Test Name | oidcc-max-age-1 |
---|---|
Variant | client_auth_type=client_secret_basic, server_metadata=discovery, response_type=code, response_mode=form_post, client_registration=dynamic_client |
Test ID | 31CIWzYr5jxQwrN https://www.certification.openid.net/log-detail.html?public=true&log=31CIWzYr5jxQwrN |
Created | 2022-08-04T04:46:23.597940Z |
Description | isva_op_oidc_core_test_gh dynamic_client |
Test Version | 4.1.45 |
Test Owner | 3287601 https://gitlab.com |
Plan ID | ivimxTzySgCH5 https://www.certification.openid.net/plan-detail.html?public=true&plan=ivimxTzySgCH5 |
Exported From | https://www.certification.openid.net |
Exported By | 3287601 https://gitlab.com |
Suite Version | 5.0.0 |
Exported | 2022-08-11 05:58:40 (UTC) |
Status: FINISHED Result: REVIEW |
SUCCESS 92 FAILURE 0 WARNING 0 REVIEW 1 INFO 5 |
2022-08-04 04:46:23 |
INFO
|
TEST-RUNNER
Test instance 31CIWzYr5jxQwrN created
|
||||||||||||||
|
2022-08-04 04:46:23 |
SUCCESS
|
CreateRedirectUri
Created redirect URI
|
||
|
2022-08-04 04:46:23 |
|
GetDynamicServerConfiguration
HTTP request
|
||||||||
|
2022-08-04 04:46:24 |
RESPONSE
|
GetDynamicServerConfiguration
HTTP response
|
||||||||
|
2022-08-04 04:46:24 |
SUCCESS
|
GetDynamicServerConfiguration
Successfully parsed server configuration
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
2022-08-04 04:46:24 |
SUCCESS
|
CheckServerConfiguration
Found required server configuration keys
|
||
|
2022-08-04 04:46:24 |
SUCCESS
|
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
|
||||||||
|
2022-08-04 04:46:24 |
|
FetchServerKeys
Fetching server key
|
||
|
2022-08-04 04:46:24 |
|
FetchServerKeys
HTTP request
|
||||||||
|
2022-08-04 04:46:25 |
RESPONSE
|
FetchServerKeys
HTTP response
|
||||||||
|
2022-08-04 04:46:25 |
|
FetchServerKeys
Found JWK set string
|
||
|
2022-08-04 04:46:25 |
SUCCESS
|
FetchServerKeys
Found server JWK set
|
||
|
2022-08-04 04:46:25 |
SUCCESS
|
CheckServerKeysIsValid
Server JWKs is valid
|
||
|
2022-08-04 04:46:25 | SUCCESS |
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
|
|
2022-08-04 04:46:25 | SUCCESS |
CheckForKeyIdInServerJWKs
All keys contain kids
|
|
2022-08-04 04:46:25 | SUCCESS |
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
|
||
|
2022-08-04 04:46:25 | SUCCESS |
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
|
|
2022-08-04 04:46:25 |
|
StoreOriginalClientConfiguration
Created original_client_config object from the client configuration.
|
||||
|
2022-08-04 04:46:25 |
|
ExtractClientNameFromStoredConfig
Extracted client_name from stored client configuration.
|
||
|
2022-08-04 04:46:25 |
SUCCESS
|
GenerateRS256ClientJWKs
Generated client JWKs
|
||||
|
2022-08-04 04:46:25 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2022-08-04 04:46:25 |
|
CreateEmptyDynamicRegistrationRequest
Created empty dynamic registration request
|
|
2022-08-04 04:46:25 |
|
AddClientNameToDynamicRegistrationRequest
Added client_name to registration request
|
||
|
2022-08-04 04:46:25 |
|
AddAuthorizationCodeGrantTypeToDynamicRegistrationRequest
Added 'authorization_code' to 'grant_types'
|
||
|
2022-08-04 04:46:25 |
|
AddPublicJwksToDynamicRegistrationRequest
Added client public JWKS to dynamic registration request
|
||
|
2022-08-04 04:46:25 |
|
AddTokenEndpointAuthMethodToDynamicRegistrationRequestFromEnvironment
Added token endpoint auth method to dynamic registration request
|
||
|
2022-08-04 04:46:25 |
|
AddResponseTypesArrayToDynamicRegistrationRequestFromEnvironment
Added response_types array to dynamic registration request
|
||
|
2022-08-04 04:46:25 |
|
AddRedirectUriToDynamicRegistrationRequest
Added redirect_uris array to dynamic registration request
|
||
|
2022-08-04 04:46:25 |
|
AddContactsToDynamicRegistrationRequest
Added contacts array to dynamic registration request
|
||
|
2022-08-04 04:46:25 |
|
CallDynamicRegistrationEndpoint
HTTP request
|
||||||||
|
2022-08-04 04:46:26 |
RESPONSE
|
CallDynamicRegistrationEndpoint
HTTP response
|
||||||||
|
2022-08-04 04:46:26 |
|
CallDynamicRegistrationEndpoint
Parsed registration endpoint response
|
||||||||||
|
2022-08-04 04:46:26 | SUCCESS |
EnsureContentTypeJson
endpoint_response Content-Type: header is application/json
|
|
2022-08-04 04:46:26 | SUCCESS |
EnsureHttpStatusCodeIs201
dynamic registration endpoint returned the expected http status
|
||||
|
2022-08-04 04:46:26 | SUCCESS |
CheckNoErrorFromDynamicRegistrationEndpoint
Dynamic registration endpoint did not return an error.
|
|
2022-08-04 04:46:26 | SUCCESS |
ExtractDynamicRegistrationResponse
Extracted client from dynamic registration response
|
||
|
2022-08-04 04:46:26 | SUCCESS |
VerifyClientManagementCredentials
Verified dynamic registration management credentials
|
||||
|
2022-08-04 04:46:26 |
|
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
|
||
|
2022-08-04 04:46:26 |
SUCCESS
|
EnsureServerConfigurationSupportsClientSecretBasic
Contents of 'token_endpoint_auth_methods_supported' in discovery document matches expectations.
|
||||||
|
2022-08-04 04:46:26 |
SUCCESS
|
SetProtectedResourceUrlToUserInfoEndpoint
userinfo_endpoint will be used to test access token. The user info is not a mandatory to implement feature in the OpenID Connect specification, but is mandatory for certification.
|
||
|
2022-08-04 04:46:26 |
|
oidcc-max-age-1
Setup Done
|
|
Make request to authorization endpoint |
2022-08-04 04:46:26 |
SUCCESS
|
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
|
||||||
|
2022-08-04 04:46:26 |
|
CreateRandomStateValue
Created state value
|
||||
|
2022-08-04 04:46:26 |
SUCCESS
|
AddStateToAuthorizationEndpointRequest
Added state parameter to request
|
||||||||
|
2022-08-04 04:46:26 |
|
CreateRandomNonceValue
Created nonce value
|
||||
|
2022-08-04 04:46:26 |
SUCCESS
|
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
|
||||||||||
|
2022-08-04 04:46:26 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
|
||||||||||||
|
2022-08-04 04:46:26 |
|
SetAuthorizationEndpointRequestResponseModeToFormPost
Added response_mode parameter to request
|
||||||||||||||
|
2022-08-04 04:46:26 |
SUCCESS
|
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
|
||||
|
2022-08-04 04:46:26 |
REDIRECT
|
oidcc-max-age-1
Redirecting to authorization endpoint
|
||
|
2022-08-04 04:46:35 |
INCOMING
|
oidcc-max-age-1
Incoming HTTP request to /test/a/isva_op_oidc_core_test_gh/callback
|
||||||||||||||||||||||
|
2022-08-04 04:46:35 |
SUCCESS
|
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
|
||
|
2022-08-04 04:46:35 |
OUTGOING
|
oidcc-max-age-1
Response to HTTP request to test instance 31CIWzYr5jxQwrN
|
||||
|
2022-08-04 04:46:36 |
INCOMING
|
oidcc-max-age-1
Incoming HTTP request to /test/a/isva_op_oidc_core_test_gh/implicit/UClqrIKedFYoop13ocav
|
||||||||||||||||||||||
|
2022-08-04 04:46:36 |
OUTGOING
|
oidcc-max-age-1
Response to HTTP request to test instance 31CIWzYr5jxQwrN
|
||||||||
|
2022-08-04 04:46:36 |
SUCCESS
|
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
|
|
2022-08-04 04:46:36 |
REDIRECT-IN
|
oidcc-max-age-1
Authorization endpoint response captured
|
||||||||||
|
Verify authorization endpoint response |
2022-08-04 04:46:36 | SUCCESS |
CheckCallbackHttpMethodIsPost
HTTP method used at redirect_uri is 'POST'
|
|
2022-08-04 04:46:36 | SUCCESS |
CheckCallbackContentTypeIsFormUrlEncoded
content-type header to redirect_uri has the expected value
|
||||
|
2022-08-04 04:46:36 | SUCCESS |
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
|
|
2022-08-04 04:46:36 | SUCCESS |
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
|
|
2022-08-04 04:46:36 |
SUCCESS
|
CheckMatchingCallbackParameters
Callback parameters successfully verified
|
|
2022-08-04 04:46:36 |
|
ValidateIssInAuthorizationResponse
No 'iss' value in authorization response.
|
|
2022-08-04 04:46:36 |
SUCCESS
|
CheckIfAuthorizationEndpointError
No error from authorization endpoint
|
|
2022-08-04 04:46:36 |
SUCCESS
|
CheckStateInAuthorizationResponse
State in response correctly returned
|
||
|
2022-08-04 04:46:36 |
SUCCESS
|
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
|
||
|
2022-08-04 04:46:36 |
SUCCESS
|
CreateTokenEndpointRequestForAuthorizationCodeGrant
Created token endpoint request
|
||||||
|
2022-08-04 04:46:36 |
SUCCESS
|
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
|
||
|
2022-08-04 04:46:36 |
|
CallTokenEndpoint
HTTP request
|
||||||||
|
2022-08-04 04:46:37 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2022-08-04 04:46:37 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||||||
|
2022-08-04 04:46:37 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2022-08-04 04:46:37 |
SUCCESS
|
CheckForAccessTokenValue
Found an access token
|
||
|
2022-08-04 04:46:37 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2022-08-04 04:46:37 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2022-08-04 04:46:37 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2022-08-04 04:46:37 |
INFO
|
CheckForRefreshTokenValue
Couldn't find refresh token
|
|
2022-08-04 04:46:37 | SUCCESS |
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
|
||||||
|
2022-08-04 04:46:37 | SUCCESS |
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
|
|
2022-08-04 04:46:37 |
|
ValidateIdTokenStandardClaims
sub is a string with content
|
|
2022-08-04 04:46:37 |
|
ValidateIdTokenStandardClaims
Skipping unknown claim: rat
|
|
2022-08-04 04:46:37 | SUCCESS |
ValidateIdTokenStandardClaims
id_token claims are valid
|
|
2022-08-04 04:46:37 | SUCCESS |
ValidateIdTokenNonce
Nonce values match
|
||
|
2022-08-04 04:46:37 | SUCCESS |
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
|
|
2022-08-04 04:46:37 |
SUCCESS
|
ValidateIdTokenSignature
id_token signature validated
|
||
|
2022-08-04 04:46:37 |
SUCCESS
|
ValidateIdTokenSignatureUsingKid
id_token signature validated
|
||
|
2022-08-04 04:46:37 | SUCCESS |
CheckForSubjectInIdToken
Found 'sub' in id_token
|
||
|
2022-08-04 04:46:37 |
|
EnsureIdTokenUpdatedAtValid
id_token response does not contain 'updated_at'
|
|
2022-08-04 04:46:37 | INFO |
ValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
Userinfo endpoint tests |
2022-08-04 04:46:37 |
|
CallProtectedResource
HTTP request
|
||||||||
|
2022-08-04 04:46:38 |
RESPONSE
|
CallProtectedResource
HTTP response
|
||||||||
|
2022-08-04 04:46:38 |
SUCCESS
|
CallProtectedResource
Got a response from the resource endpoint
|
||||||||
|
2022-08-04 04:46:38 |
SUCCESS
|
EnsureHttpStatusCodeIs200
resource endpoint returned the expected http status
|
||||
|
Second authorization: Make request to authorization endpoint |
2022-08-04 04:46:38 |
SUCCESS
|
WaitFor2Seconds
Pausing for 2 seconds
|
|
2022-08-04 04:46:40 |
SUCCESS
|
WaitFor2Seconds
Woke up after 2 seconds sleep
|
|
2022-08-04 04:46:40 |
SUCCESS
|
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
|
||||||
|
2022-08-04 04:46:40 |
|
CreateRandomStateValue
Created state value
|
||||
|
2022-08-04 04:46:40 |
SUCCESS
|
AddStateToAuthorizationEndpointRequest
Added state parameter to request
|
||||||||
|
2022-08-04 04:46:40 |
|
CreateRandomNonceValue
Created nonce value
|
||||
|
2022-08-04 04:46:40 |
SUCCESS
|
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
|
||||||||||
|
2022-08-04 04:46:40 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
|
||||||||||||
|
2022-08-04 04:46:40 |
|
SetAuthorizationEndpointRequestResponseModeToFormPost
Added response_mode parameter to request
|
||||||||||||||
|
2022-08-04 04:46:40 | SUCCESS |
AddMaxAge1ToAuthorizationEndpointRequest
Added max_age=1 to authorization endpoint request
|
||||||||||||||||
|
2022-08-04 04:46:40 |
SUCCESS
|
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
|
||||
|
2022-08-04 04:46:40 |
REDIRECT
|
oidcc-max-age-1
Redirecting to authorization endpoint
|
||
|
2022-08-04 04:46:40 | REVIEW IMAGE |
ExpectSecondLoginPage
The server must ask the user to login for a second time; a screenshot of this must be uploaded.
|
||||
|
2022-08-04 04:47:17 |
INCOMING
|
oidcc-max-age-1
Incoming HTTP request to /test/a/isva_op_oidc_core_test_gh/callback
|
||||||||||||||||||||||
|
2022-08-04 04:47:17 |
SUCCESS
|
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
|
||
|
2022-08-04 04:47:17 |
OUTGOING
|
oidcc-max-age-1
Response to HTTP request to test instance 31CIWzYr5jxQwrN
|
||||
|
2022-08-04 04:47:17 |
INCOMING
|
oidcc-max-age-1
Incoming HTTP request to /test/a/isva_op_oidc_core_test_gh/implicit/m0Ad0p45E5wfeN8pnWCN
|
||||||||||||||||||||||
|
2022-08-04 04:47:17 |
OUTGOING
|
oidcc-max-age-1
Response to HTTP request to test instance 31CIWzYr5jxQwrN
|
||||||||
|
2022-08-04 04:47:17 |
SUCCESS
|
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
|
|
2022-08-04 04:47:17 |
REDIRECT-IN
|
oidcc-max-age-1
Authorization endpoint response captured
|
||||||||||
|
Second authorization: Verify authorization endpoint response |
2022-08-04 04:47:17 | SUCCESS |
CheckCallbackHttpMethodIsPost
HTTP method used at redirect_uri is 'POST'
|
|
2022-08-04 04:47:17 | SUCCESS |
CheckCallbackContentTypeIsFormUrlEncoded
content-type header to redirect_uri has the expected value
|
||||
|
2022-08-04 04:47:17 | SUCCESS |
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
|
|
2022-08-04 04:47:17 | SUCCESS |
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
|
|
2022-08-04 04:47:17 |
SUCCESS
|
CheckMatchingCallbackParameters
Callback parameters successfully verified
|
|
2022-08-04 04:47:17 |
|
ValidateIssInAuthorizationResponse
No 'iss' value in authorization response.
|
|
2022-08-04 04:47:17 |
SUCCESS
|
CheckIfAuthorizationEndpointError
No error from authorization endpoint
|
|
2022-08-04 04:47:17 |
SUCCESS
|
CheckStateInAuthorizationResponse
State in response correctly returned
|
||
|
2022-08-04 04:47:17 |
SUCCESS
|
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
|
||
|
2022-08-04 04:47:17 |
SUCCESS
|
CreateTokenEndpointRequestForAuthorizationCodeGrant
Created token endpoint request
|
||||||
|
2022-08-04 04:47:17 |
SUCCESS
|
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
|
||
|
2022-08-04 04:47:17 |
|
CallTokenEndpoint
HTTP request
|
||||||||
|
2022-08-04 04:47:18 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2022-08-04 04:47:18 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||||||
|
2022-08-04 04:47:18 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2022-08-04 04:47:18 |
SUCCESS
|
CheckForAccessTokenValue
Found an access token
|
||
|
2022-08-04 04:47:18 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2022-08-04 04:47:18 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2022-08-04 04:47:18 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2022-08-04 04:47:18 |
INFO
|
CheckForRefreshTokenValue
Couldn't find refresh token
|
|
2022-08-04 04:47:18 | SUCCESS |
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
|
||||||
|
2022-08-04 04:47:18 | SUCCESS |
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
|
|
2022-08-04 04:47:18 |
|
ValidateIdTokenStandardClaims
sub is a string with content
|
|
2022-08-04 04:47:18 |
|
ValidateIdTokenStandardClaims
Skipping unknown claim: rat
|
|
2022-08-04 04:47:18 | SUCCESS |
ValidateIdTokenStandardClaims
id_token claims are valid
|
|
2022-08-04 04:47:18 | SUCCESS |
ValidateIdTokenNonce
Nonce values match
|
||
|
2022-08-04 04:47:18 | SUCCESS |
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
|
|
2022-08-04 04:47:18 |
SUCCESS
|
ValidateIdTokenSignature
id_token signature validated
|
||
|
2022-08-04 04:47:18 |
SUCCESS
|
ValidateIdTokenSignatureUsingKid
id_token signature validated
|
||
|
2022-08-04 04:47:18 | SUCCESS |
CheckForSubjectInIdToken
Found 'sub' in id_token
|
||
|
2022-08-04 04:47:18 |
|
EnsureIdTokenUpdatedAtValid
id_token response does not contain 'updated_at'
|
|
2022-08-04 04:47:18 | INFO |
ValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2022-08-04 04:47:18 | SUCCESS |
CheckIdTokenAuthTimeClaimPresentDueToMaxAge
auth_time is present in the id_token, as required for a authentication where the max_age parameter was used
|
||
|
2022-08-04 04:47:18 | SUCCESS |
CheckSecondIdTokenAuthTimeIsLaterIfPresent
auth_time is later in the second id_token
|
||||
|
2022-08-04 04:47:18 | SUCCESS |
CheckIdTokenAuthTimeIsRecentIfPresent
auth_time in id_token is recent
|
||||
|
Second authorization: Userinfo endpoint tests |
2022-08-04 04:47:18 |
|
CallProtectedResource
HTTP request
|
||||||||
|
2022-08-04 04:47:20 |
RESPONSE
|
CallProtectedResource
HTTP response
|
||||||||
|
2022-08-04 04:47:20 |
SUCCESS
|
CallProtectedResource
Got a response from the resource endpoint
|
||||||||
|
2022-08-04 04:47:20 |
SUCCESS
|
EnsureHttpStatusCodeIs200
resource endpoint returned the expected http status
|
||||
|
2022-08-04 04:47:51 |
FINISHED
|
oidcc-max-age-1
Test has run to completion
|
||
|
Unregister dynamically registered client |
2022-08-04 04:47:51 |
|
UnregisterDynamicallyRegisteredClient
HTTP request
|
||||||||
|
2022-08-04 04:47:51 |
|
TEST-RUNNER
Stopping test due to alias conflict - before this test finished, you have started another test using the same alias. You will need to rerun this test and ensure you complete all steps in this test before you move onto the next test. Please check that the alias in your test configuration is unique, for example include your company name in it.
|
||||
|
2022-08-04 04:47:52 |
RESPONSE
|
UnregisterDynamicallyRegisteredClient
HTTP response
|
||||||||
|
2022-08-04 04:47:52 |
SUCCESS
|
UnregisterDynamicallyRegisteredClient
Client successfully unregistered
|
|
2022-08-04 04:48:12 |
|
TEST-RUNNER
Alias has now been claimed by another test
|
||||
|