN1cmVrZXkuY29tMB4XDTE4MDQyNzAyMDAwOFoXDTI4MDQyNDAyMDAwOFowaTELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdUYW1hY2hpMQwwCgYDVQQKDANORUMxDDAKBgNVBAsMA05FQzEcMBoGA1UEAwwTd3d3LjNhc2VjdXJla2V5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLD3g7pwzFMzbRh5cCGuR0KBCzD5Xk3w/Zj+3hpBq5/xSaQjmOfLF3LLiFD7sZXRPFVFXii4Y2GuFccSQ3MI9sMS/HDDTmOLPIWta/U9ZtcwjNyclXrX0IR8Fxuk5E9lRf//JwlMZHAxfESvBe5WMnzGDTVdp5Hv6sWZAdkgdwQTMFM4vpHhBD6qJsxSG7jBvqVYd8w9pCZ9k1mSfKKgqPfpOA6jv2ATiwv9r9ZQNtKl/MbHY9/R59GU+S7WSPtqM5O3bJGGCXFvpZF2CghcYqn9vDhIrNOD/xo3ZF0Z+doEl8e0e1IAr2JiGD4JPpz4W67pjUVb9G+NTRtQ71YqccCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAETj+cEVPthSghrIJamsmddV+GFHYjOfvQw0r8LZYkqJZlK1FOeWwBM+kDzpxOErtPiyjvv2eBPGm9LcLZpDbMLg77Lv3HjaWy+yISRQ/wGUb9tlJ8AUeEd2uoPUzDQf5VpTBEq/M9E7CB3g2hZvwRYvq6PfsDexCwq9OWogK3WpEozIMVyOL3jYpkSJzDqPuN3nFiNc5eMJ7lo+b/K1rUEqwuN21TjwAn1DXfW0dD1a/ig004xecHU1wsIMP2ARQ/qOD7P0emE/umlwLQ0kw3HB2ideAJzU4OstiqUH41LKwIIzUu6rz6/S9PMcmVfqv9PfhITQSs8vCqC8uaWLtGg\u003d\u003d",
  "key": "MIIEpQIBAAKCAQEAosPeDunDMUzNtGHlwIa5HQoELMPleTfD9mP7eGkGrn/FJpCOY58sXcsuIUPuxldE8VUVeKLhjYa4VxxJDcwj2wxL8cMNOY4s8ha1r9T1m1zCM3JyVetfQhHwXG6TkT2VF//8nCUxkcDF8RK8F7lYyfMYNNV2nke/qxZkB2SB3BBMwUzi+keEEPqomzFIbuMG+pVh3zD2kJn2TWZJ8oqCo9+k4DqO/YBOLC/2v1lA20qX8xsdj39Hn0ZT5LtZI+2ozk7dskYYJcW+lkXYKCFxiqf28OEis04P/GjdkXRn52gSXx7R7UgCvYmIYPgk+nPhbrumNRVv0b41NG1DvVipxwIDAQABAoIBAQCVFUrD5iG/elXALxs+KShNDOueBSCe0xFPEW04cRqJosZ1+FozrYv5rSznk02VpkGjuwcbpDVsaEVYpLPVS3JcJPs6yinG2g8Y/uwTzb/ZOjE25lELmbd60OuT/kRz+DAj93jtnLO2iRfFJB/cqwxEjcFSQ2OOvrE0iCG/E7ROV7m3C5OOjKhSypP++04nWajIqW//uMDaFoFquf7x4aoHc9wRD1IyHGha9hIZA7JiY5KlwyQV/AEoz+C+O9Z8FYpqZT76fnzQvLvbk6fYr4q1a0gm/J9HTp4l0bQ9NMKVvt4PGlJmxQhQfIJixARsnKEDtu0uUcgbVXRB6pRtmG6BAoGBAM+hvgN+TX8c4fMmDvGpNB0+PvA2ZC6JJd0oLmpZMMdLRl+0A5j3nHv2nR04FlB1brD9ucInVHZYlgL5ab3/x27iV+H5spIN6cST7WH+Sjqsi43tKGyx9oXosL6RN+4HM7rTWbCxwq0tVunk01IR5FeO8xZss4UDyev6vStBjmzXAoGBAMiueG4ALkIGqTw/sTNl7vwmMcyPbjA6h68I9FkTGI0G5YHy7yWlEhdD/rUYSXVCXlh+3aftbfJ4CP9nWaM6NMREoysCQ3y/kulgJ0imPEFwnqWQMljQV1zRg9gthdixyBI6YZ62MUF6i/XYfUs0KQ9baHuzB4ejMs7U8bGENpyRAoGAHjynt0qFbqV+IjLAqmDBviB6efDx1fUTFonreIFUoTFNJlLI01X76/GWH9MzLLRtUkkg7C1eF33/Gp/HzmuZV4SO19HNN4ffK0l/oG2v0aufByQqZunjxMyGMLplMrzJw8NTpG++sgmQRq+UNrd0UWv36qQZ4J0UotD5C3uYijECgYEAoAnDMLYkLbNyMwH4Jq0bsSokfKXFkeCbZBMYChEYex8M2F0MKlFB5BvtfC4qJsEOzDQgQFMwYzUmt8eLzIgWnI7AMQRVHZ8JYeO0cFNhqi5N1mrwO7Oqd/L92eAz5WOh0ieMwi05iqZYB27mPJsUQ5L59+wGDT0wv5FCTfbKNoECgYEAoMHJZ1a/Bzq1raDHauJLk3JA+DN+5o7xDGVvda9x3rphQ4U7Vehpcg70AVWMyGoVv5N6vJdrAeZzBWP5b6ED+csRyNaLswHycsPzGy8t5Ose1P+ZlzCzDmRtynq0cQQvWl4zJAT2Wacgu2IqOrQOl+n67te3QlWrnq9IrSsWJFU\u003d"
}
2020-09-05 05:51:20 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
200
response_headers
{
  "date": "Sat, 05 Sep 2020 05:51:20 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003dE1FEDFD9BB9AA20DEB02283F528A188C; Path\u003d/oc; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "588",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"wvuV3A8b2WyaTsd6qJmJo31zMUNvUabZ","refresh_token":"meBFsPsxkryze6rVtxouqDPcRS23jQJm","scope":"SCOPE0002","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwNCIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY4MCwiaWF0IjoxNTk5Mjg1MDgwLCJub25jZSI6Ijc1elFKYWJQc0UifQ.KZjpY_iquyJx5I6YNcIK9YeWKeiyWQzxL71-kGsZE3C2LYD0D8y2SN2Y0yOmSscHcgRmvDR_9BdDxPsVEBYSyA","token_type":"Bearer","expires_in":60}
2020-09-05 05:51:20
CallTokenEndpoint
Token endpoint response
token_endpoint_response
{"access_token":"wvuV3A8b2WyaTsd6qJmJo31zMUNvUabZ","refresh_token":"meBFsPsxkryze6rVtxouqDPcRS23jQJm","scope":"SCOPE0002","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwNCIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY4MCwiaWF0IjoxNTk5Mjg1MDgwLCJub25jZSI6Ijc1elFKYWJQc0UifQ.KZjpY_iquyJx5I6YNcIK9YeWKeiyWQzxL71-kGsZE3C2LYD0D8y2SN2Y0yOmSscHcgRmvDR_9BdDxPsVEBYSyA","token_type":"Bearer","expires_in":60}
2020-09-05 05:51:20 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
access_token
wvuV3A8b2WyaTsd6qJmJo31zMUNvUabZ
refresh_token
meBFsPsxkryze6rVtxouqDPcRS23jQJm
scope
SCOPE0002
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwNCIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY4MCwiaWF0IjoxNTk5Mjg1MDgwLCJub25jZSI6Ijc1elFKYWJQc0UifQ.KZjpY_iquyJx5I6YNcIK9YeWKeiyWQzxL71-kGsZE3C2LYD0D8y2SN2Y0yOmSscHcgRmvDR_9BdDxPsVEBYSyA
token_type
Bearer
expires_in
60
2020-09-05 05:51:20 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2020-09-05 05:51:20 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
wvuV3A8b2WyaTsd6qJmJo31zMUNvUabZ
2020-09-05 05:51:20 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
wvuV3A8b2WyaTsd6qJmJo31zMUNvUabZ
type
Bearer
2020-09-05 05:51:20 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
60
2020-09-05 05:51:20 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
60
2020-09-05 05:51:20 SUCCESS
CheckForRefreshTokenValue
Found a refresh token
refresh_token
meBFsPsxkryze6rVtxouqDPcRS23jQJm
2020-09-05 05:51:20 SUCCESS
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
actual
256
required
128
2020-09-05 05:51:20 SUCCESS
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
actual
148.0
expected
96.0
2020-09-05 05:51:20 SUCCESS
EnsureMinimumAccessTokenLength
Access token is of sufficient length
actual
256
required
128
2020-09-05 05:51:20 SUCCESS
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
actual
148.0
expected
96.0
2020-09-05 05:51:20 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwNCIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY4MCwiaWF0IjoxNTk5Mjg1MDgwLCJub25jZSI6Ijc1elFKYWJQc0UifQ.KZjpY_iquyJx5I6YNcIK9YeWKeiyWQzxL71-kGsZE3C2LYD0D8y2SN2Y0yOmSscHcgRmvDR_9BdDxPsVEBYSyA
header
{
  "typ": "JWT",
  "alg": "ES256"
}
claims
{
  "sub": "1",
  "aud": "OIDFCERT0004",
  "acr": "urn:mace:incommon:iap:silver",
  "azp": "OIDFCERT0004",
  "amr": "AUTH_OP",
  "iss": "https://3a-rplib-test3.cloud-idauth.com/oc/",
  "exp": 1599288680,
  "iat": 1599285080,
  "nonce": "75zQJabPsE"
}
2020-09-05 05:51:20 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2020-09-05 05:51:20 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
75zQJabPsE
2020-09-05 05:51:20 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
acr value in id_token is (one of) the requested values
actual
urn:mace:incommon:iap:silver
requested
[
  "urn:mace:incommon:iap:silver"
]
2020-09-05 05:51:20 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwNCIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY4MCwiaWF0IjoxNTk5Mjg1MDgwLCJub25jZSI6Ijc1elFKYWJQc0UifQ.KZjpY_iquyJx5I6YNcIK9YeWKeiyWQzxL71-kGsZE3C2LYD0D8y2SN2Y0yOmSscHcgRmvDR_9BdDxPsVEBYSyA
2020-09-05 05:51:20 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwNCIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY4MCwiaWF0IjoxNTk5Mjg1MDgwLCJub25jZSI6Ijc1elFKYWJQc0UifQ.KZjpY_iquyJx5I6YNcIK9YeWKeiyWQzxL71-kGsZE3C2LYD0D8y2SN2Y0yOmSscHcgRmvDR_9BdDxPsVEBYSyA
2020-09-05 05:51:20 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
1
2020-09-05 05:51:20 SUCCESS
FAPIValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
alg
ES256
2020-09-05 05:51:20 INFO
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2020-09-05 05:51:20 INFO
ExtractCHash
Couldn't find c_hash in ID token
2020-09-05 05:51:20 INFO
ExtractSHash
Couldn't find s_hash in ID token
2020-09-05 05:51:20 INFO
ExtractAtHash
Couldn't find at_hash in ID token
2020-09-05 05:51:20 INFO
ValidateCHash
Skipped evaluation due to missing required object: c_hash
expected
c_hash
mapped
2020-09-05 05:51:20 INFO
ValidateSHash
Skipped evaluation due to missing required object: s_hash
expected
s_hash
mapped
2020-09-05 05:51:20 INFO
ValidateAtHash
Skipped evaluation due to missing required object: at_hash
expected
at_hash
mapped
Second client: Verify at_hash in the authorization endpoint id_token
2020-09-05 05:51:20 INFO
ExtractAtHash
Couldn't find at_hash in ID token
2020-09-05 05:51:20 INFO
ValidateAtHash
Skipped evaluation due to missing required object: at_hash
expected
at_hash
mapped
Second client: Check for refresh token
2020-09-05 05:51:20 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
meBFsPsxkryze6rVtxouqDPcRS23jQJm
2020-09-05 05:51:20 WARNING
EnsureServerConfigurationSupportsRefreshToken
The server issued a refresh token but does not claim to support this grant type
supported_grant_types
[
  "authorization_code",
  "urn:openid:params:grant-type:ciba"
]
2020-09-05 05:51:20 SUCCESS
EnsureRefreshTokenContainsAllowedCharactersOnly
Refresh token does not contain any illegal characters
Second client: Refresh Token Request
2020-09-05 05:51:20 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
meBFsPsxkryze6rVtxouqDPcRS23jQJm
2020-09-05 05:51:20 SUCCESS
CreateClientAuthenticationAssertionClaims
Created client assertion claims
iss
OIDFCERT0004
sub
OIDFCERT0004
aud
https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/
jti
6ZHUfxnROf6Dqz418TAB
iat
1599285080
exp
1599285140
2020-09-05 05:51:20 SUCCESS
SignClientAuthenticationAssertion
Signed the client assertion
client_assertion
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA5IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDQiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwNCIsImV4cCI6MTU5OTI4NTE0MCwiaWF0IjoxNTk5Mjg1MDgwLCJqdGkiOiI2WkhVZnhuUk9mNkRxejQxOFRBQiJ9.oBM2r583uirHM4AkuxRj-KcM0ORJHDuMmCI13x9xEq9ffS9uM9V8S5ljz4tB21Ga_i8BwZ63H5_ZU_a_WgCvRg
2020-09-05 05:51:20
AddClientAssertionToTokenEndpointRequest
Added client assertion
grant_type
refresh_token
refresh_token
meBFsPsxkryze6rVtxouqDPcRS23jQJm
client_assertion
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA5IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDQiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwNCIsImV4cCI6MTU5OTI4NTE0MCwiaWF0IjoxNTk5Mjg1MDgwLCJqdGkiOiI2WkhVZnhuUk9mNkRxejQxOFRBQiJ9.oBM2r583uirHM4AkuxRj-KcM0ORJHDuMmCI13x9xEq9ffS9uM9V8S5ljz4tB21Ga_i8BwZ63H5_ZU_a_WgCvRg
client_assertion_type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2020-09-05 05:51:20 SUCCESS
WaitForOneSecond
Pausing for 1 seconds
2020-09-05 05:51:21 SUCCESS
WaitForOneSecond
Woke up after 1 seconds sleep
2020-09-05 05:51:21
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "554"
}
request_body
grant_type=refresh_token&refresh_token=meBFsPsxkryze6rVtxouqDPcRS23jQJm&client_assertion=eyJraWQiOiJraWQyMDE5MDQwMTAwMDA5IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDQiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwNCIsImV4cCI6MTU5OTI4NTE0MCwiaWF0IjoxNTk5Mjg1MDgwLCJqdGkiOiI2WkhVZnhuUk9mNkRxejQxOFRBQiJ9.oBM2r583uirHM4AkuxRj-KcM0ORJHDuMmCI13x9xEq9ffS9uM9V8S5ljz4tB21Ga_i8BwZ63H5_ZU_a_WgCvRg&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
request_mutual_tls
{
  "cert": "MIIDTjCCAjYCCQCjUTxEpwknBTANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1RhbWFjaGkxDDAKBgNVBAoMA05FQzEMMAoGA1UECwwDTkVDMRwwGgYDVQQDDBN3d3cuM2FzZWN1cmVrZXkuY29tMB4XDTE4MDQyNzAyMDAwOFoXDTI4MDQyNDAyMDAwOFowaTELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdUYW1hY2hpMQwwCgYDVQQKDANORUMxDDAKBgNVBAsMA05FQzEcMBoGA1UEAwwTd3d3LjNhc2VjdXJla2V5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLD3g7pwzFMzbRh5cCGuR0KBCzD5Xk3w/Zj+3hpBq5/xSaQjmOfLF3LLiFD7sZXRPFVFXii4Y2GuFccSQ3MI9sMS/HDDTmOLPIWta/U9ZtcwjNyclXrX0IR8Fxuk5E9lRf//JwlMZHAxfESvBe5WMnzGDTVdp5Hv6sWZAdkgdwQTMFM4vpHhBD6qJsxSG7jBvqVYd8w9pCZ9k1mSfKKgqPfpOA6jv2ATiwv9r9ZQNtKl/MbHY9/R59GU+S7WSPtqM5O3bJGGCXFvpZF2CghcYqn9vDhIrNOD/xo3ZF0Z+doEl8e0e1IAr2JiGD4JPpz4W67pjUVb9G+NTRtQ71YqccCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAETj+cEVPthSghrIJamsmddV+GFHYjOfvQw0r8LZYkqJZlK1FOeWwBM+kDzpxOErtPiyjvv2eBPGm9LcLZpDbMLg77Lv3HjaWy+yISRQ/wGUb9tlJ8AUeEd2uoPUzDQf5VpTBEq/M9E7CB3g2hZvwRYvq6PfsDexCwq9OWogK3WpEozIMVyOL3jYpkSJzDqPuN3nFiNc5eMJ7lo+b/K1rUEqwuN21TjwAn1DXfW0dD1a/ig004xecHU1wsIMP2ARQ/qOD7P0emE/umlwLQ0kw3HB2ideAJzU4OstiqUH41LKwIIzUu6rz6/S9PMcmVfqv9PfhITQSs8vCqC8uaWLtGg\u003d\u003d",
  "key": "MIIEpQIBAAKCAQEAosPeDunDMUzNtGHlwIa5HQoELMPleTfD9mP7eGkGrn/FJpCOY58sXcsuIUPuxldE8VUVeKLhjYa4VxxJDcwj2wxL8cMNOY4s8ha1r9T1m1zCM3JyVetfQhHwXG6TkT2VF//8nCUxkcDF8RK8F7lYyfMYNNV2nke/qxZkB2SB3BBMwUzi+keEEPqomzFIbuMG+pVh3zD2kJn2TWZJ8oqCo9+k4DqO/YBOLC/2v1lA20qX8xsdj39Hn0ZT5LtZI+2ozk7dskYYJcW+lkXYKCFxiqf28OEis04P/GjdkXRn52gSXx7R7UgCvYmIYPgk+nPhbrumNRVv0b41NG1DvVipxwIDAQABAoIBAQCVFUrD5iG/elXALxs+KShNDOueBSCe0xFPEW04cRqJosZ1+FozrYv5rSznk02VpkGjuwcbpDVsaEVYpLPVS3JcJPs6yinG2g8Y/uwTzb/ZOjE25lELmbd60OuT/kRz+DAj93jtnLO2iRfFJB/cqwxEjcFSQ2OOvrE0iCG/E7ROV7m3C5OOjKhSypP++04nWajIqW//uMDaFoFquf7x4aoHc9wRD1IyHGha9hIZA7JiY5KlwyQV/AEoz+C+O9Z8FYpqZT76fnzQvLvbk6fYr4q1a0gm/J9HTp4l0bQ9NMKVvt4PGlJmxQhQfIJixARsnKEDtu0uUcgbVXRB6pRtmG6BAoGBAM+hvgN+TX8c4fMmDvGpNB0+PvA2ZC6JJd0oLmpZMMdLRl+0A5j3nHv2nR04FlB1brD9ucInVHZYlgL5ab3/x27iV+H5spIN6cST7WH+Sjqsi43tKGyx9oXosL6RN+4HM7rTWbCxwq0tVunk01IR5FeO8xZss4UDyev6vStBjmzXAoGBAMiueG4ALkIGqTw/sTNl7vwmMcyPbjA6h68I9FkTGI0G5YHy7yWlEhdD/rUYSXVCXlh+3aftbfJ4CP9nWaM6NMREoysCQ3y/kulgJ0imPEFwnqWQMljQV1zRg9gthdixyBI6YZ62MUF6i/XYfUs0KQ9baHuzB4ejMs7U8bGENpyRAoGAHjynt0qFbqV+IjLAqmDBviB6efDx1fUTFonreIFUoTFNJlLI01X76/GWH9MzLLRtUkkg7C1eF33/Gp/HzmuZV4SO19HNN4ffK0l/oG2v0aufByQqZunjxMyGMLplMrzJw8NTpG++sgmQRq+UNrd0UWv36qQZ4J0UotD5C3uYijECgYEAoAnDMLYkLbNyMwH4Jq0bsSokfKXFkeCbZBMYChEYex8M2F0MKlFB5BvtfC4qJsEOzDQgQFMwYzUmt8eLzIgWnI7AMQRVHZ8JYeO0cFNhqi5N1mrwO7Oqd/L92eAz5WOh0ieMwi05iqZYB27mPJsUQ5L59+wGDT0wv5FCTfbKNoECgYEAoMHJZ1a/Bzq1raDHauJLk3JA+DN+5o7xDGVvda9x3rphQ4U7Vehpcg70AVWMyGoVv5N6vJdrAeZzBWP5b6ED+csRyNaLswHycsPzGy8t5Ose1P+ZlzCzDmRtynq0cQQvWl4zJAT2Wacgu2IqOrQOl+n67te3QlWrnq9IrSsWJFU\u003d"
}
2020-09-05 05:51:22 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
200 OK
response_status_text
200
response_headers
{
  "date": "Sat, 05 Sep 2020 05:51:22 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003d67C4D387C74F4E66F8827629B019C5A5; Path\u003d/oc; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "509",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"access_token":"324QkSRTSjEeUU1nYAHFcWro7995X2Sg","scope":"SCOPE0002","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwNCIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY4MiwiaWF0IjoxNTk5Mjg1MDgyfQ.LrWG9FpeaC0mwaS-Dbiga0Gox2JRrCERlpbrc7I9x0Tx28-GB0ctJ16VzhpVG8taql5ZkaNLhziYU372TV388g","token_type":"Bearer","expires_in":60}
2020-09-05 05:51:22 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
access_token
324QkSRTSjEeUU1nYAHFcWro7995X2Sg
scope
SCOPE0002
id_token
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwNCIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY4MiwiaWF0IjoxNTk5Mjg1MDgyfQ.LrWG9FpeaC0mwaS-Dbiga0Gox2JRrCERlpbrc7I9x0Tx28-GB0ctJ16VzhpVG8taql5ZkaNLhziYU372TV388g
token_type
Bearer
expires_in
60
2020-09-05 05:51:22 SUCCESS
CheckTokenEndpointHttpStatus200
Token endpoint http status code was 200
2020-09-05 05:51:22 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2020-09-05 05:51:22 SUCCESS
CheckTokenEndpointCacheHeaders
Checked 'pragma' and 'cache-control' in the headers of token_endpoint_response.
2020-09-05 05:51:22 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2020-09-05 05:51:22 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
324QkSRTSjEeUU1nYAHFcWro7995X2Sg
type
Bearer
2020-09-05 05:51:22 SUCCESS
CheckTokenTypeIsBearer
Token type is bearer
2020-09-05 05:51:22 SUCCESS
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
actual
149.24511249783654
expected
96.0
2020-09-05 05:51:22 SUCCESS
EnsureAccessTokenContainsAllowedCharactersOnly
Access token does not contain any illegal characters
2020-09-05 05:51:22 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
60
2020-09-05 05:51:22 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
60
2020-09-05 05:51:22 SUCCESS
EnsureAccessTokenValuesAreDifferent
Access token values are not the same
first_access_token
wvuV3A8b2WyaTsd6qJmJo31zMUNvUabZ
second_access_token
324QkSRTSjEeUU1nYAHFcWro7995X2Sg
2020-09-05 05:51:22 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiIxIiwiYXVkIjoiT0lERkNFUlQwMDA0IiwiYWNyIjoidXJuOm1hY2U6aW5jb21tb246aWFwOnNpbHZlciIsImF6cCI6Ik9JREZDRVJUMDAwNCIsImFtciI6IkFVVEhfT1AiLCJpc3MiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcLyIsImV4cCI6MTU5OTI4ODY4MiwiaWF0IjoxNTk5Mjg1MDgyfQ.LrWG9FpeaC0mwaS-Dbiga0Gox2JRrCERlpbrc7I9x0Tx28-GB0ctJ16VzhpVG8taql5ZkaNLhziYU372TV388g
header
{
  "typ": "JWT",
  "alg": "ES256"
}
claims
{
  "sub": "1",
  "aud": "OIDFCERT0004",
  "acr": "urn:mace:incommon:iap:silver",
  "azp": "OIDFCERT0004",
  "amr": "AUTH_OP",
  "iss": "https://3a-rplib-test3.cloud-idauth.com/oc/",
  "exp": 1599288682,
  "iat": 1599285082
}
2020-09-05 05:51:22 INFO
ExtractRefreshTokenFromTokenResponse
Token endpoint response does not contain a refresh token
2020-09-05 05:51:22 INFO
EnsureMinimumRefreshTokenLength
Skipped evaluation due to missing required element: token_endpoint_response refresh_token
path
refresh_token
mapped
object
token_endpoint_response
2020-09-05 05:51:22 INFO
EnsureMinimumRefreshTokenEntropy
Skipped evaluation due to missing required element: token_endpoint_response refresh_token
path
refresh_token
mapped
object
token_endpoint_response
2020-09-05 05:51:22 SUCCESS
CompareIdTokenClaims
Validated id token claims successfully
iss
{
  "first": "https://3a-rplib-test3.cloud-idauth.com/oc/",
  "second": "https://3a-rplib-test3.cloud-idauth.com/oc/",
  "note": "Values are expected to be equal"
}
sub
{
  "first": "1",
  "second": "1",
  "note": "Values are expected to be equal"
}
iat
{
  "first": 1599285080,
  "second": 1599285082,
  "note": "Values are expected to be different"
}
aud
{
  "first": "OIDFCERT0004",
  "second": "OIDFCERT0004",
  "note": "Values are expected to be equal"
}
azp
{
  "first": "OIDFCERT0004",
  "second": "OIDFCERT0004",
  "note": "Values are expected to be equal"
}
Second client: Resource server endpoint tests
2020-09-05 05:51:22
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
resource_endpoint_request_headers
{}
2020-09-05 05:51:22
CallProtectedResourceWithBearerTokenAndCustomHeaders
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/oc/accounts
request_method
GET
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Bearer 324QkSRTSjEeUU1nYAHFcWro7995X2Sg",
  "accept-charset": "utf-8",
  "content-length": "0"
}
request_body

                                
request_mutual_tls
{
  "cert": "MIIDTjCCAjYCCQCjUTxEpwknBTANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1RhbWFjaGkxDDAKBgNVBAoMA05FQzEMMAoGA1UECwwDTkVDMRwwGgYDVQQDDBN3d3cuM2FzZWN1cmVrZXkuY29tMB4XDTE4MDQyNzAyMDAwOFoXDTI4MDQyNDAyMDAwOFowaTELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdUYW1hY2hpMQwwCgYDVQQKDANORUMxDDAKBgNVBAsMA05FQzEcMBoGA1UEAwwTd3d3LjNhc2VjdXJla2V5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLD3g7pwzFMzbRh5cCGuR0KBCzD5Xk3w/Zj+3hpBq5/xSaQjmOfLF3LLiFD7sZXRPFVFXii4Y2GuFccSQ3MI9sMS/HDDTmOLPIWta/U9ZtcwjNyclXrX0IR8Fxuk5E9lRf//JwlMZHAxfESvBe5WMnzGDTVdp5Hv6sWZAdkgdwQTMFM4vpHhBD6qJsxSG7jBvqVYd8w9pCZ9k1mSfKKgqPfpOA6jv2ATiwv9r9ZQNtKl/MbHY9/R59GU+S7WSPtqM5O3bJGGCXFvpZF2CghcYqn9vDhIrNOD/xo3ZF0Z+doEl8e0e1IAr2JiGD4JPpz4W67pjUVb9G+NTRtQ71YqccCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAETj+cEVPthSghrIJamsmddV+GFHYjOfvQw0r8LZYkqJZlK1FOeWwBM+kDzpxOErtPiyjvv2eBPGm9LcLZpDbMLg77Lv3HjaWy+yISRQ/wGUb9tlJ8AUeEd2uoPUzDQf5VpTBEq/M9E7CB3g2hZvwRYvq6PfsDexCwq9OWogK3WpEozIMVyOL3jYpkSJzDqPuN3nFiNc5eMJ7lo+b/K1rUEqwuN21TjwAn1DXfW0dD1a/ig004xecHU1wsIMP2ARQ/qOD7P0emE/umlwLQ0kw3HB2ideAJzU4OstiqUH41LKwIIzUu6rz6/S9PMcmVfqv9PfhITQSs8vCqC8uaWLtGg\u003d\u003d",
  "key": "MIIEpQIBAAKCAQEAosPeDunDMUzNtGHlwIa5HQoELMPleTfD9mP7eGkGrn/FJpCOY58sXcsuIUPuxldE8VUVeKLhjYa4VxxJDcwj2wxL8cMNOY4s8ha1r9T1m1zCM3JyVetfQhHwXG6TkT2VF//8nCUxkcDF8RK8F7lYyfMYNNV2nke/qxZkB2SB3BBMwUzi+keEEPqomzFIbuMG+pVh3zD2kJn2TWZJ8oqCo9+k4DqO/YBOLC/2v1lA20qX8xsdj39Hn0ZT5LtZI+2ozk7dskYYJcW+lkXYKCFxiqf28OEis04P/GjdkXRn52gSXx7R7UgCvYmIYPgk+nPhbrumNRVv0b41NG1DvVipxwIDAQABAoIBAQCVFUrD5iG/elXALxs+KShNDOueBSCe0xFPEW04cRqJosZ1+FozrYv5rSznk02VpkGjuwcbpDVsaEVYpLPVS3JcJPs6yinG2g8Y/uwTzb/ZOjE25lELmbd60OuT/kRz+DAj93jtnLO2iRfFJB/cqwxEjcFSQ2OOvrE0iCG/E7ROV7m3C5OOjKhSypP++04nWajIqW//uMDaFoFquf7x4aoHc9wRD1IyHGha9hIZA7JiY5KlwyQV/AEoz+C+O9Z8FYpqZT76fnzQvLvbk6fYr4q1a0gm/J9HTp4l0bQ9NMKVvt4PGlJmxQhQfIJixARsnKEDtu0uUcgbVXRB6pRtmG6BAoGBAM+hvgN+TX8c4fMmDvGpNB0+PvA2ZC6JJd0oLmpZMMdLRl+0A5j3nHv2nR04FlB1brD9ucInVHZYlgL5ab3/x27iV+H5spIN6cST7WH+Sjqsi43tKGyx9oXosL6RN+4HM7rTWbCxwq0tVunk01IR5FeO8xZss4UDyev6vStBjmzXAoGBAMiueG4ALkIGqTw/sTNl7vwmMcyPbjA6h68I9FkTGI0G5YHy7yWlEhdD/rUYSXVCXlh+3aftbfJ4CP9nWaM6NMREoysCQ3y/kulgJ0imPEFwnqWQMljQV1zRg9gthdixyBI6YZ62MUF6i/XYfUs0KQ9baHuzB4ejMs7U8bGENpyRAoGAHjynt0qFbqV+IjLAqmDBviB6efDx1fUTFonreIFUoTFNJlLI01X76/GWH9MzLLRtUkkg7C1eF33/Gp/HzmuZV4SO19HNN4ffK0l/oG2v0aufByQqZunjxMyGMLplMrzJw8NTpG++sgmQRq+UNrd0UWv36qQZ4J0UotD5C3uYijECgYEAoAnDMLYkLbNyMwH4Jq0bsSokfKXFkeCbZBMYChEYex8M2F0MKlFB5BvtfC4qJsEOzDQgQFMwYzUmt8eLzIgWnI7AMQRVHZ8JYeO0cFNhqi5N1mrwO7Oqd/L92eAz5WOh0ieMwi05iqZYB27mPJsUQ5L59+wGDT0wv5FCTfbKNoECgYEAoMHJZ1a/Bzq1raDHauJLk3JA+DN+5o7xDGVvda9x3rphQ4U7Vehpcg70AVWMyGoVv5N6vJdrAeZzBWP5b6ED+csRyNaLswHycsPzGy8t5Ose1P+ZlzCzDmRtynq0cQQvWl4zJAT2Wacgu2IqOrQOl+n67te3QlWrnq9IrSsWJFU\u003d"
}
2020-09-05 05:51:23 RESPONSE
CallProtectedResourceWithBearerTokenAndCustomHeaders
HTTP response
response_status_code
200 OK
response_status_text
200
response_headers
{
  "date": "Sat, 05 Sep 2020 05:51:23 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003dBB5E0B1351A63A45848BADCD40814DBE; Path\u003d/oc; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "x-fapi-interaction-id": "a5e6ffc1-2b04-4d0c-a9a8-1f0bc9c1f598",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "133",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
response_body
{"iss":"https:\/\/3a-rplib-test3.cloud-idauth.com\/oc\/","sub":"1","aud":"OIDFCERT0004","country":"japan","postal_code":"105-0001"}
2020-09-05 05:51:23 SUCCESS
CallProtectedResourceWithBearerTokenAndCustomHeaders
Got a response from the resource endpoint
headers
{
  "date": "Sat, 05 Sep 2020 05:51:23 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003dBB5E0B1351A63A45848BADCD40814DBE; Path\u003d/oc; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "x-fapi-interaction-id": "a5e6ffc1-2b04-4d0c-a9a8-1f0bc9c1f598",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "133",
  "keep-alive": "timeout\u003d5, max\u003d100",
  "connection": "Keep-Alive"
}
status_code
{
  "code": 200
}
body
{"iss":"https:\/\/3a-rplib-test3.cloud-idauth.com\/oc\/","sub":"1","aud":"OIDFCERT0004","country":"japan","postal_code":"105-0001"}
2020-09-05 05:51:23 SUCCESS
CheckForDateHeaderInResourceResponse
Date header present and validated
date
Sat, 05 Sep 2020 05:51:23 GMT
skew
460
2020-09-05 05:51:23 SUCCESS
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
interaction_id
a5e6ffc1-2b04-4d0c-a9a8-1f0bc9c1f598
2020-09-05 05:51:23 SUCCESS
EnsureResourceResponseReturnedJsonContentType
Response content type is JSON
content_type
application/json;charset=UTF-8
Try Client1's MTLS client certificate with Client2's access token
2020-09-05 05:51:23
CallProtectedResourceWithBearerTokenExpectingError
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/oc/accounts
request_method
GET
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "authorization": "Bearer 324QkSRTSjEeUU1nYAHFcWro7995X2Sg",
  "accept-charset": "utf-8",
  "content-length": "0"
}
request_body

                                
request_mutual_tls
{
  "cert": "MIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/HDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFCJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKNDu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEYv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisCAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZhbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91ZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5KE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+ull8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNOIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxAMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyhAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/YWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0BAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3EDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjtLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904MonyRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKoBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLwyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg\u003d\u003d",
  "key": "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCA0KTVHpR5eIMlmMkbaORPxwyEUjuGD559soOExVElDLJfvbjYcu/UAAgeINk8yF1pOTdCo+KZG/Vpeytga8BQiQHwwgFCt50S24kUtScJ18Q4qy/ew2M/qxCooavKw66jpduuuONAp07/z0/ZlYs0K2B+P2lQVqQwqlf1NbTudC7CQnt6sut5p8v/bOAx/9gkMnjvQTW8blOk6O6M0SjQ7u8M6vyHTxCp3ZXSfonkJ8HodIEJe6EM51TZ1xxUa5o1oNesrELR+mUIiUDIUyRGL9J6rbPNAVP5h1muVEjahpZxfyH7mvzRfK9uLvpBJ4snKtS/KM7IZMWeT1zm24rAgMBAAECggEAaOdYgKhZSlvC2YU+2dXddQUHKx7nSbYmMyL+Rfz/3CX4FL1tWGtAi01xzMFww7Op+9LhF7m9uFzyH+GR5y4Ml2dWyyyC/A6ZEB0M8iIjixv5iRZdbONNO8cCF4IsSorjh4QmjCIgGVdSp2Z7dPyN6/s1BPpzLzRcbxGiuMBz1sGgakJANcyD4/frMBppbbmPDVpUTQ3LEZ3YRVIfqJQatiCNUlYlOERY4xlnZuCCpHzmjRYuccWH2Q9OSEGgW6JU+ujFx22rfeeYK3r4TayQPJ9wtBVmK3C03ccnPyjx2yUWIczjrp+SI6K16F1pSDhkm4ylbGhCngiyr8AU4dzhgQKBgQDFSDeZmhvW7PNgJAMa1lgfKikp2gb/A/YEXZFHKawjQRUR1+tP0mrxAWYvuPfUu+42kr3izXMbPiS0aNX6HPZeJcsnhWf2D9NPt2vqFWrXNcSm3dy3Is20rxsKWQXp2L8nP3GRbAFvu2aTEhX7a4vnZE7/BWIAiO/t/cXP6HUs/wKBgQCotX80ab64aUmd0SkuHv9YKYBTjP4stgxP/3GRVuFuU+AaqDxRNbnNRYEM/O/OLZeqU0oL1bONpThQhN2Pu8ApUEz2dGyknkIRmRNRHgXw28GOm0ZWu4xYdW+SXVO8yTOAqdh1WvYLTp8xJEzD3vvJ+Rib/jhsSjCibAhgmT0C1QKBgDgrBoF6CgEYN3ag6i1i53YAB/Y9eA51Lz8w8KLlL3heGESbSAjS7NWvQ0vFCvKLixgIkX2YZvRTrhmbW4i5ZD+L3RpkdiPtf4lLvLLJ5EBfs5yawDN3+j8+N6GrlO5uYoYnHwt7R7FrFpo65P1PMmbv/TnIa42hb0ZAIWi/U1U7AoGASilmnpqxbQ1TgB121cBojM/JinDbNrpcFTp8KOChPkd+pxk3UpekcpjQDu6NV/vwxL3SOfuZ73UmmTae0tU8tqyG+HvbWk37SxMYS7s/704a+t5FAFF3c1dEUXnXGpDzo+aFsajnqbbJAegsGppF4tYuPDx3fxrp4CxPTm9uQ3UCgYEAscF3RcCOsOzIGEUbCfh+A3BLbFQso5XdmYWY5QGgxv1wkSe0H1lUDk0NCmEPVUd8YXJH6u5bTWwl4hcv3gD/X/c1PVXELuvRf1hCl+VO51KpFShJnaphVS9pKs8AL+3RioA7GZF2rwQklyTZGEfHpPylmNcfY4XXW8WwkngGCFg\u003d"
}
2020-09-05 05:51:24 RESPONSE
CallProtectedResourceWithBearerTokenExpectingError
HTTP response
response_status_code
400 BAD_REQUEST
response_status_text
400
response_headers
{
  "date": "Sat, 05 Sep 2020 05:51:24 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003d6C41078397FF8BC53735D8A1C7035240; Path\u003d/oc; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "122",
  "connection": "close"
}
response_body
{"error_description":"アクセストークン検証システムエラー","error":"server_error","error_uri":"error_uri"}
2020-09-05 05:51:24 SUCCESS
CallProtectedResourceWithBearerTokenExpectingError
Resource endpoint returned error
code
400
body
{"error_description":"アクセストークン検証システムエラー","error":"server_error","error_uri":"error_uri"}
status
400
Attempting to use refresh_token issued to client 2 with client 1
2020-09-05 05:51:24 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
meBFsPsxkryze6rVtxouqDPcRS23jQJm
2020-09-05 05:51:24 SUCCESS
CreateClientAuthenticationAssertionClaims
Created client assertion claims
iss
OIDFCERT0003
sub
OIDFCERT0003
aud
https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/
jti
PzXbSQlX0wCyg4qXIFoj
iat
1599285084
exp
1599285144
2020-09-05 05:51:24 SUCCESS
SignClientAuthenticationAssertion
Signed the client assertion
client_assertion
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDMiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwMyIsImV4cCI6MTU5OTI4NTE0NCwiaWF0IjoxNTk5Mjg1MDg0LCJqdGkiOiJQelhiU1FsWDB3Q3lnNHFYSUZvaiJ9.iq26lG2oPm8hnokMmq7fkJG6EM2XsQ2KU4x_B0zIItur5M8r6S51CsdaNd8ncLRfExH_exmMcHS5fs0ixsYxvg
2020-09-05 05:51:24
AddClientAssertionToTokenEndpointRequest
Added client assertion
grant_type
refresh_token
refresh_token
meBFsPsxkryze6rVtxouqDPcRS23jQJm
client_assertion
eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDMiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwMyIsImV4cCI6MTU5OTI4NTE0NCwiaWF0IjoxNTk5Mjg1MDg0LCJqdGkiOiJQelhiU1FsWDB3Q3lnNHFYSUZvaiJ9.iq26lG2oPm8hnokMmq7fkJG6EM2XsQ2KU4x_B0zIItur5M8r6S51CsdaNd8ncLRfExH_exmMcHS5fs0ixsYxvg
client_assertion_type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2020-09-05 05:51:24
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://3a-rplib-test3.cloud-idauth.com/oc/TokenEndpoint/
request_method
POST
request_headers
{
  "accept": "application/json;charset\u003dUTF-8",
  "accept-charset": "utf-8",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "554"
}
request_body
grant_type=refresh_token&refresh_token=meBFsPsxkryze6rVtxouqDPcRS23jQJm&client_assertion=eyJraWQiOiJraWQyMDE5MDQwMTAwMDA4IiwiYWxnIjoiRVMyNTYifQ.eyJzdWIiOiJPSURGQ0VSVDAwMDMiLCJhdWQiOiJodHRwczpcL1wvM2EtcnBsaWItdGVzdDMuY2xvdWQtaWRhdXRoLmNvbVwvb2NcL1Rva2VuRW5kcG9pbnRcLyIsImlzcyI6Ik9JREZDRVJUMDAwMyIsImV4cCI6MTU5OTI4NTE0NCwiaWF0IjoxNTk5Mjg1MDg0LCJqdGkiOiJQelhiU1FsWDB3Q3lnNHFYSUZvaiJ9.iq26lG2oPm8hnokMmq7fkJG6EM2XsQ2KU4x_B0zIItur5M8r6S51CsdaNd8ncLRfExH_exmMcHS5fs0ixsYxvg&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
request_mutual_tls
{
  "cert": "MIIHBTCCBe2gAwIBAgIMPsmQ1/JsLI/5U0YAMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcNMTgwODAyMDYzNjM0WhcNMjAxMTA0MDQxMjE4WjBAMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAMMEiouY2xvdWQtaWRhdXRoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIIDQpNUelHl4gyWYyRto5E/HDIRSO4YPnn2yg4TFUSUMsl+9uNhy79QACB4g2TzIXWk5N0Kj4pkb9Wl7K2BrwFCJAfDCAUK3nRLbiRS1JwnXxDirL97DYz+rEKihq8rDrqOl266440CnTv/PT9mVizQrYH4/aVBWpDCqV/U1tO50LsJCe3qy63mny/9s4DH/2CQyeO9BNbxuU6To7ozRKNDu7wzq/IdPEKndldJ+ieQnweh0gQl7oQznVNnXHFRrmjWg16ysQtH6ZQiJQMhTJEYv0nqts80BU/mHWa5USNqGlnF/Ifua/NF8r24u+kEniycq1L8ozshkxZ5PXObbisCAwEAAaOCA90wggPZMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQwRwYIKwYBBQUHMAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzZG9tYWludmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEEAaAyAQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZhbHNoYTJnMi5jcmwwLwYDVR0RBCgwJoISKi5jbG91ZC1pZGF1dGguY29tghBjbG91ZC1pZGF1dGguY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Si3Yq0ZVkRke4XquYS1uuTWg6YwHwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZPlaNB0AAAQDAEgwRgIhAMUV+XA5KE3vILTJ/hYwDmMG1zpwTb5f6P0TnAF+LyR3AiEAxD0g3uULAmdFAOhimbXA5b+ull8Z7EiH6LbnAULafM0AdQCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAWT5WjXzAAAEAwBGMEQCIBd9qPtsfXTxPzl17/l7s6v2vYMNXbarOKiRRTNOIlmjAiAaZhx3vwVi6ZpSRRQPfWEzHzOxKLAfJ1aG7q3WU7hyEQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZPlaN4AAAAQDAEcwRQIhAJlfgyxAMgtS6d9ZEjbxHadcopkoTWJWs3rGoUpnimCWAiAwMfj4L0ljYn4Yas8+OPMFrwyhAvyGrG3ywgwMyVI0tAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABZPlaNE0AAAQDAEcwRQIgVaNsW0XzqwTeU+CpnuKD4qaTPv0jKXpJ3UTLlTa/YWACIQC4w/9dAaYCk9ilUIR34ObsMX+TJG+hYjD6/120seNUbTANBgkqhkiG9w0BAQsFAAOCAQEAD6egOG/AQeKSEsVDYMXf3wDztz2c6+Th9X10nbnuQZK8ofOJSAI3EDDUTc9GEDKfwTx16BIm7NbpLrurykkPbhomg2ZFQP7TmVwNDt6adovHVul7yyjtLeaBG/YiREoH8wCf43t90G/5YDREbe5dxIzLGeBuDY59E4aN1One1kAhk904MonyRQ8z+aRv+ZNBWajDaTJ7ef1ZS3t0Kpa/FCLFDXYEJhzTIO3BsEFLx1hDTrGKEZKoBUWBynKtfjdonZoqL7zHzB+WFi9Q0ba+sapNqqAINUT4DjVMjn5L6yGUWXV8IeLwyDOODPHeCVJI0hBfFkjbPePne3X2a2Kodg\u003d\u003d",
  "key": "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCCA0KTVHpR5eIMlmMkbaORPxwyEUjuGD559soOExVElDLJfvbjYcu/UAAgeINk8yF1pOTdCo+KZG/Vpeytga8BQiQHwwgFCt50S24kUtScJ18Q4qy/ew2M/qxCooavKw66jpduuuONAp07/z0/ZlYs0K2B+P2lQVqQwqlf1NbTudC7CQnt6sut5p8v/bOAx/9gkMnjvQTW8blOk6O6M0SjQ7u8M6vyHTxCp3ZXSfonkJ8HodIEJe6EM51TZ1xxUa5o1oNesrELR+mUIiUDIUyRGL9J6rbPNAVP5h1muVEjahpZxfyH7mvzRfK9uLvpBJ4snKtS/KM7IZMWeT1zm24rAgMBAAECggEAaOdYgKhZSlvC2YU+2dXddQUHKx7nSbYmMyL+Rfz/3CX4FL1tWGtAi01xzMFww7Op+9LhF7m9uFzyH+GR5y4Ml2dWyyyC/A6ZEB0M8iIjixv5iRZdbONNO8cCF4IsSorjh4QmjCIgGVdSp2Z7dPyN6/s1BPpzLzRcbxGiuMBz1sGgakJANcyD4/frMBppbbmPDVpUTQ3LEZ3YRVIfqJQatiCNUlYlOERY4xlnZuCCpHzmjRYuccWH2Q9OSEGgW6JU+ujFx22rfeeYK3r4TayQPJ9wtBVmK3C03ccnPyjx2yUWIczjrp+SI6K16F1pSDhkm4ylbGhCngiyr8AU4dzhgQKBgQDFSDeZmhvW7PNgJAMa1lgfKikp2gb/A/YEXZFHKawjQRUR1+tP0mrxAWYvuPfUu+42kr3izXMbPiS0aNX6HPZeJcsnhWf2D9NPt2vqFWrXNcSm3dy3Is20rxsKWQXp2L8nP3GRbAFvu2aTEhX7a4vnZE7/BWIAiO/t/cXP6HUs/wKBgQCotX80ab64aUmd0SkuHv9YKYBTjP4stgxP/3GRVuFuU+AaqDxRNbnNRYEM/O/OLZeqU0oL1bONpThQhN2Pu8ApUEz2dGyknkIRmRNRHgXw28GOm0ZWu4xYdW+SXVO8yTOAqdh1WvYLTp8xJEzD3vvJ+Rib/jhsSjCibAhgmT0C1QKBgDgrBoF6CgEYN3ag6i1i53YAB/Y9eA51Lz8w8KLlL3heGESbSAjS7NWvQ0vFCvKLixgIkX2YZvRTrhmbW4i5ZD+L3RpkdiPtf4lLvLLJ5EBfs5yawDN3+j8+N6GrlO5uYoYnHwt7R7FrFpo65P1PMmbv/TnIa42hb0ZAIWi/U1U7AoGASilmnpqxbQ1TgB121cBojM/JinDbNrpcFTp8KOChPkd+pxk3UpekcpjQDu6NV/vwxL3SOfuZ73UmmTae0tU8tqyG+HvbWk37SxMYS7s/704a+t5FAFF3c1dEUXnXGpDzo+aFsajnqbbJAegsGppF4tYuPDx3fxrp4CxPTm9uQ3UCgYEAscF3RcCOsOzIGEUbCfh+A3BLbFQso5XdmYWY5QGgxv1wkSe0H1lUDk0NCmEPVUd8YXJH6u5bTWwl4hcv3gD/X/c1PVXELuvRf1hCl+VO51KpFShJnaphVS9pKs8AL+3RioA7GZF2rwQklyTZGEfHpPylmNcfY4XXW8WwkngGCFg\u003d"
}
2020-09-05 05:51:24 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
400 BAD_REQUEST
response_status_text
400
response_headers
{
  "date": "Sat, 05 Sep 2020 05:51:24 GMT",
  "server": "Apache/2.4.27 (Unix) OpenSSL/1.1.0g-dev",
  "set-cookie": "JSESSIONID\u003d9DDDE967003FF9C8D0698F23E8FBFE41; Path\u003d/oc; Secure; HttpOnly",
  "cache-control": "no-store",
  "pragma": "no-cache",
  "content-type": "application/json;charset\u003dUTF-8",
  "content-length": "130",
  "connection": "close"
}
response_body
{"error_description":"invalid_grant","error":"invalid_grant","error_uri":"https://3a-rplib-test3.cloud-idauth.com/oc/OC-OP-13513"}
2020-09-05 05:51:24 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
error_description
invalid_grant
error
invalid_grant
error_uri
https://3a-rplib-test3.cloud-idauth.com/oc/OC-OP-13513
2020-09-05 05:51:24 SUCCESS
ValidateErrorFromTokenEndpointResponseError
Token endpoint response error returned valid 'error' field
error
invalid_grant
2020-09-05 05:51:24 SUCCESS
CheckTokenEndpointHttpStatus400
Token endpoint http status code was 400
2020-09-05 05:51:24 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2020-09-05 05:51:24 SUCCESS
CheckErrorFromTokenEndpointResponseErrorInvalidGrant
Token Endpoint response error returned expected 'error' of 'invalid_grant'
error
invalid_grant
2020-09-05 05:51:24 FINISHED
fapi-rw-id2-refresh-token
Test has run to completion
testmodule_result
WARNING
2020-09-05 05:52:06
TEST-RUNNER
Alias has now been claimed by another test
alias
NC7000-3A-OC
new_test_id
Hg0Yi4DulIx8uFB
Test Results