Test Summary

Test Results

Expand All Collapse All
All times are UTC
2022-11-20 20:10:15 INFO
TEST-RUNNER
Test instance JIvPuT1XxgRzKZL created
baseUrl
https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "code",
  "request_type": "plain_http_request",
  "response_mode": "default",
  "client_registration": "static_client"
}
alias
77c1aa57-dd0d-49b2-b107-29103a4db242
description
oauth4webapi/2.0.0 (https://github.com/panva/oauth4webapi)
planId
XeujdsLfQfTiD
config
{
  "description": "oauth4webapi/2.0.0 (https://github.com/panva/oauth4webapi)",
  "alias": "77c1aa57-dd0d-49b2-b107-29103a4db242",
  "client": {
    "client_id": "client-77c1aa57-dd0d-49b2-b107-29103a4db242",
    "client_secret": "client-77c1aa57-dd0d-49b2-b107-29103a4db242",
    "scope": "openid email",
    "redirect_uri": "https://client-77c1aa57-dd0d-49b2-b107-29103a4db242.local/cb",
    "jwks": {
      "keys": [
        {
          "crv": "Ed25519",
          "x": "drsf-pg0BtaMF-mWYF4S7Ykt2tpce2JeFUR8mBptQSM",
          "kty": "OKP",
          "use": "sig",
          "alg": "EdDSA",
          "kid": "d040e499-36c2-4537-8cd7-8b5618d8ee28"
        }
      ]
    },
    "id_token_signed_response_alg": "EdDSA"
  },
  "waitTimeoutSeconds": 2
}
testName
oidcc-client-test-invalid-sig-rs256
2022-11-20 20:10:15 SUCCESS
OIDCCGenerateServerConfigurationIdTokenSigningAlgRS256Only
Generated default server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "preferred_username",
    "gender",
    "birthdate",
    "address",
    "zoneinfo",
    "locale",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified",
    "website",
    "profile",
    "updated_at"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA-OAEP-384",
    "RSA-OAEP-512",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA-OAEP-384",
    "RSA-OAEP-512",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA-OAEP-384",
    "RSA-OAEP-512",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
2022-11-20 20:10:15
SetTokenEndpointAuthMethodsSupportedToClientSecretBasicOnly
Changed token_endpoint_auth_methods_supported to client_secret_basic only in server configuration
server_configuration
{
  "issuer": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "preferred_username",
    "gender",
    "birthdate",
    "address",
    "zoneinfo",
    "locale",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified",
    "website",
    "profile",
    "updated_at"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA-OAEP-384",
    "RSA-OAEP-512",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA-OAEP-384",
    "RSA-OAEP-512",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA-OAEP-384",
    "RSA-OAEP-512",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
2022-11-20 20:10:15
OIDCCGenerateServerJWKs
Generated server public private JWK sets
server_jwks
{
  "keys": [
    {
      "p": "7T5VmL6zk7U_WtKVGu_dKlpri-c-KQtQwmVHQ_vhV6vFQYWe4z5vOHDe5ts9sMcJ1ni_fllOPr0nX_pNWvUrddbh8cqRjBgpSHpDGzobYaw0NbSEZYP-agH4i9JGZy2LYQ0H5UfQqnWakZ-yZX2jBfYyMVp8W1ejm8yVq0V0mKU",
      "kty": "RSA",
      "q": "ojz2b4h7kVP_ElmqW2ouPUnoktmxrIB5ff-EhI_v28xuHF3GEMovhpVcUrDK4vqFgzczPmtiDiAr4oyWeHBfLQhpUj6o3b0e0UjDi8Q3S6WAB73XJRp16WX_FVMZUazGPAJpWfnghiyBt8o0ojpVn9MlD4S2JRT4whbS4U6UL5c",
      "d": "Si3J613roMlYliWjeboUYeHGavBMBSSUgRCMyA-eep9oxb1P7iXs0GxIFWkbP4NDB4D_tjvGfsmSRGcJ85RAnFjwgJUUUB-166n_lQRG5-BJ5rgcXnteVfVQJUuLniaLzT9fIl8Clq9Zw3aTBYtNul71hEfBZi9bVwvovOf2HdAiwzDnuZyYvz3B3hOJ1hYQNOPlPlvKAnk263qFEKXsDtzpsjC6Um2N9T5Caacy51euitaIy9TEhJstPRkC-LuYqP-1mYMKzsJrGCPxuD7tqMxfyL9ZISi2orj_2zu5Xiq0zKIC8AXg2IcwZO9XUNXHjw7tdTYv7Oj_v0zYsa9_UQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "c3cdc31d-bdfe-4292-8e49-edb42bc30078",
      "qi": "d1ZhaIfMd3hr0tTRXVZNneKnRDi_bmfXrbE-BsjkV237C87n2apoRefrw-ulbLYX4IM3JOnXansrOavdsJccvmIdrtj8nX0ctBrFBImWjRQViDlPe6lUpLMYQCAQC2eOndly409iL0QCVuj8cSdcfY9FmXEM8EKZha7lIJiEsOA",
      "dp": "4aYOSA_qQa18qufsRgiq9WO3MwQozWUj1SH7XKAwPvDz11Q-Qanao3ZHrJAO5xsJMmL60DQlBetnjhRGiyLxyU0u7olbUkKQ0YzoUvc7n_ToW8RswRmAXFevjV3c9LoO_aolPmDGCbt93tBkH8AV1M_MAcEs0rxSsxctrA-NzLk",
      "dq": "dMcWx39hGmFwl3_NHNHYCKubaaCiwD0Vtjjm5RhKGVcT5v0kpU8zWFdIRgkVcL3Mvn9MNmDLCsnjbMWvRW_1Qg_s55NMr5cCiLgscP1CpAOznV7rbryWJPMS4gGXlu-bHPTLakVvdISytl0o96Cvo0QzR_FJvnVS_Tm6fwy1o28",
      "n": "llnxJ_s92yT8Je0K9-u3ceqP6WC54SCFkCbffwN0zIEsxhvh4MnicHeGRqn5o6v4KvnFT3htyV7n5js9kf9uc7Nl-Mq5Ji1-Vx88ZtRf7Y_fX2NzYGJG2uV-VZGDNEGCBG1bjel1fcJHoHzUN8nOzIbY_jiC9_I0RgwAQoLp7LSfxS3f2ymGtBKm9-C05VuQAx22jB7RluZehFGLKgedYN4yOY3wBVNUFTqCbv1SthmqbsPhKM7lTO0LpVuhwLTg4r-4FSQWx0cR-b5BPbLbPNmZR_ocBHXgQGS4L_bKRSgB7BsOJ0U8VpxdhlbrmPm-ShjKHM6wRQgEM-q15TBUUw"
    },
    {
      "kty": "EC",
      "d": "pQslss9v_QLWMYuwwhl7RGOoOQuiALQITerm9xqlbcs",
      "use": "sig",
      "crv": "P-256",
      "kid": "368340fb-ec21-4b7f-a38c-37b279445eb0",
      "x": "zvbUptjXXlUfNaQ-QOBjtO_SwtwdryXfnYei3UIu_wk",
      "y": "H27WKgKIUnil9zvEXBTZkpXGw0PuCTkrMxEEaBSn4rE"
    },
    {
      "kty": "EC",
      "d": "J6jn2kzawIj9IYW6pBtG_xVejnStHodh53jdvR6rPdE",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "1433a4cb-9aa4-41d6-81cd-41e5a9a1b5ca",
      "x": "js2ECzlvkTV0gW3TK_B2QVrRyZrqgMoFBA1wpUNFnkk",
      "y": "SK9dKc9F_lYjzdIhGh1yZE-_m-T-Upua7_Qgx-GHViY"
    },
    {
      "kty": "OKP",
      "d": "rZ73aW1Ix0kVmubbEsADrXU1YvWmmbUO7wfcYi4RFAI",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "2fd8aac7-bdd5-4c87-8799-3b9c8946ddee",
      "x": "705zR8AHTK67qhuxoPREWnmQpGKQtu9_kXe0NwPfS9c"
    }
  ]
}
server_encryption_keys
{
  "keys": [
    {
      "p": "-kd4sU6SHnKoHkKhysC4i7jIaHmO7qIVKAVTgMMsx7vmnIDONVaXbnuNrOZrb5yFJaHk0uaUfyWd7ESB88L9lyqoWwfYpJV6CVHE60NaSSGHY5QtaM1dVMs2kuNrX3xcIbthzismT0x-Kb53bl0qx-vPkVzxoDJaf8gRazeMGbE",
      "kty": "RSA",
      "q": "iysYNUOSaKQezjfT9LLtZzUAENc6B2mSma24spzrtliFOwrC5AG_SlpSZw3DW5SwFSy6SRTpj5dN7tOVqOOqEWaFS85px6F15JviMOAwCbba4KogCVQJEb1Fy_c7-aaYnVXHkKsja-15NN4mI66rGJiWu71sJfCDb4JhmTW81as",
      "d": "B5kt-P4F4LRjAd67qZyg27UpVirGhzNbgHlbCFh1dr3TQDkz0o2KF1U3WwM3WHiFZdqAFw16jvAqbiZUpuE2GqTdKz6ElbSQq14-TisLciEna_QdgQkgE23tevoyJ9XIW9QorhsY43igd6d4TchrJK3nRtn0cflydG6kFf87K0njMATfDwfgzjvAyF6Zc23SNULy9OQP60BK_KyWQrFrb0VmbWwgdgIZJ96vstTZ0HegCzP83kqZI53achhlxa5hCcnj9lo5vMQq6-GtIbGXfBkR_zmDf5HdnvXCTIS_wqX6T0dUcdsHFO-2xqR7ppEwlrXbXsh532flmhGDynTqgQ",
      "e": "AQAB",
      "use": "enc",
      "kid": "76748b51-52bb-43e6-895a-73699753a84a",
      "qi": "nLlHANx_4rkMR0z_GCB-_-suRyDbKX0ru0jM-kjcPyyO2V_0lR_oapmW54Iv_SqBR-9jWowXrmIyUxQI-AMsSKQJM91KRH6sMMGgdd5bjFZ7NYIeu0KS22Yn-r0jGD1hypGdw_ZzNjIC0-8sG2BO_FeO7KDqunEGDO7rtbUQbBs",
      "dp": "Wlf8WDydgEIxL6Mr1g2VUFJmfVgL4VY-vtCVYPCTNJI-X5YbWaOlTCtra9NNSt-8LGZxPDQhvHfutr_QDRcBBVVPqnR9noOapsyOgcIxUB67SZXOgntHSnmEfKd9Nd2lQEPsvUhULuHU1Oq9H-ifrcUQi096pTIn-uJUb1iAyTE",
      "alg": "RSA-OAEP",
      "dq": "T_PDJZ6bd1iKhijWsWc2MqvlTMeJhAan_Xgrexnh5VF3wVLOYpWKY1n-q0vh5zRF8PRQVXoZMLBZSpLuESgyZWrDu6hrZxAgneTcjv3NO1d86cNzQkiwKSvW9HYmU6fdV86XJ0rav7-febsCqE9J5oiLWHJbtnQ13pNGJPIVeZ8",
      "n": "iA7wNFGd_M0PRBvOORiDhVE1q8srgRxyazdcugTiAeijQYAkol5U1bReBcaHrA5mSUutSxdVpGwXYkGqMReSCSkdYnYOSNLXbVGIj-buvFW4u7NxHLi7xapzVU-Jg8XRq0Mu4cSdslOmfVZzE-o96JJSlpvJ_0sC7eQO339h0ep4_Z8a4hX3tXPChQxlyKaffWRT0Ev0mT1RA9_rs3K7HtTg-bMVk9TYTwJ1-8Z6_LWvZN3JC_ZS4TjwojktKeILD9gpO2ng0BxkjyDivVSwIXIUs38oWA2DaIwgV6Y_omDPGjqykxqDjCNGb4TUkVmYU5vijRDhREjhuA_TLvFuOw"
    },
    {
      "kty": "EC",
      "d": "bIolz8AVkh0g7-a91h3H24JoIyc208VFJKruUogzdDo",
      "use": "enc",
      "crv": "P-256",
      "kid": "e9cdb402-e3bb-4168-8a1c-66cb1a461853",
      "x": "btpw8Z2ep5xspfXznCvjK_-NxUhbyxQazevwqDujZxU",
      "y": "kr_aLscXmoXNA_1Xl3K2PDFd3_7hM0PIONmPcRuSRNY",
      "alg": "ECDH-ES"
    }
  ]
}
server_public_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "c3cdc31d-bdfe-4292-8e49-edb42bc30078",
      "n": "llnxJ_s92yT8Je0K9-u3ceqP6WC54SCFkCbffwN0zIEsxhvh4MnicHeGRqn5o6v4KvnFT3htyV7n5js9kf9uc7Nl-Mq5Ji1-Vx88ZtRf7Y_fX2NzYGJG2uV-VZGDNEGCBG1bjel1fcJHoHzUN8nOzIbY_jiC9_I0RgwAQoLp7LSfxS3f2ymGtBKm9-C05VuQAx22jB7RluZehFGLKgedYN4yOY3wBVNUFTqCbv1SthmqbsPhKM7lTO0LpVuhwLTg4r-4FSQWx0cR-b5BPbLbPNmZR_ocBHXgQGS4L_bKRSgB7BsOJ0U8VpxdhlbrmPm-ShjKHM6wRQgEM-q15TBUUw"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "d1e15e98-9a7d-4a25-b0f2-e6ee8d8070a7",
      "n": "gYOIRlD3Ekgdn3oA6SEcQmI3ueGkUhsJ0m6JHssYnjCztLhWKutJ6OIucohBC_AWbim81ggG3HbNEGsIGfcDfyarIUKY6h05kB4ZLmmqiV9yP2vN3StFW_VT53f5eajjC-Qhg_-tgG0T8LmcXMXrd2Gsw25kP3qZrn28p_dtYNV7Dntf_fWd4P2QOSZUnn9-2XrTN-61Kb8x0nNUavDyv-4OShiisoQ3dZKhX1P8M5lr2CbjL5p25K1bt69STlZXX3hCKlpRk7ZkHTEwcunnUr8scHQjU-I0X0kfINf-DEUEEcW7978hElyzUgYyn8eB3AZislw8xkksdRjEexMnfQ"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "368340fb-ec21-4b7f-a38c-37b279445eb0",
      "x": "zvbUptjXXlUfNaQ-QOBjtO_SwtwdryXfnYei3UIu_wk",
      "y": "H27WKgKIUnil9zvEXBTZkpXGw0PuCTkrMxEEaBSn4rE"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "32e34fd9-bf7f-4a3a-810e-1c19dc14af81",
      "x": "6t8IhksFW4LCRHnhmS8z4GnT02fszAIMk67wfEsjF5k",
      "y": "T5eOzca1vu8pzj9WFnhBM6LlN3Sn6bHMpz3dz0Hbmag"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "1433a4cb-9aa4-41d6-81cd-41e5a9a1b5ca",
      "x": "js2ECzlvkTV0gW3TK_B2QVrRyZrqgMoFBA1wpUNFnkk",
      "y": "SK9dKc9F_lYjzdIhGh1yZE-_m-T-Upua7_Qgx-GHViY"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "2fd8aac7-bdd5-4c87-8799-3b9c8946ddee",
      "x": "705zR8AHTK67qhuxoPREWnmQpGKQtu9_kXe0NwPfS9c"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "76748b51-52bb-43e6-895a-73699753a84a",
      "alg": "RSA-OAEP",
      "n": "iA7wNFGd_M0PRBvOORiDhVE1q8srgRxyazdcugTiAeijQYAkol5U1bReBcaHrA5mSUutSxdVpGwXYkGqMReSCSkdYnYOSNLXbVGIj-buvFW4u7NxHLi7xapzVU-Jg8XRq0Mu4cSdslOmfVZzE-o96JJSlpvJ_0sC7eQO339h0ep4_Z8a4hX3tXPChQxlyKaffWRT0Ev0mT1RA9_rs3K7HtTg-bMVk9TYTwJ1-8Z6_LWvZN3JC_ZS4TjwojktKeILD9gpO2ng0BxkjyDivVSwIXIUs38oWA2DaIwgV6Y_omDPGjqykxqDjCNGb4TUkVmYU5vijRDhREjhuA_TLvFuOw"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "e9cdb402-e3bb-4168-8a1c-66cb1a461853",
      "x": "btpw8Z2ep5xspfXznCvjK_-NxUhbyxQazevwqDujZxU",
      "y": "kr_aLscXmoXNA_1Xl3K2PDFd3_7hM0PIONmPcRuSRNY",
      "alg": "ECDH-ES"
    }
  ]
}
2022-11-20 20:10:15 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2022-11-20 20:10:15 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2022-11-20 20:10:15 SUCCESS
OIDCCLoadUserInfo
Added user information
user_info
{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "given_name": "Demo",
  "family_name": "User",
  "middle_name": "Theresa",
  "nickname": "Dee",
  "preferred_username": "d.tu",
  "gender": "female",
  "birthdate": "2000-02-03",
  "address": {
    "street_address": "100 Universal City Plaza",
    "locality": "Hollywood",
    "region": "CA",
    "postal_code": "91608",
    "country": "USA"
  },
  "zoneinfo": "America/Los_Angeles",
  "locale": "en-US",
  "phone_number": "+1 555 5550000",
  "phone_number_verified": false,
  "email": "user@example.com",
  "email_verified": false,
  "website": "https://openid.net/",
  "profile": "https://example.com/user",
  "updated_at": 1580000000
}
2022-11-20 20:10:15 SUCCESS
OIDCCGetStaticClientConfigurationForRPTests
Found a static client object
client_id
client-77c1aa57-dd0d-49b2-b107-29103a4db242
client_secret
client-77c1aa57-dd0d-49b2-b107-29103a4db242
scope
openid email
jwks
{
  "keys": [
    {
      "crv": "Ed25519",
      "x": "drsf-pg0BtaMF-mWYF4S7Ykt2tpce2JeFUR8mBptQSM",
      "kty": "OKP",
      "use": "sig",
      "alg": "EdDSA",
      "kid": "d040e499-36c2-4537-8cd7-8b5618d8ee28"
    }
  ]
}
id_token_signed_response_alg
EdDSA
redirect_uris
[
  "https://client-77c1aa57-dd0d-49b2-b107-29103a4db242.local/cb"
]
2022-11-20 20:10:15 SUCCESS
EnsureClientDoesNotHaveBothJwksAndJwksUri
Client does not have both jwks and jwks_uri set
client
{
  "client_id": "client-77c1aa57-dd0d-49b2-b107-29103a4db242",
  "client_secret": "client-77c1aa57-dd0d-49b2-b107-29103a4db242",
  "scope": "openid email",
  "jwks": {
    "keys": [
      {
        "crv": "Ed25519",
        "x": "drsf-pg0BtaMF-mWYF4S7Ykt2tpce2JeFUR8mBptQSM",
        "kty": "OKP",
        "use": "sig",
        "alg": "EdDSA",
        "kid": "d040e499-36c2-4537-8cd7-8b5618d8ee28"
      }
    ]
  },
  "id_token_signed_response_alg": "EdDSA",
  "redirect_uris": [
    "https://client-77c1aa57-dd0d-49b2-b107-29103a4db242.local/cb"
  ]
}
2022-11-20 20:10:15 INFO
FetchClientKeys
Skipped evaluation due to missing required element: client jwks_uri
path
jwks_uri
mapped
object
client
2022-11-20 20:10:15 SUCCESS
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
client_jwks
{
  "keys": [
    {
      "crv": "Ed25519",
      "x": "drsf-pg0BtaMF-mWYF4S7Ykt2tpce2JeFUR8mBptQSM",
      "kty": "OKP",
      "use": "sig",
      "alg": "EdDSA",
      "kid": "d040e499-36c2-4537-8cd7-8b5618d8ee28"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "d040e499-36c2-4537-8cd7-8b5618d8ee28",
      "x": "drsf-pg0BtaMF-mWYF4S7Ykt2tpce2JeFUR8mBptQSM",
      "alg": "EdDSA"
    }
  ]
}
2022-11-20 20:10:15 SUCCESS
ValidateClientJWKsPublicPart
Valid client JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2022-11-20 20:10:15 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2022-11-20 20:10:15 SUCCESS
EnsureClientJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2022-11-20 20:10:15 SUCCESS
ValidateClientGrantTypes
grant_types match response_types
grant_types
[
  "authorization_code"
]
response_types
[
  "code"
]
2022-11-20 20:10:15 SUCCESS
OIDCCValidateClientRedirectUris
Valid redirect_uri(s) provided in registration request
redirect_uris
[
  "https://client-77c1aa57-dd0d-49b2-b107-29103a4db242.local/cb"
]
2022-11-20 20:10:15 SUCCESS
ValidateClientLogoUris
Client does not contain any logo_uri
2022-11-20 20:10:15 SUCCESS
ValidateClientUris
Client does not contain any client_uri
2022-11-20 20:10:15 SUCCESS
ValidateClientPolicyUris
Client does not contain any policy_uri
2022-11-20 20:10:15 SUCCESS
ValidateClientTosUris
Client does not contain any tos_uri
2022-11-20 20:10:15 SUCCESS
ValidateClientSubjectType
A subject_type was not provided
2022-11-20 20:10:15 SUCCESS
ValidateIdTokenSignedResponseAlg
id_token_signed_response_alg is one of the known algorithms
alg
EdDSA
2022-11-20 20:10:15 SUCCESS
EnsureIdTokenEncryptedResponseAlgIsSetIfEncIsSet
id_token_encrypted_response_enc is not set
2022-11-20 20:10:15 INFO
ValidateUserinfoSignedResponseAlg
Skipped evaluation due to missing required element: client userinfo_signed_response_alg
path
userinfo_signed_response_alg
mapped
object
client
2022-11-20 20:10:15 SUCCESS
EnsureUserinfoEncryptedResponseAlgIsSetIfEncIsSet
userinfo_encrypted_response_enc is not set
2022-11-20 20:10:15 INFO
ValidateRequestObjectSigningAlg
Skipped evaluation due to missing required element: client request_object_signing_alg
path
request_object_signing_alg
mapped
object
client
2022-11-20 20:10:15 SUCCESS
EnsureRequestObjectEncryptionAlgIsSetIfEncIsSet
request_object_encryption_enc is not set
2022-11-20 20:10:15 INFO
ValidateTokenEndpointAuthSigningAlg
Skipped evaluation due to missing required element: client token_endpoint_auth_signing_alg
path
token_endpoint_auth_signing_alg
mapped
object
client
2022-11-20 20:10:15 SUCCESS
ValidateDefaultMaxAge
default_max_age is not set
2022-11-20 20:10:15 INFO
ValidateRequireAuthTime
Skipped evaluation due to missing required element: client require_auth_time
path
require_auth_time
mapped
object
client
2022-11-20 20:10:15 INFO
ValidateDefaultAcrValues
Skipped evaluation due to missing required element: client default_acr_values
path
default_acr_values
mapped
object
client
2022-11-20 20:10:15 INFO
ValidateInitiateLoginUri
Skipped evaluation due to missing required element: client initiate_login_uri
path
initiate_login_uri
mapped
object
client
2022-11-20 20:10:15 INFO
ValidateRequestUris
Skipped evaluation due to missing required element: client request_uris
path
request_uris
mapped
object
client
2022-11-20 20:10:15
SetServerSigningAlgToRS256
Successfully set signing algorithm to RS256
2022-11-20 20:10:15
SetClientIdTokenSignedResponseAlgToServerSigningAlg
Set id_token_signed_response_alg for the registered client
id_token_signed_response_alg
RS256
2022-11-20 20:10:15
oidcc-client-test-invalid-sig-rs256
Setup Done
2022-11-20 20:10:16 INCOMING
oidcc-client-test-invalid-sig-rs256
Incoming HTTP request to /test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/.well-known/openid-configuration
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "application/json",
  "user-agent": "oauth4webapi/v2.0.0",
  "accept-language": "*",
  "sec-fetch-mode": "cors",
  "accept-encoding": "br, gzip, deflate",
  "connection": "close"
}
incoming_path
/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/.well-known/openid-configuration
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{}
incoming_body
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
DHE-RSA-AES128-GCM-SHA256
incoming_body_json
Discovery endpoint
2022-11-20 20:10:16 OUTGOING
oidcc-client-test-invalid-sig-rs256
Response to HTTP request to test instance JIvPuT1XxgRzKZL
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "issuer": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "preferred_username",
    "gender",
    "birthdate",
    "address",
    "zoneinfo",
    "locale",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified",
    "website",
    "profile",
    "updated_at"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA-OAEP-384",
    "RSA-OAEP-512",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA-OAEP-384",
    "RSA-OAEP-512",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA-OAEP-384",
    "RSA-OAEP-512",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}
outgoing_path
.well-known/openid-configuration
2022-11-20 20:10:16 INCOMING
oidcc-client-test-invalid-sig-rs256
Incoming HTTP request to /test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/authorize
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "*/*",
  "accept-language": "*",
  "sec-fetch-mode": "cors",
  "user-agent": "undici",
  "accept-encoding": "br, gzip, deflate",
  "connection": "close"
}
incoming_path
/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/authorize
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{
  "client_id": "client-77c1aa57-dd0d-49b2-b107-29103a4db242",
  "code_challenge": "JcirCEJSTwNS5-A39puFot7ELKwg9VCJMe60WjzeZpE",
  "code_challenge_method": "S256",
  "redirect_uri": "https://client-77c1aa57-dd0d-49b2-b107-29103a4db242.local/cb",
  "response_type": "code",
  "scope": "openid email"
}
incoming_body
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
DHE-RSA-AES128-GCM-SHA256
incoming_body_json
Authorization endpoint
2022-11-20 20:10:16 SUCCESS
EnsureRequestDoesNotContainRequestObject
Request does not contain a request parameter
2022-11-20 20:10:16 SUCCESS
EnsureAuthorizationHttpRequestContainsOpenIDScope
Found 'openid' in scope http request parameter
actual
[
  "openid",
  "email"
]
expected
openid
2022-11-20 20:10:16 SUCCESS
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
effective_authorization_endpoint_request
{
  "client_id": "client-77c1aa57-dd0d-49b2-b107-29103a4db242",
  "code_challenge": "JcirCEJSTwNS5-A39puFot7ELKwg9VCJMe60WjzeZpE",
  "code_challenge_method": "S256",
  "redirect_uri": "https://client-77c1aa57-dd0d-49b2-b107-29103a4db242.local/cb",
  "response_type": "code",
  "scope": "openid email"
}
2022-11-20 20:10:16 SUCCESS
ExtractRequestedScopes
Requested scopes
scope
openid email
2022-11-20 20:10:16 INFO
ExtractNonceFromAuthorizationRequest
Couldn't find 'nonce' in authorization endpoint parameters
2022-11-20 20:10:16 SUCCESS
EnsureAuthorizationRequestContainsPkceCodeChallenge
Found required PKCE parameters in request
code_challenge_method
S256
code_challenge
JcirCEJSTwNS5-A39puFot7ELKwg9VCJMe60WjzeZpE
2022-11-20 20:10:16 SUCCESS
EnsureResponseTypeIsCode
Response type is expected value
expected
code
2022-11-20 20:10:16 SUCCESS
EnsureMatchingClientId
Client ID matched
client_id
client-77c1aa57-dd0d-49b2-b107-29103a4db242
2022-11-20 20:10:16 SUCCESS
EnsureValidRedirectUriForAuthorizationEndpointRequest
redirect_uri is one of the allowed redirect uris
actual
https://client-77c1aa57-dd0d-49b2-b107-29103a4db242.local/cb
expected
[
  "https://client-77c1aa57-dd0d-49b2-b107-29103a4db242.local/cb"
]
2022-11-20 20:10:16 SUCCESS
EnsureOpenIDInScopeRequest
Found 'openid' scope in request
actual
[
  "openid",
  "email"
]
expected
openid
2022-11-20 20:10:16 SUCCESS
DisallowMaxAgeEqualsZeroAndPromptNone
The client did not send max_age=0 and prompt=none parameters as expected
2022-11-20 20:10:16 SUCCESS
CreateAuthorizationCode
Created authorization code
authorization_code
aA9hsJG2ExDXJ51enHP0VmnO0poCu0Vv
2022-11-20 20:10:16 SUCCESS
CalculateCHash
Successful c_hash encoding
c_hash
aAzGQ3-9NS8mFlzGZCYBaA
2022-11-20 20:10:16 SUCCESS
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
params
{
  "redirect_uri": "https://client-77c1aa57-dd0d-49b2-b107-29103a4db242.local/cb"
}
2022-11-20 20:10:16 SUCCESS
AddCodeToAuthorizationEndpointResponseParams
Added code to authorization endpoint response params
authorization_endpoint_response_params
{
  "redirect_uri": "https://client-77c1aa57-dd0d-49b2-b107-29103a4db242.local/cb",
  "code": "aA9hsJG2ExDXJ51enHP0VmnO0poCu0Vv"
}
2022-11-20 20:10:16
SendAuthorizationResponseWithResponseModeQuery
Redirecting back to client
uri
https://client-77c1aa57-dd0d-49b2-b107-29103a4db242.local/cb?code=aA9hsJG2ExDXJ51enHP0VmnO0poCu0Vv
2022-11-20 20:10:16 OUTGOING
oidcc-client-test-invalid-sig-rs256
Response to HTTP request to test instance JIvPuT1XxgRzKZL
outgoing
org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [https://client-77c1aa57-dd0d-49b2-b107-29103a4db242.local/cb?code=aA9hsJG2ExDXJ51enHP0VmnO0poCu0Vv]
outgoing_path
authorize
2022-11-20 20:10:16 INCOMING
oidcc-client-test-invalid-sig-rs256
Incoming HTTP request to /test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/token
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "application/json",
  "authorization": "Basic Y2xpZW50LTc3YzFhYTU3LWRkMGQtNDliMi1iMTA3LTI5MTAzYTRkYjI0MjpjbGllbnQtNzdjMWFhNTctZGQwZC00OWIyLWIxMDctMjkxMDNhNGRiMjQy",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "user-agent": "oauth4webapi/v2.0.0",
  "accept-language": "*",
  "sec-fetch-mode": "cors",
  "accept-encoding": "br, gzip, deflate",
  "connection": "close",
  "content-length": "207"
}
incoming_path
/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/token
incoming_body_form_params
{
  "redirect_uri": "https://client-77c1aa57-dd0d-49b2-b107-29103a4db242.local/cb",
  "code_verifier": "hMbUmLOyzKouPIw4__yZtyQSbPrPYWkIf3wTzYRS7FI",
  "code": "aA9hsJG2ExDXJ51enHP0VmnO0poCu0Vv",
  "grant_type": "authorization_code"
}
incoming_method
POST
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{}
incoming_body
redirect_uri=https%3A%2F%2Fclient-77c1aa57-dd0d-49b2-b107-29103a4db242.local%2Fcb&code_verifier=hMbUmLOyzKouPIw4__yZtyQSbPrPYWkIf3wTzYRS7FI&code=aA9hsJG2ExDXJ51enHP0VmnO0poCu0Vv&grant_type=authorization_code
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
DHE-RSA-AES128-GCM-SHA256
incoming_body_json
Token endpoint
2022-11-20 20:10:16
CheckClientIdMatchesOnTokenRequestIfPresent
client_id not present, nothing to check
2022-11-20 20:10:16 SUCCESS
ExtractClientCredentialsFromBasicAuthorizationHeader
Extracted client authentication
client_id
client-77c1aa57-dd0d-49b2-b107-29103a4db242
client_secret
client-77c1aa57-dd0d-49b2-b107-29103a4db242
method
client_secret_basic
2022-11-20 20:10:16 SUCCESS
ValidateClientIdAndSecret
Client id and secret match
2022-11-20 20:10:16 SUCCESS
ValidateAuthorizationCode
Found authorization code
authorization_code
aA9hsJG2ExDXJ51enHP0VmnO0poCu0Vv
2022-11-20 20:10:16 SUCCESS
ValidateRedirectUriForTokenEndpointRequest
redirect_uri is the same as the one used in the authorization request
actual
https://client-77c1aa57-dd0d-49b2-b107-29103a4db242.local/cb
2022-11-20 20:10:16 SUCCESS
GenerateBearerAccessToken
Generated access token
access_token
aWvsmi6SAqWVofkHsUDqXFzdbEUMMQ6Du5062M3Url8I8mN0U7
2022-11-20 20:10:16 SUCCESS
CalculateAtHash
Successful at_hash encoding
at_hash
1eVwhL0lB4wVKyu2k2eNJw
2022-11-20 20:10:16 SUCCESS
GenerateIdTokenClaims
Created ID Token Claims
iss
https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/
sub
user-subject-1234531
aud
client-77c1aa57-dd0d-49b2-b107-29103a4db242
iat
1668975016
exp
1668975316
2022-11-20 20:10:16 SUCCESS
AddAtHashToIdTokenClaims
Added at_hash to ID token claims
at_hash
1eVwhL0lB4wVKyu2k2eNJw
id_token_claims
{
  "iss": "https://www.certification.openid.net/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/",
  "sub": "user-subject-1234531",
  "aud": "client-77c1aa57-dd0d-49b2-b107-29103a4db242",
  "iat": 1668975016,
  "exp": 1668975316,
  "at_hash": "1eVwhL0lB4wVKyu2k2eNJw"
}
2022-11-20 20:10:16 SUCCESS
OIDCCSignIdToken
Signed the ID token
id_token
eyJraWQiOiJjM2NkYzMxZC1iZGZlLTQyOTItOGU0OS1lZGI0MmJjMzAwNzgiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiMWVWd2hMMGxCNHdWS3l1MmsyZU5KdyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50LTc3YzFhYTU3LWRkMGQtNDliMi1iMTA3LTI5MTAzYTRkYjI0MiIsImlzcyI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC83N2MxYWE1Ny1kZDBkLTQ5YjItYjEwNy0yOTEwM2E0ZGIyNDJcLyIsImV4cCI6MTY2ODk3NTMxNiwiaWF0IjoxNjY4OTc1MDE2fQ.k-hkEQze0hGjfMB1FaUxLJNnvheZ28ftlKdPYU7bITqXmh6Y7ifL7DDOrUM4JCzEgyZSqVbId46HafiHbms8CMbynB21G_vA40Jc3FPFvXVP0qNzrUfJcIZdwrS8TlSo5omp2bUDLaHPFCSKTHKhG50XaMJWVkQEJPpLqHBOUHmPGToZn4rGecZU2ecz9rwPZL2Rta9Rd4epezSYrnRUWVFZsnfaWjD-zc9VIC2bR09WHlkz6rcH7cBdUAqJ5P0Sml8yDf8jljT28DNDEd9Qq8M_raPcL_SrgU_k7OzcS4JDfiZv0fpwOzctJy1i0ze_fXY5VgsyoDzAfxmN9dDh-g
key
{"p":"7T5VmL6zk7U_WtKVGu_dKlpri-c-KQtQwmVHQ_vhV6vFQYWe4z5vOHDe5ts9sMcJ1ni_fllOPr0nX_pNWvUrddbh8cqRjBgpSHpDGzobYaw0NbSEZYP-agH4i9JGZy2LYQ0H5UfQqnWakZ-yZX2jBfYyMVp8W1ejm8yVq0V0mKU","kty":"RSA","q":"ojz2b4h7kVP_ElmqW2ouPUnoktmxrIB5ff-EhI_v28xuHF3GEMovhpVcUrDK4vqFgzczPmtiDiAr4oyWeHBfLQhpUj6o3b0e0UjDi8Q3S6WAB73XJRp16WX_FVMZUazGPAJpWfnghiyBt8o0ojpVn9MlD4S2JRT4whbS4U6UL5c","d":"Si3J613roMlYliWjeboUYeHGavBMBSSUgRCMyA-eep9oxb1P7iXs0GxIFWkbP4NDB4D_tjvGfsmSRGcJ85RAnFjwgJUUUB-166n_lQRG5-BJ5rgcXnteVfVQJUuLniaLzT9fIl8Clq9Zw3aTBYtNul71hEfBZi9bVwvovOf2HdAiwzDnuZyYvz3B3hOJ1hYQNOPlPlvKAnk263qFEKXsDtzpsjC6Um2N9T5Caacy51euitaIy9TEhJstPRkC-LuYqP-1mYMKzsJrGCPxuD7tqMxfyL9ZISi2orj_2zu5Xiq0zKIC8AXg2IcwZO9XUNXHjw7tdTYv7Oj_v0zYsa9_UQ","e":"AQAB","use":"sig","kid":"c3cdc31d-bdfe-4292-8e49-edb42bc30078","qi":"d1ZhaIfMd3hr0tTRXVZNneKnRDi_bmfXrbE-BsjkV237C87n2apoRefrw-ulbLYX4IM3JOnXansrOavdsJccvmIdrtj8nX0ctBrFBImWjRQViDlPe6lUpLMYQCAQC2eOndly409iL0QCVuj8cSdcfY9FmXEM8EKZha7lIJiEsOA","dp":"4aYOSA_qQa18qufsRgiq9WO3MwQozWUj1SH7XKAwPvDz11Q-Qanao3ZHrJAO5xsJMmL60DQlBetnjhRGiyLxyU0u7olbUkKQ0YzoUvc7n_ToW8RswRmAXFevjV3c9LoO_aolPmDGCbt93tBkH8AV1M_MAcEs0rxSsxctrA-NzLk","dq":"dMcWx39hGmFwl3_NHNHYCKubaaCiwD0Vtjjm5RhKGVcT5v0kpU8zWFdIRgkVcL3Mvn9MNmDLCsnjbMWvRW_1Qg_s55NMr5cCiLgscP1CpAOznV7rbryWJPMS4gGXlu-bHPTLakVvdISytl0o96Cvo0QzR_FJvnVS_Tm6fwy1o28","n":"llnxJ_s92yT8Je0K9-u3ceqP6WC54SCFkCbffwN0zIEsxhvh4MnicHeGRqn5o6v4KvnFT3htyV7n5js9kf9uc7Nl-Mq5Ji1-Vx88ZtRf7Y_fX2NzYGJG2uV-VZGDNEGCBG1bjel1fcJHoHzUN8nOzIbY_jiC9_I0RgwAQoLp7LSfxS3f2ymGtBKm9-C05VuQAx22jB7RluZehFGLKgedYN4yOY3wBVNUFTqCbv1SthmqbsPhKM7lTO0LpVuhwLTg4r-4FSQWx0cR-b5BPbLbPNmZR_ocBHXgQGS4L_bKRSgB7BsOJ0U8VpxdhlbrmPm-ShjKHM6wRQgEM-q15TBUUw"}
algorithm
RS256
2022-11-20 20:10:16
InvalidateIdTokenSignature
Made the id_token signature invalid
id_token
eyJraWQiOiJjM2NkYzMxZC1iZGZlLTQyOTItOGU0OS1lZGI0MmJjMzAwNzgiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiMWVWd2hMMGxCNHdWS3l1MmsyZU5KdyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50LTc3YzFhYTU3LWRkMGQtNDliMi1iMTA3LTI5MTAzYTRkYjI0MiIsImlzcyI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC83N2MxYWE1Ny1kZDBkLTQ5YjItYjEwNy0yOTEwM2E0ZGIyNDJcLyIsImV4cCI6MTY2ODk3NTMxNiwiaWF0IjoxNjY4OTc1MDE2fQ.ybI-S1aEiEv5JpovT_9rdsk95E3DgZ23zv0VOxSBe2DNwETCtH2RtmqU9xlifnae2XwI8wySLdTdM6LdNDFmUpyoxkfvQaGauRgGhgmf5y8ViPkp9x2TKtwHmO7mFA7yvNPzg-9Zd_uVTn7QFij7QcdNMpgMDB5efqAR8ioUCiPVQ2BDxdCcI5wOg71prOZVPufL7_ULLd3zIW7C9C4OAwsD6C2AAGqkl5UPenfBHRUMRANpsO1dt5oHClDTvqdIwAVoV6V5zG6sqmkZS4UK8Zll9_mGda7x2xW-traGEdgZJHw1i6AqYW13fXc4iW3lJyxjDFFo-maaJUPXr4q7oA
2022-11-20 20:10:16 INFO
EncryptIdToken
Skipped evaluation due to missing required element: client id_token_encrypted_response_alg
path
id_token_encrypted_response_alg
mapped
object
client
2022-11-20 20:10:16 SUCCESS
CreateTokenEndpointResponse
Created token endpoint response
access_token
aWvsmi6SAqWVofkHsUDqXFzdbEUMMQ6Du5062M3Url8I8mN0U7
token_type
Bearer
id_token
eyJraWQiOiJjM2NkYzMxZC1iZGZlLTQyOTItOGU0OS1lZGI0MmJjMzAwNzgiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiMWVWd2hMMGxCNHdWS3l1MmsyZU5KdyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50LTc3YzFhYTU3LWRkMGQtNDliMi1iMTA3LTI5MTAzYTRkYjI0MiIsImlzcyI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC83N2MxYWE1Ny1kZDBkLTQ5YjItYjEwNy0yOTEwM2E0ZGIyNDJcLyIsImV4cCI6MTY2ODk3NTMxNiwiaWF0IjoxNjY4OTc1MDE2fQ.ybI-S1aEiEv5JpovT_9rdsk95E3DgZ23zv0VOxSBe2DNwETCtH2RtmqU9xlifnae2XwI8wySLdTdM6LdNDFmUpyoxkfvQaGauRgGhgmf5y8ViPkp9x2TKtwHmO7mFA7yvNPzg-9Zd_uVTn7QFij7QcdNMpgMDB5efqAR8ioUCiPVQ2BDxdCcI5wOg71prOZVPufL7_ULLd3zIW7C9C4OAwsD6C2AAGqkl5UPenfBHRUMRANpsO1dt5oHClDTvqdIwAVoV6V5zG6sqmkZS4UK8Zll9_mGda7x2xW-traGEdgZJHw1i6AqYW13fXc4iW3lJyxjDFFo-maaJUPXr4q7oA
scope
openid email
2022-11-20 20:10:16 OUTGOING
oidcc-client-test-invalid-sig-rs256
Response to HTTP request to test instance JIvPuT1XxgRzKZL
outgoing_status_code
200
outgoing_headers
{}
outgoing_body
{
  "access_token": "aWvsmi6SAqWVofkHsUDqXFzdbEUMMQ6Du5062M3Url8I8mN0U7",
  "token_type": "Bearer",
  "id_token": "eyJraWQiOiJjM2NkYzMxZC1iZGZlLTQyOTItOGU0OS1lZGI0MmJjMzAwNzgiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiMWVWd2hMMGxCNHdWS3l1MmsyZU5KdyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiY2xpZW50LTc3YzFhYTU3LWRkMGQtNDliMi1iMTA3LTI5MTAzYTRkYjI0MiIsImlzcyI6Imh0dHBzOlwvXC93d3cuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0XC90ZXN0XC9hXC83N2MxYWE1Ny1kZDBkLTQ5YjItYjEwNy0yOTEwM2E0ZGIyNDJcLyIsImV4cCI6MTY2ODk3NTMxNiwiaWF0IjoxNjY4OTc1MDE2fQ.ybI-S1aEiEv5JpovT_9rdsk95E3DgZ23zv0VOxSBe2DNwETCtH2RtmqU9xlifnae2XwI8wySLdTdM6LdNDFmUpyoxkfvQaGauRgGhgmf5y8ViPkp9x2TKtwHmO7mFA7yvNPzg-9Zd_uVTn7QFij7QcdNMpgMDB5efqAR8ioUCiPVQ2BDxdCcI5wOg71prOZVPufL7_ULLd3zIW7C9C4OAwsD6C2AAGqkl5UPenfBHRUMRANpsO1dt5oHClDTvqdIwAVoV6V5zG6sqmkZS4UK8Zll9_mGda7x2xW-traGEdgZJHw1i6AqYW13fXc4iW3lJyxjDFFo-maaJUPXr4q7oA",
  "scope": "openid email"
}
outgoing_path
token
2022-11-20 20:10:16 INCOMING
oidcc-client-test-invalid-sig-rs256
Incoming HTTP request to /test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/userinfo
incoming_headers
{
  "host": "www.certification.openid.net",
  "accept": "application/json, application/jwt",
  "authorization": "Bearer aWvsmi6SAqWVofkHsUDqXFzdbEUMMQ6Du5062M3Url8I8mN0U7",
  "user-agent": "oauth4webapi/v2.0.0",
  "accept-language": "*",
  "sec-fetch-mode": "cors",
  "accept-encoding": "br, gzip, deflate",
  "connection": "close"
}
incoming_path
/test/a/77c1aa57-dd0d-49b2-b107-29103a4db242/userinfo
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{}
incoming_body
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
DHE-RSA-AES128-GCM-SHA256
incoming_body_json
2022-11-20 20:10:16 SKIPPED
oidcc-client-test-invalid-sig-rs256
The test was skipped: The client continued and called the userinfo endpoint after receiving an id token with an invalid signature from the token endpoint. This is acceptable as clients are not required to validate the signatures on id tokens received over a TLS protected connection.
2022-11-20 20:10:16 FINISHED
oidcc-client-test-invalid-sig-rs256
Test has run to completion
testmodule_result
SKIPPED
2022-11-20 20:10:18
TEST-RUNNER
Alias has now been claimed by another test
alias
77c1aa57-dd0d-49b2-b107-29103a4db242
new_test_id
ff2KyPwyMi56GHs
Test Results