Test Name | oidcc-client-test-invalid-sig-rs256 |
---|---|
Variant | client_auth_type=client_secret_basic, request_type=plain_http_request, response_type=code, response_mode=default, client_registration=static_client |
Test ID | JIvPuT1XxgRzKZL https://www.certification.openid.net/log-detail.html?public=true&log=JIvPuT1XxgRzKZL |
Created | 2022-11-20T20:10:15.204839Z |
Description | oauth4webapi/2.0.0 (https://github.com/panva/oauth4webapi) |
Test Version | 5.0.7 |
Test Owner | 117741858675383745996 https://accounts.google.com |
Plan ID | XeujdsLfQfTiD https://www.certification.openid.net/plan-detail.html?public=true&plan=XeujdsLfQfTiD |
Exported From | https://www.certification.openid.net |
Exported By | 117741858675383745996 https://accounts.google.com |
Suite Version | 5.0.7 |
Exported | 2022-11-20 20:11:34 (UTC) |
Status: FINISHED Result: SKIPPED |
SUCCESS 46 FAILURE 0 WARNING 0 REVIEW 0 INFO 11 |
2022-11-20 20:10:15 |
INFO
|
TEST-RUNNER
Test instance JIvPuT1XxgRzKZL created
|
||||||||||||||
|
2022-11-20 20:10:15 |
SUCCESS
|
OIDCCGenerateServerConfigurationIdTokenSigningAlgRS256Only
Generated default server configuration
|
||
|
2022-11-20 20:10:15 |
|
SetTokenEndpointAuthMethodsSupportedToClientSecretBasicOnly
Changed token_endpoint_auth_methods_supported to client_secret_basic only in server configuration
|
||
|
2022-11-20 20:10:15 |
|
OIDCCGenerateServerJWKs
Generated server public private JWK sets
|
||||||
|
2022-11-20 20:10:15 | SUCCESS |
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
|
|
2022-11-20 20:10:15 | SUCCESS |
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
|
||
|
2022-11-20 20:10:15 |
SUCCESS
|
OIDCCLoadUserInfo
Added user information
|
||
|
2022-11-20 20:10:15 |
SUCCESS
|
OIDCCGetStaticClientConfigurationForRPTests
Found a static client object
|
||||||||||||
|
2022-11-20 20:10:15 | SUCCESS |
EnsureClientDoesNotHaveBothJwksAndJwksUri
Client does not have both jwks and jwks_uri set
|
||
|
2022-11-20 20:10:15 | INFO |
FetchClientKeys
Skipped evaluation due to missing required element: client jwks_uri
|
||||||
|
2022-11-20 20:10:15 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2022-11-20 20:10:15 | SUCCESS |
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
|
|
2022-11-20 20:10:15 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2022-11-20 20:10:15 | SUCCESS |
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
|
|
2022-11-20 20:10:15 | SUCCESS |
ValidateClientGrantTypes
grant_types match response_types
|
||||
|
2022-11-20 20:10:15 | SUCCESS |
OIDCCValidateClientRedirectUris
Valid redirect_uri(s) provided in registration request
|
||
|
2022-11-20 20:10:15 | SUCCESS |
ValidateClientLogoUris
Client does not contain any logo_uri
|
|
2022-11-20 20:10:15 | SUCCESS |
ValidateClientUris
Client does not contain any client_uri
|
|
2022-11-20 20:10:15 | SUCCESS |
ValidateClientPolicyUris
Client does not contain any policy_uri
|
|
2022-11-20 20:10:15 | SUCCESS |
ValidateClientTosUris
Client does not contain any tos_uri
|
|
2022-11-20 20:10:15 | SUCCESS |
ValidateClientSubjectType
A subject_type was not provided
|
|
2022-11-20 20:10:15 | SUCCESS |
ValidateIdTokenSignedResponseAlg
id_token_signed_response_alg is one of the known algorithms
|
||
|
2022-11-20 20:10:15 | SUCCESS |
EnsureIdTokenEncryptedResponseAlgIsSetIfEncIsSet
id_token_encrypted_response_enc is not set
|
|
2022-11-20 20:10:15 | INFO |
ValidateUserinfoSignedResponseAlg
Skipped evaluation due to missing required element: client userinfo_signed_response_alg
|
||||||
|
2022-11-20 20:10:15 | SUCCESS |
EnsureUserinfoEncryptedResponseAlgIsSetIfEncIsSet
userinfo_encrypted_response_enc is not set
|
|
2022-11-20 20:10:15 | INFO |
ValidateRequestObjectSigningAlg
Skipped evaluation due to missing required element: client request_object_signing_alg
|
||||||
|
2022-11-20 20:10:15 | SUCCESS |
EnsureRequestObjectEncryptionAlgIsSetIfEncIsSet
request_object_encryption_enc is not set
|
|
2022-11-20 20:10:15 | INFO |
ValidateTokenEndpointAuthSigningAlg
Skipped evaluation due to missing required element: client token_endpoint_auth_signing_alg
|
||||||
|
2022-11-20 20:10:15 | SUCCESS |
ValidateDefaultMaxAge
default_max_age is not set
|
|
2022-11-20 20:10:15 | INFO |
ValidateRequireAuthTime
Skipped evaluation due to missing required element: client require_auth_time
|
||||||
|
2022-11-20 20:10:15 | INFO |
ValidateDefaultAcrValues
Skipped evaluation due to missing required element: client default_acr_values
|
||||||
|
2022-11-20 20:10:15 | INFO |
ValidateInitiateLoginUri
Skipped evaluation due to missing required element: client initiate_login_uri
|
||||||
|
2022-11-20 20:10:15 | INFO |
ValidateRequestUris
Skipped evaluation due to missing required element: client request_uris
|
||||||
|
2022-11-20 20:10:15 |
|
SetServerSigningAlgToRS256
Successfully set signing algorithm to RS256
|
|
2022-11-20 20:10:15 |
|
SetClientIdTokenSignedResponseAlgToServerSigningAlg
Set id_token_signed_response_alg for the registered client
|
||
|
2022-11-20 20:10:15 |
|
oidcc-client-test-invalid-sig-rs256
Setup Done
|
|
2022-11-20 20:10:16 |
INCOMING
|
oidcc-client-test-invalid-sig-rs256
Incoming HTTP request to /test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/.well-known/openid-configuration
|
||||||||||||||||||||||
|
Discovery endpoint |
2022-11-20 20:10:16 |
OUTGOING
|
oidcc-client-test-invalid-sig-rs256
Response to HTTP request to test instance JIvPuT1XxgRzKZL
|
||||||||
|
2022-11-20 20:10:16 |
INCOMING
|
oidcc-client-test-invalid-sig-rs256
Incoming HTTP request to /test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/authorize
|
||||||||||||||||||||||
|
Authorization endpoint |
2022-11-20 20:10:16 | SUCCESS |
EnsureRequestDoesNotContainRequestObject
Request does not contain a request parameter
|
|
2022-11-20 20:10:16 | SUCCESS |
EnsureAuthorizationHttpRequestContainsOpenIDScope
Found 'openid' in scope http request parameter
|
||||
|
2022-11-20 20:10:16 | SUCCESS |
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
|
||
|
2022-11-20 20:10:16 |
SUCCESS
|
ExtractRequestedScopes
Requested scopes
|
||
|
2022-11-20 20:10:16 | INFO |
ExtractNonceFromAuthorizationRequest
Couldn't find 'nonce' in authorization endpoint parameters
|
|
2022-11-20 20:10:16 | SUCCESS |
EnsureAuthorizationRequestContainsPkceCodeChallenge
Found required PKCE parameters in request
|
||||
|
2022-11-20 20:10:16 |
SUCCESS
|
EnsureResponseTypeIsCode
Response type is expected value
|
||
|
2022-11-20 20:10:16 | SUCCESS |
EnsureMatchingClientId
Client ID matched
|
||
|
2022-11-20 20:10:16 | SUCCESS |
EnsureValidRedirectUriForAuthorizationEndpointRequest
redirect_uri is one of the allowed redirect uris
|
||||
|
2022-11-20 20:10:16 | SUCCESS |
EnsureOpenIDInScopeRequest
Found 'openid' scope in request
|
||||
|
2022-11-20 20:10:16 | SUCCESS |
DisallowMaxAgeEqualsZeroAndPromptNone
The client did not send max_age=0 and prompt=none parameters as expected
|
|
2022-11-20 20:10:16 |
SUCCESS
|
CreateAuthorizationCode
Created authorization code
|
||
|
2022-11-20 20:10:16 | SUCCESS |
CalculateCHash
Successful c_hash encoding
|
||
|
2022-11-20 20:10:16 |
SUCCESS
|
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
|
||
|
2022-11-20 20:10:16 | SUCCESS |
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
|
||
|
2022-11-20 20:10:16 |
|
SendAuthorizationResponseWithResponseModeQuery
Redirecting back to client
|
||
|
2022-11-20 20:10:16 |
OUTGOING
|
oidcc-client-test-invalid-sig-rs256
Response to HTTP request to test instance JIvPuT1XxgRzKZL
|
||||
|
2022-11-20 20:10:16 |
INCOMING
|
oidcc-client-test-invalid-sig-rs256
Incoming HTTP request to /test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/token
|
||||||||||||||||||||||
|
Token endpoint |
2022-11-20 20:10:16 |
|
CheckClientIdMatchesOnTokenRequestIfPresent
client_id not present, nothing to check
|
|
2022-11-20 20:10:16 | SUCCESS |
ExtractClientCredentialsFromBasicAuthorizationHeader
Extracted client authentication
|
||||||
|
2022-11-20 20:10:16 | SUCCESS |
ValidateClientIdAndSecret
Client id and secret match
|
|
2022-11-20 20:10:16 | SUCCESS |
ValidateAuthorizationCode
Found authorization code
|
||
|
2022-11-20 20:10:16 | SUCCESS |
ValidateRedirectUriForTokenEndpointRequest
redirect_uri is the same as the one used in the authorization request
|
||
|
2022-11-20 20:10:16 |
SUCCESS
|
GenerateBearerAccessToken
Generated access token
|
||
|
2022-11-20 20:10:16 | SUCCESS |
CalculateAtHash
Successful at_hash encoding
|
||
|
2022-11-20 20:10:16 |
SUCCESS
|
GenerateIdTokenClaims
Created ID Token Claims
|
||||||||||
|
2022-11-20 20:10:16 | SUCCESS |
AddAtHashToIdTokenClaims
Added at_hash to ID token claims
|
||||
|
2022-11-20 20:10:16 | SUCCESS |
OIDCCSignIdToken
Signed the ID token
|
||||||
|
2022-11-20 20:10:16 |
|
InvalidateIdTokenSignature
Made the id_token signature invalid
|
||
|
2022-11-20 20:10:16 | INFO |
EncryptIdToken
Skipped evaluation due to missing required element: client id_token_encrypted_response_alg
|
||||||
|
2022-11-20 20:10:16 | SUCCESS |
CreateTokenEndpointResponse
Created token endpoint response
|
||||||||
|
2022-11-20 20:10:16 |
OUTGOING
|
oidcc-client-test-invalid-sig-rs256
Response to HTTP request to test instance JIvPuT1XxgRzKZL
|
||||||||
|
2022-11-20 20:10:16 |
INCOMING
|
oidcc-client-test-invalid-sig-rs256
Incoming HTTP request to /test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/userinfo
|
||||||||||||||||||||||
|
2022-11-20 20:10:16 |
SKIPPED
|
oidcc-client-test-invalid-sig-rs256
The test was skipped: The client continued and called the userinfo endpoint after receiving an id token with an invalid signature from the token endpoint. This is acceptable as clients are not required to validate the signatures on id tokens received over a TLS protected connection.
|
|
2022-11-20 20:10:16 |
FINISHED
|
oidcc-client-test-invalid-sig-rs256
Test has run to completion
|
||
|
2022-11-20 20:10:18 |
|
TEST-RUNNER
Alias has now been claimed by another test
|
||||
|