Test Summary

Test Results

Expand All Collapse All
All times are UTC
2022-11-28 05:16:26 INFO
TEST-RUNNER
Test instance voHAp9AN5gZjmzP created
baseUrl
https://www.certification.openid.net/test/a/isv_op_oidc_core_test
variant
{
  "client_auth_type": "private_key_jwt",
  "response_type": "code id_token",
  "server_metadata": "discovery",
  "client_registration": "dynamic_client",
  "response_mode": "default"
}
alias
isv_op_oidc_core_test
description
isv_op_oidc_core_test_dynamic_client
planId
OnmlfiYkW6Bbn
config
{
  "server": {
    "discoveryUrl": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/.well-known/openid-configuration",
    "login_hint": "isvdev@ibm.com"
  },
  "client": {
    "client_name": "Ristretto Core Conformance Test Dynamic Client One"
  },
  "client2": {
    "client_name": "Ristretto Core Conformance Test Dynamic Client Two"
  },
  "consent": {},
  "alias": "isv_op_oidc_core_test",
  "description": "isv_op_oidc_core_test_dynamic_client"
}
testName
oidcc-redirect-uri-query-OK
2022-11-28 05:16:26 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback
2022-11-28 05:16:26
GetDynamicServerConfiguration
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2022-11-28 05:16:27 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-frame-options": "SAMEORIGIN",
  "x-content-type-options": "nosniff",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "expires": "0",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK735be323-36ac-48c7-a026-a9025b89189d",
  "content-security-policy": "frame-ancestors \u0027self\u0027",
  "x-ua-compatible": "IE\u003dedge",
  "x-global-transaction-id": "efc5c2816384442a3738a2b1",
  "vary": "Accept-Encoding",
  "date": "Mon, 28 Nov 2022 05:16:27 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:MvRAYrO8RPZ5adhQjw5QZCfiTcXOljwrkJI2Cx5SkyQ\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:54725591; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003dA5FEEF070C98A3B39E75D02849384226~-1~YAAQXXYGFxv44oSEAQAAYkiqvAglguygevefKJurwRRvS09qsaB19wBxuqALdjbcRMbHWGbjZo7EZMt5Y9SIJbrcsBX/zloKVNK6IcXZN3z9ndEpvNNTHv+F2C/y90GkWEKYJuwtH3ofkSQ0fN/Twgr6gfh4rXXDiMzlMETR0b4XJWZ4xLGLkI5fui7WLF3R57j5DhuD0k5AZUNfezPndDfrVlntKlinmsHqbaCbWcafPRFmns8y4qaWPwmeV/JSO4kL5lFyjp4RsGrd8AuyhdnPPSBCkHKxsHdLggl1x1zGThy3w1m4MLUSaRG8eBDRY6sG3jjJoyC+j/QlLTDwCTYxcWyb5veUZP8eIE51sJCCO1W804Ci36l1WHDFtOKH6lurhus\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dTue, 28 Nov 2023 05:16:27 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d7A30A9BF4E705318516C5685228CF93D~YAAQXXYGFxz44oSEAQAAYkiqvBGPyBka9sqToSgoEOMqgnsVMisna7HzRtaY+B8e6ePzKNPSLKDrlJx5wzhkq0Z0UxbpW6FNGa7TcdNUlSwJmw5+xovkv38RjWSfMMvDBbY5vMMIlqO9Ajy9IMuEg6Zl3kUgGSbm5BZo2W0FOUzsUQrr8Fe+hxcSeFPFCkNhu7ZPuvm5ugPiCFHdUDj5nNz29vz1Qvmne1Nw/rtxtkmFU5IeajctbOcmNTec7l6I9J2r7DsaBZ8G3JmyeIFh7iBJ0worrOWZtplP9xSeftaZV5wW07g5r91n1OCT~4405060~4339778; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 28 Nov 2022 09:16:26 GMT; Max-Age\u003d14399; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d92",
    "origin; dur\u003d234"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body
{"issuer":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2","authorization_endpoint":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/authorize","token_endpoint":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/token","introspection_endpoint":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/introspect","userinfo_endpoint":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/userinfo","revocation_endpoint":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/revoke","pushed_authorization_request_endpoint":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/par","registration_endpoint":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register","jwks_uri":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/jwks","response_types_supported":["none","code","token","id_token","code token","code id_token","token id_token","code token id_token"],"response_modes_supported":["query","fragment","form_post","jwt","query.jwt","fragment.jwt","form_post.jwt"],"grant_types_supported":["authorization_code","implicit","password","refresh_token","client_credentials"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","private_key_jwt","tls_client_auth"],"authorization_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"authorization_encryption_alg_values_supported":["none","RSA-OAEP","RSA-OAEP-256"],"authorization_encryption_enc_values_supported":["none","A128GCM","A192GCM","A256GCM"],"id_token_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"id_token_encryption_alg_values_supported":["none","RSA-OAEP","RSA-OAEP-256"],"id_token_encryption_enc_values_supported":["none","A128GCM","A192GCM","A256GCM"],"userinfo_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"userinfo_encryption_alg_values_supported":["none","RSA-OAEP","RSA-OAEP-256"],"userinfo_encryption_enc_values_supported":["none","A128GCM","A192GCM","A256GCM"],"token_endpoint_auth_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"request_object_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"request_object_encryption_alg_values_supported":["none","RSA-OAEP","RSA-OAEP-256"],"request_object_encryption_enc_values_supported":["none","A128GCM","A192GCM","A256GCM"],"subject_types_supported":["public"],"scopes_supported":["openid","profile","email","phone","address"],"claims_supported":["given_name","employee_id","department","realmName","email","uid","name","job_title","upn","preferred_username","groupIds","tenantId","mobile_number","family_name","iss","acr"],"claim_types_supported":["normal"],"claims_parameter_supported":true,"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"tls_client_certificate_bound_access_tokens":true,"mtls_endpoint_aliases":{"introspection_endpoint":"https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/introspect","pushed_authorization_request_endpoint":"https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/par","revocation_endpoint":"https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/revoke","token_endpoint":"https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/token"},"dpop_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"]}
2022-11-28 05:16:27 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
issuer
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2
authorization_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/authorize
token_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/token
introspection_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/introspect
userinfo_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/userinfo
revocation_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/revoke
pushed_authorization_request_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/par
registration_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register
jwks_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/jwks
response_types_supported
[
  "none",
  "code",
  "token",
  "id_token",
  "code token",
  "code id_token",
  "token id_token",
  "code token id_token"
]
response_modes_supported
[
  "query",
  "fragment",
  "form_post",
  "jwt",
  "query.jwt",
  "fragment.jwt",
  "form_post.jwt"
]
grant_types_supported
[
  "authorization_code",
  "implicit",
  "password",
  "refresh_token",
  "client_credentials"
]
token_endpoint_auth_methods_supported
[
  "client_secret_basic",
  "client_secret_post",
  "private_key_jwt",
  "tls_client_auth"
]
authorization_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES384",
  "ES512"
]
authorization_encryption_alg_values_supported
[
  "none",
  "RSA-OAEP",
  "RSA-OAEP-256"
]
authorization_encryption_enc_values_supported
[
  "none",
  "A128GCM",
  "A192GCM",
  "A256GCM"
]
id_token_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES384",
  "ES512"
]
id_token_encryption_alg_values_supported
[
  "none",
  "RSA-OAEP",
  "RSA-OAEP-256"
]
id_token_encryption_enc_values_supported
[
  "none",
  "A128GCM",
  "A192GCM",
  "A256GCM"
]
userinfo_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES384",
  "ES512"
]
userinfo_encryption_alg_values_supported
[
  "none",
  "RSA-OAEP",
  "RSA-OAEP-256"
]
userinfo_encryption_enc_values_supported
[
  "none",
  "A128GCM",
  "A192GCM",
  "A256GCM"
]
token_endpoint_auth_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES384",
  "ES512"
]
request_object_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES384",
  "ES512"
]
request_object_encryption_alg_values_supported
[
  "none",
  "RSA-OAEP",
  "RSA-OAEP-256"
]
request_object_encryption_enc_values_supported
[
  "none",
  "A128GCM",
  "A192GCM",
  "A256GCM"
]
subject_types_supported
[
  "public"
]
scopes_supported
[
  "openid",
  "profile",
  "email",
  "phone",
  "address"
]
claims_supported
[
  "given_name",
  "employee_id",
  "department",
  "realmName",
  "email",
  "uid",
  "name",
  "job_title",
  "upn",
  "preferred_username",
  "groupIds",
  "tenantId",
  "mobile_number",
  "family_name",
  "iss",
  "acr"
]
claim_types_supported
[
  "normal"
]
claims_parameter_supported
true
request_parameter_supported
true
request_uri_parameter_supported
true
require_request_uri_registration
true
tls_client_certificate_bound_access_tokens
true
mtls_endpoint_aliases
{
  "introspection_endpoint": "https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/introspect",
  "pushed_authorization_request_endpoint": "https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/par",
  "revocation_endpoint": "https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/revoke",
  "token_endpoint": "https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/token"
}
dpop_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES384",
  "ES512"
]
2022-11-28 05:16:27 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2022-11-28 05:16:27 SUCCESS
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
registration_endpoint
{
  "testHost": "oidc-conformance.rel.verify.ibmcloudsecurity.com",
  "testPort": 443
}
authorization_endpoint
{
  "testHost": "oidc-conformance.rel.verify.ibmcloudsecurity.com",
  "testPort": 443
}
token_endpoint
{
  "testHost": "oidc-conformance.rel.verify.ibmcloudsecurity.com",
  "testPort": 443
}
userinfo_endpoint
{
  "testHost": "oidc-conformance.rel.verify.ibmcloudsecurity.com",
  "testPort": 443
}
2022-11-28 05:16:27
FetchServerKeys
Fetching server key
jwks_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/jwks
2022-11-28 05:16:27
FetchServerKeys
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/jwks
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2022-11-28 05:16:27 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-frame-options": "SAMEORIGIN",
  "x-content-type-options": "nosniff",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "expires": "0",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AKfec6bfa6-9ffc-43c3-a614-613f7bca8c6a",
  "content-security-policy": "frame-ancestors \u0027self\u0027",
  "x-ua-compatible": "IE\u003dedge",
  "x-global-transaction-id": "efc5c2816384442b3738a461",
  "vary": "Accept-Encoding",
  "date": "Mon, 28 Nov 2022 05:16:27 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:flNUyYk/B0TJBnbuDePWpjGWxwGwdrhcKtGa9JFcwHo\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:61017047; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d321C3BA1786DE0AB5898D88D44C1AB3D~-1~YAAQXXYGFyX44oSEAQAAf0mqvAizGGAI/cvIAx7oLIzRl8fvv225NsCGtgYEPxrfG67HVSLyOtArjWQY17MXyODWsrcRDh3Tql/mgCH98prUwc+XUxFNt+wnBhmel/5xTtyKZJCiKiMlvQxCBUUW0x1yqaebjTad7+PHN8s75gs+LZiLR2y6ic1NBqXEQ7mCYDIYYToCf0G1OmocrsLFiXItnGssDRUVhzILG5qByMeXcEZl0xrL6VRHIEloKl4DA1P2Z0RL2v9FscMl7EXbXE06VgMbUtfESTHsB28sXDr8k+zk4vf4TorFT19kVMZNZWYwUTXCmyfctUPLnKlKsq9+zMsLzVZDqf2S6Ii6W7pMaZGxkbEhEzrwIWAv1wLQkf7wBfo\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dTue, 28 Nov 2023 05:16:27 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d8B73D9CD9C32656B0F1254C379ED065D~YAAQXXYGFyb44oSEAQAAf0mqvBFSfaOrdiT+B0HyAOUisRWRi/9zBFT0NHR8osqc3EW/4OJrv70WVVWQ4KrpcdbNe6CyMeHyK+yTmrPfa10ufdebR14ZZA667GcP0uDy/lzz7yoYp2i3SPG39uxKjdXxppLjdFzgrtn2PK2RbYfVjD4Pa1bZ6OtHKSKZIiHaHpux181tAPCcUzJ4mhU5/jkMN2N/ovWZ+mCLT9Nkr8m2gZ6DVKdOd3uPge7+Cl323z9Z4/i4aDey+SIKLxVcTMDiT6cvCZr/A77/qqu0J5tIofP69QBjI5y6A9hi~3686982~4473394; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 28 Nov 2022 09:16:27 GMT; Max-Age\u003d14400; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d102",
    "origin; dur\u003d107"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body
{"keys":[{"kid":"server","kty":"RSA","use":"sig","x5c":["MIIDYDCCAkigAwIBAgIEIFW8uDANBgkqhkiG9w0BAQsFADByMQkwBwYDVQQGEwAxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYDVQQKEwAxCTAHBgNVBAsTADE5MDcGA1UEAxMwb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tMB4XDTIyMTExNDA0NDI0MFoXDTMyMTExMTA0NDI0MFowcjEJMAcGA1UEBhMAMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJMAcGA1UEChMAMQkwBwYDVQQLEwAxOTA3BgNVBAMTMG9pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALBtmxl55OH/ceueSG0bRucWkdCLybhWwz+x9J6IOb8Q89d4lcd7xhdkN+9nYEjqQMDrUEFDj2ajikKlxrJk7tZSkbu5skFuxHUETDhjHBqnNQb1jwhAdYzBPFTyQ9Ii7lm0uYTthnBJKvpvjKPoz7H9Vuu15RNDujq7RF6sDGSIJUTaxbx7EM2Xv37iqfSAjaMCvfLelacNHUfCAoyGeJYXCIOnlg2/KdfoN4QHKw9Dwq12Br2vau/TcvbD8Na4b+Mm/NEf00wFjt+MtbMCDyUFMQbsAuAk2eFS3eABb1VOQ9ZZOOcsXwB4nRewWIVVhJyMEixDXxm73G9oJBUpI6sCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhvvrczfcb1xsYJeEiVtctWlLfHXyKkfyJpIU1nTGdKpd18tPv4OeLMyuJsOFenhJD95UauFwz3AT1zdHShp04JHWTtkb7aezFN4C9fpb97BUR0BheoYzkC6pgZ7M4QkkKE/AKYZfWLahqcbZ6ICmUfXyDJ2mWpXLpLm+l6jh32NF74ho8h4b65cMpDk5mFEp9vf1WgnmaWGtFjVuhAgaS8IrYcDy3DzVrZX/0kCPa0EXng7Xx1IkhUaKz0ajx3ZCmC6HmNa6U+oDKboGq7w1ZfscjOr8nB9M0f5BUAQN1m0nGAR1Ac96BMjfwwS/05lpPLF3Dv5CzOGLuIi0Cws7xA=="],"x5t#S256":"PVCDmVgwC-YE7Q8Bfe_9jJ8izpYjwStjUEYZEe-58Y4","n":"sG2bGXnk4f9x655IbRtG5xaR0IvJuFbDP7H0nog5vxDz13iVx3vGF2Q372dgSOpAwOtQQUOPZqOKQqXGsmTu1lKRu7myQW7EdQRMOGMcGqc1BvWPCEB1jME8VPJD0iLuWbS5hO2GcEkq-m-Mo-jPsf1W67XlE0O6OrtEXqwMZIglRNrFvHsQzZe_fuKp9ICNowK98t6Vpw0dR8ICjIZ4lhcIg6eWDb8p1-g3hAcrD0PCrXYGva9q79Ny9sPw1rhv4yb80R_TTAWO34y1swIPJQUxBuwC4CTZ4VLd4AFvVU5D1lk45yxfAHidF7BYhVWEnIwSLENfGbvcb2gkFSkjqw","e":"AQAB"}]}
2022-11-28 05:16:27
FetchServerKeys
Found JWK set string
jwk_string
{"keys":[{"kid":"server","kty":"RSA","use":"sig","x5c":["MIIDYDCCAkigAwIBAgIEIFW8uDANBgkqhkiG9w0BAQsFADByMQkwBwYDVQQGEwAxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYDVQQKEwAxCTAHBgNVBAsTADE5MDcGA1UEAxMwb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tMB4XDTIyMTExNDA0NDI0MFoXDTMyMTExMTA0NDI0MFowcjEJMAcGA1UEBhMAMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJMAcGA1UEChMAMQkwBwYDVQQLEwAxOTA3BgNVBAMTMG9pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALBtmxl55OH/ceueSG0bRucWkdCLybhWwz+x9J6IOb8Q89d4lcd7xhdkN+9nYEjqQMDrUEFDj2ajikKlxrJk7tZSkbu5skFuxHUETDhjHBqnNQb1jwhAdYzBPFTyQ9Ii7lm0uYTthnBJKvpvjKPoz7H9Vuu15RNDujq7RF6sDGSIJUTaxbx7EM2Xv37iqfSAjaMCvfLelacNHUfCAoyGeJYXCIOnlg2/KdfoN4QHKw9Dwq12Br2vau/TcvbD8Na4b+Mm/NEf00wFjt+MtbMCDyUFMQbsAuAk2eFS3eABb1VOQ9ZZOOcsXwB4nRewWIVVhJyMEixDXxm73G9oJBUpI6sCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhvvrczfcb1xsYJeEiVtctWlLfHXyKkfyJpIU1nTGdKpd18tPv4OeLMyuJsOFenhJD95UauFwz3AT1zdHShp04JHWTtkb7aezFN4C9fpb97BUR0BheoYzkC6pgZ7M4QkkKE/AKYZfWLahqcbZ6ICmUfXyDJ2mWpXLpLm+l6jh32NF74ho8h4b65cMpDk5mFEp9vf1WgnmaWGtFjVuhAgaS8IrYcDy3DzVrZX/0kCPa0EXng7Xx1IkhUaKz0ajx3ZCmC6HmNa6U+oDKboGq7w1ZfscjOr8nB9M0f5BUAQN1m0nGAR1Ac96BMjfwwS/05lpPLF3Dv5CzOGLuIi0Cws7xA=="],"x5t#S256":"PVCDmVgwC-YE7Q8Bfe_9jJ8izpYjwStjUEYZEe-58Y4","n":"sG2bGXnk4f9x655IbRtG5xaR0IvJuFbDP7H0nog5vxDz13iVx3vGF2Q372dgSOpAwOtQQUOPZqOKQqXGsmTu1lKRu7myQW7EdQRMOGMcGqc1BvWPCEB1jME8VPJD0iLuWbS5hO2GcEkq-m-Mo-jPsf1W67XlE0O6OrtEXqwMZIglRNrFvHsQzZe_fuKp9ICNowK98t6Vpw0dR8ICjIZ4lhcIg6eWDb8p1-g3hAcrD0PCrXYGva9q79Ny9sPw1rhv4yb80R_TTAWO34y1swIPJQUxBuwC4CTZ4VLd4AFvVU5D1lk45yxfAHidF7BYhVWEnIwSLENfGbvcb2gkFSkjqw","e":"AQAB"}]}
2022-11-28 05:16:27 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kid": "server",
      "kty": "RSA",
      "use": "sig",
      "x5c": [
        "MIIDYDCCAkigAwIBAgIEIFW8uDANBgkqhkiG9w0BAQsFADByMQkwBwYDVQQGEwAxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYDVQQKEwAxCTAHBgNVBAsTADE5MDcGA1UEAxMwb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tMB4XDTIyMTExNDA0NDI0MFoXDTMyMTExMTA0NDI0MFowcjEJMAcGA1UEBhMAMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJMAcGA1UEChMAMQkwBwYDVQQLEwAxOTA3BgNVBAMTMG9pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALBtmxl55OH/ceueSG0bRucWkdCLybhWwz+x9J6IOb8Q89d4lcd7xhdkN+9nYEjqQMDrUEFDj2ajikKlxrJk7tZSkbu5skFuxHUETDhjHBqnNQb1jwhAdYzBPFTyQ9Ii7lm0uYTthnBJKvpvjKPoz7H9Vuu15RNDujq7RF6sDGSIJUTaxbx7EM2Xv37iqfSAjaMCvfLelacNHUfCAoyGeJYXCIOnlg2/KdfoN4QHKw9Dwq12Br2vau/TcvbD8Na4b+Mm/NEf00wFjt+MtbMCDyUFMQbsAuAk2eFS3eABb1VOQ9ZZOOcsXwB4nRewWIVVhJyMEixDXxm73G9oJBUpI6sCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhvvrczfcb1xsYJeEiVtctWlLfHXyKkfyJpIU1nTGdKpd18tPv4OeLMyuJsOFenhJD95UauFwz3AT1zdHShp04JHWTtkb7aezFN4C9fpb97BUR0BheoYzkC6pgZ7M4QkkKE/AKYZfWLahqcbZ6ICmUfXyDJ2mWpXLpLm+l6jh32NF74ho8h4b65cMpDk5mFEp9vf1WgnmaWGtFjVuhAgaS8IrYcDy3DzVrZX/0kCPa0EXng7Xx1IkhUaKz0ajx3ZCmC6HmNa6U+oDKboGq7w1ZfscjOr8nB9M0f5BUAQN1m0nGAR1Ac96BMjfwwS/05lpPLF3Dv5CzOGLuIi0Cws7xA\u003d\u003d"
      ],
      "x5t#S256": "PVCDmVgwC-YE7Q8Bfe_9jJ8izpYjwStjUEYZEe-58Y4",
      "n": "sG2bGXnk4f9x655IbRtG5xaR0IvJuFbDP7H0nog5vxDz13iVx3vGF2Q372dgSOpAwOtQQUOPZqOKQqXGsmTu1lKRu7myQW7EdQRMOGMcGqc1BvWPCEB1jME8VPJD0iLuWbS5hO2GcEkq-m-Mo-jPsf1W67XlE0O6OrtEXqwMZIglRNrFvHsQzZe_fuKp9ICNowK98t6Vpw0dR8ICjIZ4lhcIg6eWDb8p1-g3hAcrD0PCrXYGva9q79Ny9sPw1rhv4yb80R_TTAWO34y1swIPJQUxBuwC4CTZ4VLd4AFvVU5D1lk45yxfAHidF7BYhVWEnIwSLENfGbvcb2gkFSkjqw",
      "e": "AQAB"
    }
  ]
}
2022-11-28 05:16:27 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kid": "server",
      "kty": "RSA",
      "use": "sig",
      "x5c": [
        "MIIDYDCCAkigAwIBAgIEIFW8uDANBgkqhkiG9w0BAQsFADByMQkwBwYDVQQGEwAxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYDVQQKEwAxCTAHBgNVBAsTADE5MDcGA1UEAxMwb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tMB4XDTIyMTExNDA0NDI0MFoXDTMyMTExMTA0NDI0MFowcjEJMAcGA1UEBhMAMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJMAcGA1UEChMAMQkwBwYDVQQLEwAxOTA3BgNVBAMTMG9pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALBtmxl55OH/ceueSG0bRucWkdCLybhWwz+x9J6IOb8Q89d4lcd7xhdkN+9nYEjqQMDrUEFDj2ajikKlxrJk7tZSkbu5skFuxHUETDhjHBqnNQb1jwhAdYzBPFTyQ9Ii7lm0uYTthnBJKvpvjKPoz7H9Vuu15RNDujq7RF6sDGSIJUTaxbx7EM2Xv37iqfSAjaMCvfLelacNHUfCAoyGeJYXCIOnlg2/KdfoN4QHKw9Dwq12Br2vau/TcvbD8Na4b+Mm/NEf00wFjt+MtbMCDyUFMQbsAuAk2eFS3eABb1VOQ9ZZOOcsXwB4nRewWIVVhJyMEixDXxm73G9oJBUpI6sCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhvvrczfcb1xsYJeEiVtctWlLfHXyKkfyJpIU1nTGdKpd18tPv4OeLMyuJsOFenhJD95UauFwz3AT1zdHShp04JHWTtkb7aezFN4C9fpb97BUR0BheoYzkC6pgZ7M4QkkKE/AKYZfWLahqcbZ6ICmUfXyDJ2mWpXLpLm+l6jh32NF74ho8h4b65cMpDk5mFEp9vf1WgnmaWGtFjVuhAgaS8IrYcDy3DzVrZX/0kCPa0EXng7Xx1IkhUaKz0ajx3ZCmC6HmNa6U+oDKboGq7w1ZfscjOr8nB9M0f5BUAQN1m0nGAR1Ac96BMjfwwS/05lpPLF3Dv5CzOGLuIi0Cws7xA\u003d\u003d"
      ],
      "x5t#S256": "PVCDmVgwC-YE7Q8Bfe_9jJ8izpYjwStjUEYZEe-58Y4",
      "n": "sG2bGXnk4f9x655IbRtG5xaR0IvJuFbDP7H0nog5vxDz13iVx3vGF2Q372dgSOpAwOtQQUOPZqOKQqXGsmTu1lKRu7myQW7EdQRMOGMcGqc1BvWPCEB1jME8VPJD0iLuWbS5hO2GcEkq-m-Mo-jPsf1W67XlE0O6OrtEXqwMZIglRNrFvHsQzZe_fuKp9ICNowK98t6Vpw0dR8ICjIZ4lhcIg6eWDb8p1-g3hAcrD0PCrXYGva9q79Ny9sPw1rhv4yb80R_TTAWO34y1swIPJQUxBuwC4CTZ4VLd4AFvVU5D1lk45yxfAHidF7BYhVWEnIwSLENfGbvcb2gkFSkjqw",
      "e": "AQAB"
    }
  ]
}
2022-11-28 05:16:27 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2022-11-28 05:16:27 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2022-11-28 05:16:27 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2022-11-28 05:16:27 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2022-11-28 05:16:27
StoreOriginalClientConfiguration
Created original_client_config object from the client configuration.
client_name
Ristretto Core Conformance Test Dynamic Client One
2022-11-28 05:16:27
ExtractClientNameFromStoredConfig
Extracted client_name from stored client configuration.
client_name
Ristretto Core Conformance Test Dynamic Client One
2022-11-28 05:16:27
AddQueryToRedirectUri
Updated redirect_uri
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar=foo
2022-11-28 05:16:27 SUCCESS
GenerateRS256ClientJWKs
Generated client JWKs
client_jwks
{
  "keys": [
    {
      "p": "yYmixsVBrWSmA_zziwufZnsvA7VhU0-kpQ1nFEhaTrp1nmjTIklHtmvrKPiQVeGRR9IVYdHv4mGcj6q3wCsmTjNWhPVBDZcf6QYjwBzlx8GeSWNDAuEsFw9M1wNjF4E-Z8xaTw6huLTIF0jwsq_71aOowrXvDNEoliJly6CSc9c",
      "kty": "RSA",
      "q": "wJ1FJITHZhV0XUVr96C14fuiJhFS_PD2j-uPIDYMfjZ31WtVKep_Hy2u4QwccznOiMM4PfPvX8Idy7xAiNGfr3jtNoWdGxfCeoA6l3j-lb19FOayLEcoUIsYtfz6K7m4w1Cy2vM03iZvcFHmA3Okn-51Zx10y7eaoDr_qrf1q9M",
      "d": "b_XkjRdE115zHPzbPOjHhfn6DxC7wJeG_Wv496QWYfRqcaFdll6_Uq9TJjthoP9jcbm6U7Bp_ZrnLjFpyNtXcXD7cTOIcg-yqc6z060apfbQcD7m0AE7gIZR64xdlJKVCDrwM8KvUV5B5ERlnpmMwq8dFb6UCyouFp7U3HIs0Oeq9twX3V86LuXsqJxNPDW1AVZkpLCi4h3934JRsJsyD1GzB1SFWea1lli2OIqI4JomRobnEPIhu9YdlOfYqfOd6Oh9zZJ6zwrXwLky2Gkscjkd6W3mwcyj8m-5qYNGNhcoQXSpMdQfQ95VHO_WZCwHPoiRK4YxO9lMQgwWe5oxvQ",
      "e": "AQAB",
      "use": "sig",
      "qi": "xGKsbaMSD_HyB0gkLcLK0nnCiU1AKXq5tRdKHNRvpcX8qW8r4sevZuyPN4OG_xHvuPx4DnPCdeACdNE93Zi7OBSD235MFy60cFNLFn7wL7qbgCJChL8J6J715b6Ggk8ITxLo7SFqXoK-wu64kWH4I5P6Gq9NyUmKOxMFMD99o6s",
      "dp": "eC_fZeB-4VOzeY9hAdvFjI0LpY-GYfOOAWwzu7HGQUsLF5P1zW2cGZrUG5PYJ48kX4tWewaCoyOJBVhOyogxCNOu1g2YZO1p90JVEZ1qHq1FowhSDyaPb5UNQvBfKMZHnAkPFjRol0kgRlqWSEmQyoAWBUAQNjmJlbcfs8anb_M",
      "alg": "RS256",
      "dq": "u-TvPReV2FyXfiEpmI-avg8Vd2Mw_HQnYe_dWAPBniGONpAUrOYHCigrT3fcDP9YHYuqwqzCVzxqioNixNUQnEEvzh77SiGcYpnSDk9GslX9vbTqHE1x41g9S9KzTJJIzadcQkA703XVAdGyuq1F64nX1zYh6FR8L1A-dZAsxGc",
      "n": "l6MJ7MCapLsFL9zUiaL8RjOlSOQOCYz-aZ-xzhMA4jwcv6P79Om4YqY5r1APTVCaO7xIS9vHorPDa2IyMoI4jyQR2dmx-WM_Xy1iiWtW_yU4cxMWmbAkqV4oGdnG8Sv00f0dG0Q0e0wUAuPeunEja71RXdMSgoxtDRlHxZaWyKeNtb-ljCwFwmyXX3cRavFY8bNcp6wIGuaITMTXQRsPgiY8nh-isAdapmlX7UjXJ2DjWiAGA_pT885iNg557wOwAEzje0AOOnM4IrIu24UWrjdUQCCJA69PLsl6PMfwHoE5idweo_y31kSpGEkqwGKjHS_mlaGRfoHVXF3UudkXNQ"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "l6MJ7MCapLsFL9zUiaL8RjOlSOQOCYz-aZ-xzhMA4jwcv6P79Om4YqY5r1APTVCaO7xIS9vHorPDa2IyMoI4jyQR2dmx-WM_Xy1iiWtW_yU4cxMWmbAkqV4oGdnG8Sv00f0dG0Q0e0wUAuPeunEja71RXdMSgoxtDRlHxZaWyKeNtb-ljCwFwmyXX3cRavFY8bNcp6wIGuaITMTXQRsPgiY8nh-isAdapmlX7UjXJ2DjWiAGA_pT885iNg557wOwAEzje0AOOnM4IrIu24UWrjdUQCCJA69PLsl6PMfwHoE5idweo_y31kSpGEkqwGKjHS_mlaGRfoHVXF3UudkXNQ"
    }
  ]
}
2022-11-28 05:16:27 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2022-11-28 05:16:27
CreateEmptyDynamicRegistrationRequest
Created empty dynamic registration request
2022-11-28 05:16:27
AddClientNameToDynamicRegistrationRequest
Added client_name to registration request
client_name
Ristretto Core Conformance Test Dynamic Client One voHAp9AN5gZjmzP
2022-11-28 05:16:27
AddAuthorizationCodeGrantTypeToDynamicRegistrationRequest
Added 'authorization_code' to 'grant_types'
grant_types
[
  "authorization_code"
]
2022-11-28 05:16:27
AddImplicitGrantTypeToDynamicRegistrationRequest
Added 'implicit' to 'grant_types'
grant_types
[
  "authorization_code",
  "implicit"
]
2022-11-28 05:16:27
AddPublicJwksToDynamicRegistrationRequest
Added client public JWKS to dynamic registration request
dynamic_registration_request
{
  "client_name": "Ristretto Core Conformance Test Dynamic Client One voHAp9AN5gZjmzP",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "l6MJ7MCapLsFL9zUiaL8RjOlSOQOCYz-aZ-xzhMA4jwcv6P79Om4YqY5r1APTVCaO7xIS9vHorPDa2IyMoI4jyQR2dmx-WM_Xy1iiWtW_yU4cxMWmbAkqV4oGdnG8Sv00f0dG0Q0e0wUAuPeunEja71RXdMSgoxtDRlHxZaWyKeNtb-ljCwFwmyXX3cRavFY8bNcp6wIGuaITMTXQRsPgiY8nh-isAdapmlX7UjXJ2DjWiAGA_pT885iNg557wOwAEzje0AOOnM4IrIu24UWrjdUQCCJA69PLsl6PMfwHoE5idweo_y31kSpGEkqwGKjHS_mlaGRfoHVXF3UudkXNQ"
      }
    ]
  }
}
2022-11-28 05:16:27
AddTokenEndpointAuthMethodToDynamicRegistrationRequestFromEnvironment
Added token endpoint auth method to dynamic registration request
dynamic_registration_request
{
  "client_name": "Ristretto Core Conformance Test Dynamic Client One voHAp9AN5gZjmzP",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "l6MJ7MCapLsFL9zUiaL8RjOlSOQOCYz-aZ-xzhMA4jwcv6P79Om4YqY5r1APTVCaO7xIS9vHorPDa2IyMoI4jyQR2dmx-WM_Xy1iiWtW_yU4cxMWmbAkqV4oGdnG8Sv00f0dG0Q0e0wUAuPeunEja71RXdMSgoxtDRlHxZaWyKeNtb-ljCwFwmyXX3cRavFY8bNcp6wIGuaITMTXQRsPgiY8nh-isAdapmlX7UjXJ2DjWiAGA_pT885iNg557wOwAEzje0AOOnM4IrIu24UWrjdUQCCJA69PLsl6PMfwHoE5idweo_y31kSpGEkqwGKjHS_mlaGRfoHVXF3UudkXNQ"
      }
    ]
  },
  "token_endpoint_auth_method": "private_key_jwt"
}
2022-11-28 05:16:27
AddResponseTypesArrayToDynamicRegistrationRequestFromEnvironment
Added response_types array to dynamic registration request
dynamic_registration_request
{
  "client_name": "Ristretto Core Conformance Test Dynamic Client One voHAp9AN5gZjmzP",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "l6MJ7MCapLsFL9zUiaL8RjOlSOQOCYz-aZ-xzhMA4jwcv6P79Om4YqY5r1APTVCaO7xIS9vHorPDa2IyMoI4jyQR2dmx-WM_Xy1iiWtW_yU4cxMWmbAkqV4oGdnG8Sv00f0dG0Q0e0wUAuPeunEja71RXdMSgoxtDRlHxZaWyKeNtb-ljCwFwmyXX3cRavFY8bNcp6wIGuaITMTXQRsPgiY8nh-isAdapmlX7UjXJ2DjWiAGA_pT885iNg557wOwAEzje0AOOnM4IrIu24UWrjdUQCCJA69PLsl6PMfwHoE5idweo_y31kSpGEkqwGKjHS_mlaGRfoHVXF3UudkXNQ"
      }
    ]
  },
  "token_endpoint_auth_method": "private_key_jwt",
  "response_types": [
    "code id_token"
  ]
}
2022-11-28 05:16:27
AddRedirectUriToDynamicRegistrationRequest
Added redirect_uris array to dynamic registration request
dynamic_registration_request
{
  "client_name": "Ristretto Core Conformance Test Dynamic Client One voHAp9AN5gZjmzP",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "l6MJ7MCapLsFL9zUiaL8RjOlSOQOCYz-aZ-xzhMA4jwcv6P79Om4YqY5r1APTVCaO7xIS9vHorPDa2IyMoI4jyQR2dmx-WM_Xy1iiWtW_yU4cxMWmbAkqV4oGdnG8Sv00f0dG0Q0e0wUAuPeunEja71RXdMSgoxtDRlHxZaWyKeNtb-ljCwFwmyXX3cRavFY8bNcp6wIGuaITMTXQRsPgiY8nh-isAdapmlX7UjXJ2DjWiAGA_pT885iNg557wOwAEzje0AOOnM4IrIu24UWrjdUQCCJA69PLsl6PMfwHoE5idweo_y31kSpGEkqwGKjHS_mlaGRfoHVXF3UudkXNQ"
      }
    ]
  },
  "token_endpoint_auth_method": "private_key_jwt",
  "response_types": [
    "code id_token"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar\u003dfoo"
  ]
}
2022-11-28 05:16:27
AddContactsToDynamicRegistrationRequest
Added contacts array to dynamic registration request
dynamic_registration_request
{
  "client_name": "Ristretto Core Conformance Test Dynamic Client One voHAp9AN5gZjmzP",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "l6MJ7MCapLsFL9zUiaL8RjOlSOQOCYz-aZ-xzhMA4jwcv6P79Om4YqY5r1APTVCaO7xIS9vHorPDa2IyMoI4jyQR2dmx-WM_Xy1iiWtW_yU4cxMWmbAkqV4oGdnG8Sv00f0dG0Q0e0wUAuPeunEja71RXdMSgoxtDRlHxZaWyKeNtb-ljCwFwmyXX3cRavFY8bNcp6wIGuaITMTXQRsPgiY8nh-isAdapmlX7UjXJ2DjWiAGA_pT885iNg557wOwAEzje0AOOnM4IrIu24UWrjdUQCCJA69PLsl6PMfwHoE5idweo_y31kSpGEkqwGKjHS_mlaGRfoHVXF3UudkXNQ"
      }
    ]
  },
  "token_endpoint_auth_method": "private_key_jwt",
  "response_types": [
    "code id_token"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar\u003dfoo"
  ],
  "contacts": [
    "certification@oidf.org"
  ]
}
2022-11-28 05:16:27
CallDynamicRegistrationEndpoint
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register
request_method
POST
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "content-type": "application/json",
  "content-length": "773"
}
request_body
{"client_name":"Ristretto Core Conformance Test Dynamic Client One voHAp9AN5gZjmzP","grant_types":["authorization_code","implicit"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"l6MJ7MCapLsFL9zUiaL8RjOlSOQOCYz-aZ-xzhMA4jwcv6P79Om4YqY5r1APTVCaO7xIS9vHorPDa2IyMoI4jyQR2dmx-WM_Xy1iiWtW_yU4cxMWmbAkqV4oGdnG8Sv00f0dG0Q0e0wUAuPeunEja71RXdMSgoxtDRlHxZaWyKeNtb-ljCwFwmyXX3cRavFY8bNcp6wIGuaITMTXQRsPgiY8nh-isAdapmlX7UjXJ2DjWiAGA_pT885iNg557wOwAEzje0AOOnM4IrIu24UWrjdUQCCJA69PLsl6PMfwHoE5idweo_y31kSpGEkqwGKjHS_mlaGRfoHVXF3UudkXNQ"}]},"token_endpoint_auth_method":"private_key_jwt","response_types":["code id_token"],"redirect_uris":["https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar=foo"],"contacts":["certification@oidf.org"]}
2022-11-28 05:16:29 RESPONSE
CallDynamicRegistrationEndpoint
HTTP response
response_status_code
201 CREATED
response_status_text
Created
response_headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-content-type-options": "nosniff",
  "cache-control": "no-store",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK933c4a09-6cfa-4e55-8958-ef0d309487bf",
  "pragma": "no-cache",
  "x-global-transaction-id": "efc5c2816384442b01d9ed1b",
  "content-length": "1441",
  "date": "Mon, 28 Nov 2022 05:16:29 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:bvzUI6AijP3s8Bh/Z5HcJi1dhxY+qaVphkVtTiOMR4s\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:61017047; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003dD75D1FDC7B303600B91B5D9CEB2C1ADD~-1~YAAQXXYGF0v44oSEAQAAulCqvAh67hblQo3SzLBqKOV0Ch5Hgr89JkoAxxNG6IH5sDhZPYdT0ZbnLXVfhHFa3jDW2l7yHRR7ysEE8dpX/o+buXATQhMxn5NOGMub2WbbyxzKFe/Ivm+TUUJ1+j9zqa0eHCUcpNnfFXCZd+0laTb5MEmI7SEfPv80pY57+C1B0QED43i0RSVGmbAWaAppx04/MAfRsavSdLBAtTRDDUnFP3zQ79xPQ6bW6Ctz5qyzUL8zqme5Fh70LDVxW+DUHbNHn3SNmSRNw7i5z4FafNtOP9U0eefAL9K4dGnG5v8rH005NCgjHBPeDFwMXHmZ9r5emzvcoPzK7mUOyvxqXYFfACNxutk1e+ASNwSd8i1mmaXu1HM\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dTue, 28 Nov 2023 05:16:29 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d91D4E025B3D88AD1CCA10523D1E6A0B2~YAAQXXYGF0z44oSEAQAAulCqvBHFrBA6n2lh+Ej7/MNR/kaoAs4sktem6WVvCTe2/uqF7LSZUlgfeMY8kgXLQXbQubvoOZ10lfTB27VSBGzbUuxcyknFgmF2FsFw1LWR0iw7s+r6uzk7uRaig19I7LX2abO1a23kk2spt7Yw9xa2OwHw0r6J1Tv9fnsyJuezwa8vTB0qp1ZIDz6urJRQZEStwbPJHjX4RkLlCuXysyYbbgsrb96JE6eSdOSN3UJyx6//r9DwW46eD69O68e5CIqwRCPktq0ZAc+mV0rNO9ZBF/Q2NuL1M6Vx6j4X~3686982~4473394; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 28 Nov 2022 09:16:27 GMT; Max-Age\u003d14398; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d139",
    "origin; dur\u003d1587"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body
{"all_users_entitled":true,"client_id":"60449220-f6df-440f-9864-0c8e88cc2551","client_id_issued_at":"2022-11-28T05:16:27Z","client_name":"Ristretto Core Conformance Test Dynamic Client One voHAp9AN5gZjmzP","client_secret":"2AIFVZGI0G","client_secret_expires_at":0,"consent_action":"always_prompt","enforce_pkce":false,"grant_types":["authorization_code","implicit"],"id_token_map":[],"id_token_signed_response_alg":"RS256","initiate_login_uri":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com","jwks":{"keys":[{"use":"sig","kty":"RSA","alg":"RS256","n":"l6MJ7MCapLsFL9zUiaL8RjOlSOQOCYz-aZ-xzhMA4jwcv6P79Om4YqY5r1APTVCaO7xIS9vHorPDa2IyMoI4jyQR2dmx-WM_Xy1iiWtW_yU4cxMWmbAkqV4oGdnG8Sv00f0dG0Q0e0wUAuPeunEja71RXdMSgoxtDRlHxZaWyKeNtb-ljCwFwmyXX3cRavFY8bNcp6wIGuaITMTXQRsPgiY8nh-isAdapmlX7UjXJ2DjWiAGA_pT885iNg557wOwAEzje0AOOnM4IrIu24UWrjdUQCCJA69PLsl6PMfwHoE5idweo_y31kSpGEkqwGKjHS_mlaGRfoHVXF3UudkXNQ","e":"AQAB"}]},"redirect_uris":["https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar=foo"],"registration_access_token":"WjBrVIDmG5MMAsJ09spF6u2kcWW5F-q_lsrggM9CWzI.G1J9R5ZKmLk9Jzrn5TMEXcT9miMgIaALKL1LgkC2nPBFgKgOmVWzooWGpB08fyyAnX7CF0C3sMCKSVrLVN0jkg.M18xNjY5NjEyNTg5XzE4","registration_client_uri":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register/60449220-f6df-440f-9864-0c8e88cc2551","response_types":["code id_token"],"token_endpoint_auth_method":"private_key_jwt","token_map":[]}
2022-11-28 05:16:29
CallDynamicRegistrationEndpoint
Parsed registration endpoint response
status
201
endpoint_name
dynamic registration
headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-content-type-options": "nosniff",
  "cache-control": "no-store",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK933c4a09-6cfa-4e55-8958-ef0d309487bf",
  "pragma": "no-cache",
  "x-global-transaction-id": "efc5c2816384442b01d9ed1b",
  "content-length": "1441",
  "date": "Mon, 28 Nov 2022 05:16:29 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:bvzUI6AijP3s8Bh/Z5HcJi1dhxY+qaVphkVtTiOMR4s\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:61017047; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003dD75D1FDC7B303600B91B5D9CEB2C1ADD~-1~YAAQXXYGF0v44oSEAQAAulCqvAh67hblQo3SzLBqKOV0Ch5Hgr89JkoAxxNG6IH5sDhZPYdT0ZbnLXVfhHFa3jDW2l7yHRR7ysEE8dpX/o+buXATQhMxn5NOGMub2WbbyxzKFe/Ivm+TUUJ1+j9zqa0eHCUcpNnfFXCZd+0laTb5MEmI7SEfPv80pY57+C1B0QED43i0RSVGmbAWaAppx04/MAfRsavSdLBAtTRDDUnFP3zQ79xPQ6bW6Ctz5qyzUL8zqme5Fh70LDVxW+DUHbNHn3SNmSRNw7i5z4FafNtOP9U0eefAL9K4dGnG5v8rH005NCgjHBPeDFwMXHmZ9r5emzvcoPzK7mUOyvxqXYFfACNxutk1e+ASNwSd8i1mmaXu1HM\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dTue, 28 Nov 2023 05:16:29 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d91D4E025B3D88AD1CCA10523D1E6A0B2~YAAQXXYGF0z44oSEAQAAulCqvBHFrBA6n2lh+Ej7/MNR/kaoAs4sktem6WVvCTe2/uqF7LSZUlgfeMY8kgXLQXbQubvoOZ10lfTB27VSBGzbUuxcyknFgmF2FsFw1LWR0iw7s+r6uzk7uRaig19I7LX2abO1a23kk2spt7Yw9xa2OwHw0r6J1Tv9fnsyJuezwa8vTB0qp1ZIDz6urJRQZEStwbPJHjX4RkLlCuXysyYbbgsrb96JE6eSdOSN3UJyx6//r9DwW46eD69O68e5CIqwRCPktq0ZAc+mV0rNO9ZBF/Q2NuL1M6Vx6j4X~3686982~4473394; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 28 Nov 2022 09:16:27 GMT; Max-Age\u003d14398; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d139",
    "origin; dur\u003d1587"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
body
{"all_users_entitled":true,"client_id":"60449220-f6df-440f-9864-0c8e88cc2551","client_id_issued_at":"2022-11-28T05:16:27Z","client_name":"Ristretto Core Conformance Test Dynamic Client One voHAp9AN5gZjmzP","client_secret":"2AIFVZGI0G","client_secret_expires_at":0,"consent_action":"always_prompt","enforce_pkce":false,"grant_types":["authorization_code","implicit"],"id_token_map":[],"id_token_signed_response_alg":"RS256","initiate_login_uri":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com","jwks":{"keys":[{"use":"sig","kty":"RSA","alg":"RS256","n":"l6MJ7MCapLsFL9zUiaL8RjOlSOQOCYz-aZ-xzhMA4jwcv6P79Om4YqY5r1APTVCaO7xIS9vHorPDa2IyMoI4jyQR2dmx-WM_Xy1iiWtW_yU4cxMWmbAkqV4oGdnG8Sv00f0dG0Q0e0wUAuPeunEja71RXdMSgoxtDRlHxZaWyKeNtb-ljCwFwmyXX3cRavFY8bNcp6wIGuaITMTXQRsPgiY8nh-isAdapmlX7UjXJ2DjWiAGA_pT885iNg557wOwAEzje0AOOnM4IrIu24UWrjdUQCCJA69PLsl6PMfwHoE5idweo_y31kSpGEkqwGKjHS_mlaGRfoHVXF3UudkXNQ","e":"AQAB"}]},"redirect_uris":["https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar=foo"],"registration_access_token":"WjBrVIDmG5MMAsJ09spF6u2kcWW5F-q_lsrggM9CWzI.G1J9R5ZKmLk9Jzrn5TMEXcT9miMgIaALKL1LgkC2nPBFgKgOmVWzooWGpB08fyyAnX7CF0C3sMCKSVrLVN0jkg.M18xNjY5NjEyNTg5XzE4","registration_client_uri":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register/60449220-f6df-440f-9864-0c8e88cc2551","response_types":["code id_token"],"token_endpoint_auth_method":"private_key_jwt","token_map":[]}
body_json
{
  "all_users_entitled": true,
  "client_id": "60449220-f6df-440f-9864-0c8e88cc2551",
  "client_id_issued_at": "2022-11-28T05:16:27Z",
  "client_name": "Ristretto Core Conformance Test Dynamic Client One voHAp9AN5gZjmzP",
  "client_secret": "2AIFVZGI0G",
  "client_secret_expires_at": 0,
  "consent_action": "always_prompt",
  "enforce_pkce": false,
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "id_token_map": [],
  "id_token_signed_response_alg": "RS256",
  "initiate_login_uri": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com",
  "jwks": {
    "keys": [
      {
        "use": "sig",
        "kty": "RSA",
        "alg": "RS256",
        "n": "l6MJ7MCapLsFL9zUiaL8RjOlSOQOCYz-aZ-xzhMA4jwcv6P79Om4YqY5r1APTVCaO7xIS9vHorPDa2IyMoI4jyQR2dmx-WM_Xy1iiWtW_yU4cxMWmbAkqV4oGdnG8Sv00f0dG0Q0e0wUAuPeunEja71RXdMSgoxtDRlHxZaWyKeNtb-ljCwFwmyXX3cRavFY8bNcp6wIGuaITMTXQRsPgiY8nh-isAdapmlX7UjXJ2DjWiAGA_pT885iNg557wOwAEzje0AOOnM4IrIu24UWrjdUQCCJA69PLsl6PMfwHoE5idweo_y31kSpGEkqwGKjHS_mlaGRfoHVXF3UudkXNQ",
        "e": "AQAB"
      }
    ]
  },
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar\u003dfoo"
  ],
  "registration_access_token": "WjBrVIDmG5MMAsJ09spF6u2kcWW5F-q_lsrggM9CWzI.G1J9R5ZKmLk9Jzrn5TMEXcT9miMgIaALKL1LgkC2nPBFgKgOmVWzooWGpB08fyyAnX7CF0C3sMCKSVrLVN0jkg.M18xNjY5NjEyNTg5XzE4",
  "registration_client_uri": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register/60449220-f6df-440f-9864-0c8e88cc2551",
  "response_types": [
    "code id_token"
  ],
  "token_endpoint_auth_method": "private_key_jwt",
  "token_map": []
}
2022-11-28 05:16:29 SUCCESS
EnsureContentTypeJson
endpoint_response Content-Type: header is application/json
2022-11-28 05:16:29 SUCCESS
EnsureHttpStatusCodeIs201
dynamic registration endpoint returned the expected http status
expected_status
201
http_status
201
2022-11-28 05:16:29 SUCCESS
CheckNoErrorFromDynamicRegistrationEndpoint
Dynamic registration endpoint did not return an error.
2022-11-28 05:16:29 SUCCESS
ExtractDynamicRegistrationResponse
Extracted client from dynamic registration response
client_id
60449220-f6df-440f-9864-0c8e88cc2551
2022-11-28 05:16:29 SUCCESS
VerifyClientManagementCredentials
Verified dynamic registration management credentials
registration_client_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register/60449220-f6df-440f-9864-0c8e88cc2551
registration_access_token
WjBrVIDmG5MMAsJ09spF6u2kcWW5F-q_lsrggM9CWzI.G1J9R5ZKmLk9Jzrn5TMEXcT9miMgIaALKL1LgkC2nPBFgKgOmVWzooWGpB08fyyAnX7CF0C3sMCKSVrLVN0jkg.M18xNjY5NjEyNTg5XzE4
2022-11-28 05:16:29
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
2022-11-28 05:16:29 SUCCESS
EnsureServerConfigurationSupportsPrivateKeyJwt
Found supported private_key_jwt method
method
private_key_jwt
2022-11-28 05:16:29 SUCCESS
SetProtectedResourceUrlToUserInfoEndpoint
userinfo_endpoint will be used to test access token. The user info is not a mandatory to implement feature in the OpenID Connect specification, but is mandatory for certification.
protected_resource_url
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/userinfo
2022-11-28 05:16:29
oidcc-redirect-uri-query-OK
Setup Done
Make request to authorization endpoint
2022-11-28 05:16:29 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
60449220-f6df-440f-9864-0c8e88cc2551
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar=foo
scope
openid
2022-11-28 05:16:29
CreateRandomStateValue
Created state value
requested_state_length
10
state
8BDe7SBIY6
2022-11-28 05:16:29 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
60449220-f6df-440f-9864-0c8e88cc2551
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar=foo
scope
openid
state
8BDe7SBIY6
2022-11-28 05:16:29
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
vSj8nikXkU
2022-11-28 05:16:29 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
60449220-f6df-440f-9864-0c8e88cc2551
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar=foo
scope
openid
state
8BDe7SBIY6
nonce
vSj8nikXkU
2022-11-28 05:16:29 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
60449220-f6df-440f-9864-0c8e88cc2551
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar=foo
scope
openid
state
8BDe7SBIY6
nonce
vSj8nikXkU
response_type
code id_token
2022-11-28 05:16:29 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
auth_request
{
  "client_id": "60449220-f6df-440f-9864-0c8e88cc2551",
  "redirect_uri": "https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar\u003dfoo",
  "scope": "openid",
  "state": "8BDe7SBIY6",
  "nonce": "vSj8nikXkU",
  "response_type": "code id_token"
}
redirect_to_authorization_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/authorize?client_id=60449220-f6df-440f-9864-0c8e88cc2551&redirect_uri=https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar%3Dfoo&scope=openid&state=8BDe7SBIY6&nonce=vSj8nikXkU&response_type=code%20id_token
2022-11-28 05:16:29 REDIRECT
oidcc-redirect-uri-query-OK
Redirecting to authorization endpoint
redirect_to
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/authorize?client_id=60449220-f6df-440f-9864-0c8e88cc2551&redirect_uri=https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar%3Dfoo&scope=openid&state=8BDe7SBIY6&nonce=vSj8nikXkU&response_type=code%20id_token
2022-11-28 05:16:55 INCOMING
oidcc-redirect-uri-query-OK
Incoming HTTP request to /test/a/isv_op_oidc_core_test/callback
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "sec-ch-ua-mobile": "?0",
  "sec-ch-ua-platform": "\"Windows\"",
  "referer": "https://www.certification.openid.net/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9,zh-CN;q\u003d0.8,zh;q\u003d0.7",
  "cookie": "__utmc\u003d201319536; __utma\u003d201319536.1094656506.1667372526.1669192421.1669574146.18; __utmz\u003d201319536.1669574146.18.4.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d3F138883B59A4562B9987C6E0F96FA4F",
  "connection": "close"
}
incoming_path
/test/a/isv_op_oidc_core_test/callback
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{
  "bar": "foo"
}
incoming_body
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json
2022-11-28 05:16:55 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/IoQXPehvLcjvWyKCLmWI",
  "fullUrl": "https://www.certification.openid.net/test/a/isv_op_oidc_core_test/implicit/IoQXPehvLcjvWyKCLmWI"
}
2022-11-28 05:16:55 OUTGOING
oidcc-redirect-uri-query-OK
Response to HTTP request to test instance voHAp9AN5gZjmzP
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/isv_op_oidc_core_test/implicit/IoQXPehvLcjvWyKCLmWI, returnUrl=/log-detail.html?log=voHAp9AN5gZjmzP}]
outgoing_path
callback
2022-11-28 05:16:56 INCOMING
oidcc-redirect-uri-query-OK
Incoming HTTP request to /test/a/isv_op_oidc_core_test/implicit/IoQXPehvLcjvWyKCLmWI
incoming_headers
{
  "host": "www.certification.openid.net",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "accept": "*/*",
  "content-type": "text/plain",
  "x-requested-with": "XMLHttpRequest",
  "sec-ch-ua-mobile": "?0",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "sec-ch-ua-platform": "\"Windows\"",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar\u003dfoo",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9,zh-CN;q\u003d0.8,zh;q\u003d0.7",
  "cookie": "__utmc\u003d201319536; __utma\u003d201319536.1094656506.1667372526.1669192421.1669574146.18; __utmz\u003d201319536.1669574146.18.4.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d3F138883B59A4562B9987C6E0F96FA4F",
  "connection": "close",
  "content-length": "1278"
}
incoming_path
/test/a/isv_op_oidc_core_test/implicit/IoQXPehvLcjvWyKCLmWI
incoming_body_form_params
incoming_method
POST
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{}
incoming_body
#code=-HEySPEjv30CA1rq8BQoN-kRxUl3SdxnOHd_VXnziAs.r4zXDzjfCBcb4tcNUW7qsw1bJkZkSWzVHocoTEkmo7XxfVUvGPzMmWFvxc6GPKcvvMCBhBveCi7RNGOSv96NDg&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF1ZCI6WyI2MDQ0OTIyMC1mNmRmLTQ0MGYtOTg2NC0wYzhlODhjYzI1NTEiXSwiYXV0aF90aW1lIjoxNjY5NjEyMjc1LCJjX2hhc2giOiJQN3Y1MEhvMktuUGZNV0ZBWS1sSVBBIiwiZXhwIjoxNjY5NjE5ODE1LCJpYXQiOjE2Njk2MTI2MTUsImlzcyI6Imh0dHBzOi8vb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tL29hdXRoMiIsImp0aSI6IjRkYTgyY2VlLTE5NDgtNDM1Yy1hYWQxLTVkYjg1MjFjZmQ5NCIsIm5hbWUiOiJJU1YgRGV2Iiwibm9uY2UiOiJ2U2o4bmlrWGtVIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiaXN2ZGV2QGlibS5jb20iLCJyYXQiOjE2Njk2MTI2MTUsInJlYWxtTmFtZSI6ImNsb3VkSWRlbnRpdHlSZWFsbSIsInNfaGFzaCI6Ik1jalFabEZsY3FDOWhlV0dpcGFGMGciLCJzdWIiOiI2MTYwMDE3TjY3In0.la4GH4O6oXysBr8--ljcCTebjt_18atxr09Z-CoCvQl8b1gAG1ISBxxnqXiFQtByZcipYLRfhBcSpGJRg-ErT3mO5UJZEE23pE6Ok-7uMfO0FtQm2a0tQX8JW3McA0rm3hMX3SqQ8vhG5KjLmcBPjzYEsm5JLHkyL8MZHnUd8MW2INw5V8C2MBhDCW6BeWedUA3dtGRqxbEpDOJjWM7Q5PpU_gMtNFSXTtO4aTGRvDf4zheVXAFF6UjMK6XZc205q-csFCTk5U9CzMY_5sns3OrS7h1CqeTPKlj1Klk0V2xot8mdSfsLCwy9J4-u4iSDgp-W5MGOFRHHXtqyzJk5BQ&iss=https%3A%2F%2Foidc-conformance.rel.verify.ibmcloudsecurity.com%2Foauth2&state=8BDe7SBIY6
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json
2022-11-28 05:16:56 OUTGOING
oidcc-redirect-uri-query-OK
Response to HTTP request to test instance voHAp9AN5gZjmzP
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/IoQXPehvLcjvWyKCLmWI
2022-11-28 05:16:56
ExtractImplicitHashToCallbackResponse
Extracted response from URL fragment
parameters
[
  {
    "name": "code",
    "value": "-HEySPEjv30CA1rq8BQoN-kRxUl3SdxnOHd_VXnziAs.r4zXDzjfCBcb4tcNUW7qsw1bJkZkSWzVHocoTEkmo7XxfVUvGPzMmWFvxc6GPKcvvMCBhBveCi7RNGOSv96NDg"
  },
  {
    "name": "id_token",
    "value": "eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF1ZCI6WyI2MDQ0OTIyMC1mNmRmLTQ0MGYtOTg2NC0wYzhlODhjYzI1NTEiXSwiYXV0aF90aW1lIjoxNjY5NjEyMjc1LCJjX2hhc2giOiJQN3Y1MEhvMktuUGZNV0ZBWS1sSVBBIiwiZXhwIjoxNjY5NjE5ODE1LCJpYXQiOjE2Njk2MTI2MTUsImlzcyI6Imh0dHBzOi8vb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tL29hdXRoMiIsImp0aSI6IjRkYTgyY2VlLTE5NDgtNDM1Yy1hYWQxLTVkYjg1MjFjZmQ5NCIsIm5hbWUiOiJJU1YgRGV2Iiwibm9uY2UiOiJ2U2o4bmlrWGtVIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiaXN2ZGV2QGlibS5jb20iLCJyYXQiOjE2Njk2MTI2MTUsInJlYWxtTmFtZSI6ImNsb3VkSWRlbnRpdHlSZWFsbSIsInNfaGFzaCI6Ik1jalFabEZsY3FDOWhlV0dpcGFGMGciLCJzdWIiOiI2MTYwMDE3TjY3In0.la4GH4O6oXysBr8--ljcCTebjt_18atxr09Z-CoCvQl8b1gAG1ISBxxnqXiFQtByZcipYLRfhBcSpGJRg-ErT3mO5UJZEE23pE6Ok-7uMfO0FtQm2a0tQX8JW3McA0rm3hMX3SqQ8vhG5KjLmcBPjzYEsm5JLHkyL8MZHnUd8MW2INw5V8C2MBhDCW6BeWedUA3dtGRqxbEpDOJjWM7Q5PpU_gMtNFSXTtO4aTGRvDf4zheVXAFF6UjMK6XZc205q-csFCTk5U9CzMY_5sns3OrS7h1CqeTPKlj1Klk0V2xot8mdSfsLCwy9J4-u4iSDgp-W5MGOFRHHXtqyzJk5BQ"
  },
  {
    "name": "iss",
    "value": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2"
  },
  {
    "name": "state",
    "value": "8BDe7SBIY6"
  }
]
2022-11-28 05:16:56 SUCCESS
ExtractImplicitHashToCallbackResponse
Extracted the hash values
code
-HEySPEjv30CA1rq8BQoN-kRxUl3SdxnOHd_VXnziAs.r4zXDzjfCBcb4tcNUW7qsw1bJkZkSWzVHocoTEkmo7XxfVUvGPzMmWFvxc6GPKcvvMCBhBveCi7RNGOSv96NDg
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF1ZCI6WyI2MDQ0OTIyMC1mNmRmLTQ0MGYtOTg2NC0wYzhlODhjYzI1NTEiXSwiYXV0aF90aW1lIjoxNjY5NjEyMjc1LCJjX2hhc2giOiJQN3Y1MEhvMktuUGZNV0ZBWS1sSVBBIiwiZXhwIjoxNjY5NjE5ODE1LCJpYXQiOjE2Njk2MTI2MTUsImlzcyI6Imh0dHBzOi8vb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tL29hdXRoMiIsImp0aSI6IjRkYTgyY2VlLTE5NDgtNDM1Yy1hYWQxLTVkYjg1MjFjZmQ5NCIsIm5hbWUiOiJJU1YgRGV2Iiwibm9uY2UiOiJ2U2o4bmlrWGtVIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiaXN2ZGV2QGlibS5jb20iLCJyYXQiOjE2Njk2MTI2MTUsInJlYWxtTmFtZSI6ImNsb3VkSWRlbnRpdHlSZWFsbSIsInNfaGFzaCI6Ik1jalFabEZsY3FDOWhlV0dpcGFGMGciLCJzdWIiOiI2MTYwMDE3TjY3In0.la4GH4O6oXysBr8--ljcCTebjt_18atxr09Z-CoCvQl8b1gAG1ISBxxnqXiFQtByZcipYLRfhBcSpGJRg-ErT3mO5UJZEE23pE6Ok-7uMfO0FtQm2a0tQX8JW3McA0rm3hMX3SqQ8vhG5KjLmcBPjzYEsm5JLHkyL8MZHnUd8MW2INw5V8C2MBhDCW6BeWedUA3dtGRqxbEpDOJjWM7Q5PpU_gMtNFSXTtO4aTGRvDf4zheVXAFF6UjMK6XZc205q-csFCTk5U9CzMY_5sns3OrS7h1CqeTPKlj1Klk0V2xot8mdSfsLCwy9J4-u4iSDgp-W5MGOFRHHXtqyzJk5BQ
iss
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2
state
8BDe7SBIY6
2022-11-28 05:16:56 REDIRECT-IN
oidcc-redirect-uri-query-OK
Authorization endpoint response captured
url_query
{
  "bar": "foo"
}
headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "sec-ch-ua-mobile": "?0",
  "sec-ch-ua-platform": "\"Windows\"",
  "referer": "https://www.certification.openid.net/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9,zh-CN;q\u003d0.8,zh;q\u003d0.7",
  "cookie": "__utmc\u003d201319536; __utma\u003d201319536.1094656506.1667372526.1669192421.1669574146.18; __utmz\u003d201319536.1669574146.18.4.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d3F138883B59A4562B9987C6E0F96FA4F",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-proto": "https",
  "x-forwarded-port": "443",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{
  "code": "-HEySPEjv30CA1rq8BQoN-kRxUl3SdxnOHd_VXnziAs.r4zXDzjfCBcb4tcNUW7qsw1bJkZkSWzVHocoTEkmo7XxfVUvGPzMmWFvxc6GPKcvvMCBhBveCi7RNGOSv96NDg",
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF1ZCI6WyI2MDQ0OTIyMC1mNmRmLTQ0MGYtOTg2NC0wYzhlODhjYzI1NTEiXSwiYXV0aF90aW1lIjoxNjY5NjEyMjc1LCJjX2hhc2giOiJQN3Y1MEhvMktuUGZNV0ZBWS1sSVBBIiwiZXhwIjoxNjY5NjE5ODE1LCJpYXQiOjE2Njk2MTI2MTUsImlzcyI6Imh0dHBzOi8vb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tL29hdXRoMiIsImp0aSI6IjRkYTgyY2VlLTE5NDgtNDM1Yy1hYWQxLTVkYjg1MjFjZmQ5NCIsIm5hbWUiOiJJU1YgRGV2Iiwibm9uY2UiOiJ2U2o4bmlrWGtVIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiaXN2ZGV2QGlibS5jb20iLCJyYXQiOjE2Njk2MTI2MTUsInJlYWxtTmFtZSI6ImNsb3VkSWRlbnRpdHlSZWFsbSIsInNfaGFzaCI6Ik1jalFabEZsY3FDOWhlV0dpcGFGMGciLCJzdWIiOiI2MTYwMDE3TjY3In0.la4GH4O6oXysBr8--ljcCTebjt_18atxr09Z-CoCvQl8b1gAG1ISBxxnqXiFQtByZcipYLRfhBcSpGJRg-ErT3mO5UJZEE23pE6Ok-7uMfO0FtQm2a0tQX8JW3McA0rm3hMX3SqQ8vhG5KjLmcBPjzYEsm5JLHkyL8MZHnUd8MW2INw5V8C2MBhDCW6BeWedUA3dtGRqxbEpDOJjWM7Q5PpU_gMtNFSXTtO4aTGRvDf4zheVXAFF6UjMK6XZc205q-csFCTk5U9CzMY_5sns3OrS7h1CqeTPKlj1Klk0V2xot8mdSfsLCwy9J4-u4iSDgp-W5MGOFRHHXtqyzJk5BQ",
  "iss": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2",
  "state": "8BDe7SBIY6"
}
post_body
Verify authorization endpoint response
2022-11-28 05:16:56 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2022-11-28 05:16:56 SUCCESS
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
2022-11-28 05:16:56 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
bar
foo
2022-11-28 05:16:56 SUCCESS
ValidateIssInAuthorizationResponse
'iss' parameter in authorization response matches server's issuer value.
2022-11-28 05:16:56 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2022-11-28 05:16:56 SUCCESS
CheckStateInAuthorizationResponse
State in response correctly returned
state
8BDe7SBIY6
2022-11-28 05:16:56 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
-HEySPEjv30CA1rq8BQoN-kRxUl3SdxnOHd_VXnziAs.r4zXDzjfCBcb4tcNUW7qsw1bJkZkSWzVHocoTEkmo7XxfVUvGPzMmWFvxc6GPKcvvMCBhBveCi7RNGOSv96NDg
2022-11-28 05:16:56 SUCCESS
ExtractIdTokenFromAuthorizationResponse
Found and parsed the id_token from authorization_endpoint_response
value
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF1ZCI6WyI2MDQ0OTIyMC1mNmRmLTQ0MGYtOTg2NC0wYzhlODhjYzI1NTEiXSwiYXV0aF90aW1lIjoxNjY5NjEyMjc1LCJjX2hhc2giOiJQN3Y1MEhvMktuUGZNV0ZBWS1sSVBBIiwiZXhwIjoxNjY5NjE5ODE1LCJpYXQiOjE2Njk2MTI2MTUsImlzcyI6Imh0dHBzOi8vb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tL29hdXRoMiIsImp0aSI6IjRkYTgyY2VlLTE5NDgtNDM1Yy1hYWQxLTVkYjg1MjFjZmQ5NCIsIm5hbWUiOiJJU1YgRGV2Iiwibm9uY2UiOiJ2U2o4bmlrWGtVIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiaXN2ZGV2QGlibS5jb20iLCJyYXQiOjE2Njk2MTI2MTUsInJlYWxtTmFtZSI6ImNsb3VkSWRlbnRpdHlSZWFsbSIsInNfaGFzaCI6Ik1jalFabEZsY3FDOWhlV0dpcGFGMGciLCJzdWIiOiI2MTYwMDE3TjY3In0.la4GH4O6oXysBr8--ljcCTebjt_18atxr09Z-CoCvQl8b1gAG1ISBxxnqXiFQtByZcipYLRfhBcSpGJRg-ErT3mO5UJZEE23pE6Ok-7uMfO0FtQm2a0tQX8JW3McA0rm3hMX3SqQ8vhG5KjLmcBPjzYEsm5JLHkyL8MZHnUd8MW2INw5V8C2MBhDCW6BeWedUA3dtGRqxbEpDOJjWM7Q5PpU_gMtNFSXTtO4aTGRvDf4zheVXAFF6UjMK6XZc205q-csFCTk5U9CzMY_5sns3OrS7h1CqeTPKlj1Klk0V2xot8mdSfsLCwy9J4-u4iSDgp-W5MGOFRHHXtqyzJk5BQ
header
{
  "kid": "server",
  "alg": "RS256"
}
claims
{
  "sub": "6160017N67",
  "rat": 1669612615,
  "realmName": "cloudIdentityRealm",
  "amr": [
    "password"
  ],
  "iss": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2",
  "preferred_username": "isvdev@ibm.com",
  "nonce": "vSj8nikXkU",
  "acr": "urn:ibm:security:policy:id:1",
  "aud": "60449220-f6df-440f-9864-0c8e88cc2551",
  "c_hash": "P7v50Ho2KnPfMWFAY-lIPA",
  "s_hash": "McjQZlFlcqC9heWGipaF0g",
  "auth_time": 1669612275,
  "name": "ISV Dev",
  "exp": 1669619815,
  "iat": 1669612615,
  "jti": "4da82cee-1948-435c-aad1-5db8521cfd94"
}
2022-11-28 05:16:56 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2022-11-28 05:16:56
ValidateIdTokenStandardClaims
sub is a string with content
2022-11-28 05:16:56
ValidateIdTokenStandardClaims
Skipping unknown claim: rat
2022-11-28 05:16:56
ValidateIdTokenStandardClaims
Skipping unknown claim: realmName
2022-11-28 05:16:56
ValidateIdTokenStandardClaims
preferred_username is a string with content
2022-11-28 05:16:56
ValidateIdTokenStandardClaims
name is a string with content
2022-11-28 05:16:56 SUCCESS
ValidateIdTokenStandardClaims
id_token claims are valid
2022-11-28 05:16:56 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
vSj8nikXkU
2022-11-28 05:16:56 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2022-11-28 05:16:56 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF1ZCI6WyI2MDQ0OTIyMC1mNmRmLTQ0MGYtOTg2NC0wYzhlODhjYzI1NTEiXSwiYXV0aF90aW1lIjoxNjY5NjEyMjc1LCJjX2hhc2giOiJQN3Y1MEhvMktuUGZNV0ZBWS1sSVBBIiwiZXhwIjoxNjY5NjE5ODE1LCJpYXQiOjE2Njk2MTI2MTUsImlzcyI6Imh0dHBzOi8vb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tL29hdXRoMiIsImp0aSI6IjRkYTgyY2VlLTE5NDgtNDM1Yy1hYWQxLTVkYjg1MjFjZmQ5NCIsIm5hbWUiOiJJU1YgRGV2Iiwibm9uY2UiOiJ2U2o4bmlrWGtVIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiaXN2ZGV2QGlibS5jb20iLCJyYXQiOjE2Njk2MTI2MTUsInJlYWxtTmFtZSI6ImNsb3VkSWRlbnRpdHlSZWFsbSIsInNfaGFzaCI6Ik1jalFabEZsY3FDOWhlV0dpcGFGMGciLCJzdWIiOiI2MTYwMDE3TjY3In0.la4GH4O6oXysBr8--ljcCTebjt_18atxr09Z-CoCvQl8b1gAG1ISBxxnqXiFQtByZcipYLRfhBcSpGJRg-ErT3mO5UJZEE23pE6Ok-7uMfO0FtQm2a0tQX8JW3McA0rm3hMX3SqQ8vhG5KjLmcBPjzYEsm5JLHkyL8MZHnUd8MW2INw5V8C2MBhDCW6BeWedUA3dtGRqxbEpDOJjWM7Q5PpU_gMtNFSXTtO4aTGRvDf4zheVXAFF6UjMK6XZc205q-csFCTk5U9CzMY_5sns3OrS7h1CqeTPKlj1Klk0V2xot8mdSfsLCwy9J4-u4iSDgp-W5MGOFRHHXtqyzJk5BQ
2022-11-28 05:16:56 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF1ZCI6WyI2MDQ0OTIyMC1mNmRmLTQ0MGYtOTg2NC0wYzhlODhjYzI1NTEiXSwiYXV0aF90aW1lIjoxNjY5NjEyMjc1LCJjX2hhc2giOiJQN3Y1MEhvMktuUGZNV0ZBWS1sSVBBIiwiZXhwIjoxNjY5NjE5ODE1LCJpYXQiOjE2Njk2MTI2MTUsImlzcyI6Imh0dHBzOi8vb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tL29hdXRoMiIsImp0aSI6IjRkYTgyY2VlLTE5NDgtNDM1Yy1hYWQxLTVkYjg1MjFjZmQ5NCIsIm5hbWUiOiJJU1YgRGV2Iiwibm9uY2UiOiJ2U2o4bmlrWGtVIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiaXN2ZGV2QGlibS5jb20iLCJyYXQiOjE2Njk2MTI2MTUsInJlYWxtTmFtZSI6ImNsb3VkSWRlbnRpdHlSZWFsbSIsInNfaGFzaCI6Ik1jalFabEZsY3FDOWhlV0dpcGFGMGciLCJzdWIiOiI2MTYwMDE3TjY3In0.la4GH4O6oXysBr8--ljcCTebjt_18atxr09Z-CoCvQl8b1gAG1ISBxxnqXiFQtByZcipYLRfhBcSpGJRg-ErT3mO5UJZEE23pE6Ok-7uMfO0FtQm2a0tQX8JW3McA0rm3hMX3SqQ8vhG5KjLmcBPjzYEsm5JLHkyL8MZHnUd8MW2INw5V8C2MBhDCW6BeWedUA3dtGRqxbEpDOJjWM7Q5PpU_gMtNFSXTtO4aTGRvDf4zheVXAFF6UjMK6XZc205q-csFCTk5U9CzMY_5sns3OrS7h1CqeTPKlj1Klk0V2xot8mdSfsLCwy9J4-u4iSDgp-W5MGOFRHHXtqyzJk5BQ
2022-11-28 05:16:56 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
6160017N67
2022-11-28 05:16:56
EnsureIdTokenUpdatedAtValid
id_token response does not contain 'updated_at'
2022-11-28 05:16:56 INFO
ValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2022-11-28 05:16:56 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
Created token endpoint request
grant_type
authorization_code
code
-HEySPEjv30CA1rq8BQoN-kRxUl3SdxnOHd_VXnziAs.r4zXDzjfCBcb4tcNUW7qsw1bJkZkSWzVHocoTEkmo7XxfVUvGPzMmWFvxc6GPKcvvMCBhBveCi7RNGOSv96NDg
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar=foo
2022-11-28 05:16:56 SUCCESS
CreateClientAuthenticationAssertionClaims
Created client assertion claims
iss
60449220-f6df-440f-9864-0c8e88cc2551
sub
60449220-f6df-440f-9864-0c8e88cc2551
aud
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/token
jti
fRcn6UYcuwUqpcWUwD3n
iat
1669612616
exp
1669612676
2022-11-28 05:16:56 SUCCESS
SignClientAuthenticationAssertion
Signed the client assertion
client_assertion
eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI2MDQ0OTIyMC1mNmRmLTQ0MGYtOTg2NC0wYzhlODhjYzI1NTEiLCJhdWQiOiJodHRwczpcL1wvb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tXC9vYXV0aDJcL3Rva2VuIiwiaXNzIjoiNjA0NDkyMjAtZjZkZi00NDBmLTk4NjQtMGM4ZTg4Y2MyNTUxIiwiZXhwIjoxNjY5NjEyNjc2LCJpYXQiOjE2Njk2MTI2MTYsImp0aSI6ImZSY242VVljdXdVcXBjV1V3RDNuIn0.MXeqBFwGkOcMP7nhbfNN5pfasCRtSjMzIhulBtzR7NgvlaAxnHxQbZsRnAvf5bNYAX_X9MNEqTbZmNhLsH4eg4HgY8btNMWfDXxsnDkaGztQccY-JnffVH3qG65GPme3yAcmYhXQqtHccofuHHM6ycym_e3Up8gMNo8Q3fTuWBJjHckl2hbDnDVjZobuNP-0DKi3kq4f-nI2Ze_xdLLDQd4-qfu238CUsnQUNbVZu353H4gXcmBNiHXvTG0dl49XSl1Kig2FuZgzF28NJD8lMCbcJEy6G45mbHCURfCbvTqUOZwLyaeHUcZDnx4GS2XH9foDLdnRQFNcYZ5ENGCLNQ
2022-11-28 05:16:56
AddClientAssertionToTokenEndpointRequest
Added client assertion
grant_type
authorization_code
code
-HEySPEjv30CA1rq8BQoN-kRxUl3SdxnOHd_VXnziAs.r4zXDzjfCBcb4tcNUW7qsw1bJkZkSWzVHocoTEkmo7XxfVUvGPzMmWFvxc6GPKcvvMCBhBveCi7RNGOSv96NDg
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback?bar=foo
client_assertion
eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI2MDQ0OTIyMC1mNmRmLTQ0MGYtOTg2NC0wYzhlODhjYzI1NTEiLCJhdWQiOiJodHRwczpcL1wvb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tXC9vYXV0aDJcL3Rva2VuIiwiaXNzIjoiNjA0NDkyMjAtZjZkZi00NDBmLTk4NjQtMGM4ZTg4Y2MyNTUxIiwiZXhwIjoxNjY5NjEyNjc2LCJpYXQiOjE2Njk2MTI2MTYsImp0aSI6ImZSY242VVljdXdVcXBjV1V3RDNuIn0.MXeqBFwGkOcMP7nhbfNN5pfasCRtSjMzIhulBtzR7NgvlaAxnHxQbZsRnAvf5bNYAX_X9MNEqTbZmNhLsH4eg4HgY8btNMWfDXxsnDkaGztQccY-JnffVH3qG65GPme3yAcmYhXQqtHccofuHHM6ycym_e3Up8gMNo8Q3fTuWBJjHckl2hbDnDVjZobuNP-0DKi3kq4f-nI2Ze_xdLLDQd4-qfu238CUsnQUNbVZu353H4gXcmBNiHXvTG0dl49XSl1Kig2FuZgzF28NJD8lMCbcJEy6G45mbHCURfCbvTqUOZwLyaeHUcZDnx4GS2XH9foDLdnRQFNcYZ5ENGCLNQ
client_assertion_type
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
2022-11-28 05:16:56
CallTokenEndpoint
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/token
request_method
POST
request_headers
{
  "accept": "application/json",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "1063"
}
request_body
grant_type=authorization_code&code=-HEySPEjv30CA1rq8BQoN-kRxUl3SdxnOHd_VXnziAs.r4zXDzjfCBcb4tcNUW7qsw1bJkZkSWzVHocoTEkmo7XxfVUvGPzMmWFvxc6GPKcvvMCBhBveCi7RNGOSv96NDg&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2Fisv_op_oidc_core_test%2Fcallback%3Fbar%3Dfoo&client_assertion=eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI2MDQ0OTIyMC1mNmRmLTQ0MGYtOTg2NC0wYzhlODhjYzI1NTEiLCJhdWQiOiJodHRwczpcL1wvb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tXC9vYXV0aDJcL3Rva2VuIiwiaXNzIjoiNjA0NDkyMjAtZjZkZi00NDBmLTk4NjQtMGM4ZTg4Y2MyNTUxIiwiZXhwIjoxNjY5NjEyNjc2LCJpYXQiOjE2Njk2MTI2MTYsImp0aSI6ImZSY242VVljdXdVcXBjV1V3RDNuIn0.MXeqBFwGkOcMP7nhbfNN5pfasCRtSjMzIhulBtzR7NgvlaAxnHxQbZsRnAvf5bNYAX_X9MNEqTbZmNhLsH4eg4HgY8btNMWfDXxsnDkaGztQccY-JnffVH3qG65GPme3yAcmYhXQqtHccofuHHM6ycym_e3Up8gMNo8Q3fTuWBJjHckl2hbDnDVjZobuNP-0DKi3kq4f-nI2Ze_xdLLDQd4-qfu238CUsnQUNbVZu353H4gXcmBNiHXvTG0dl49XSl1Kig2FuZgzF28NJD8lMCbcJEy6G45mbHCURfCbvTqUOZwLyaeHUcZDnx4GS2XH9foDLdnRQFNcYZ5ENGCLNQ&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
2022-11-28 05:16:56 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-content-type-options": "nosniff",
  "cache-control": "no-store",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AKb021eec9-f042-4c20-8bad-63d5c1ef6b92",
  "pragma": "no-cache",
  "x-global-transaction-id": "efc5c2816384444837392fe1",
  "content-length": "1281",
  "date": "Mon, 28 Nov 2022 05:16:56 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:uonmIi94Rw7At2IQDPQaxDZzAa3kI2DImMbTcMPcfhw\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:61017047; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d6A6D5663F4157E2B69FAF7E411C77801~-1~YAAQXXYGF3H64oSEAQAAjLyqvAjVERIT9TyWCkdiOcTHXv2uJxGVj+zRxz7MJAhEz5XuLsMdhQZgImJi6MVBgrQSze7wt9VSBZZBF0THFfVQZmOvFQ1LtFOJdOOv9RKbCSID5yhahT1W/6u7jWih2TiH2s0sirOM3Da5McuquwzlpunM+AS6NeyhLAKh3PqxLkD6zqU0ZHh7ust4NMT0U6S7HvmCjGgjSXveuYg7frRdI1CGAHaRF/qBcmHaTKYt0+zJ68MePnEDl5Xad5K8vkniJ0DkiXtlvbjXedGdl+kiihC7EbWrGWsr58kmdqvKWtzZkuOi13gejULJfxI0RdoZaDbUbEQMQz+M2fqQULDIWlmRB4jHxV2496DTuXzcl+reGxQ\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dTue, 28 Nov 2023 05:16:56 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d7539A652D4FBA97173D3D3089E3690CE~YAAQXXYGF3L64oSEAQAAjLyqvBG0GCTeQZT76lCSlRqrQyWv+WxYPTtUO6hHYznrvmSVliq2pt1Rq9Tllj/kDLfSfWTYghEJvGvRW6nlF6xy4KeLDzOtYQibglHg8MV0EGDIw91k9JALQb+PBVw/bklD5G3WK19o/SBcBk1PpMiNYpxh3wr/SINVkc+bt5zXHT0ayulOifiP+OpWBc/BFF3SSIwEMaYMqYWJvrLPi3tZwfYS+i1X/env1Yu3lhVc5jXffzgb/Q/rjZZCUZKqOp36QX65W7t6S9nFUtdlNd+GKPs74nweY8HxeMm6~3616834~3355446; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 28 Nov 2022 09:16:56 GMT; Max-Age\u003d14400; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d109",
    "origin; dur\u003d178"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body
{"access_token":"w5aLaYq8xvZbvPjNzLX5MeG-h4B5CioVyZWD1iYa1tQ.yMSYLP045nP5ihFlLw6uXP8RbFpYxfQDYxfK4drDDGVfdc6jJd6aX-yvxifTCnoLYtjljW76Z8ZpNg4uFjaZVQ.M18xNjY5NjEyNjE2XzE4","expires_in":7200,"id_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJfa3o1bXh5T212blo1QkxRdW1IaDhRIiwiYXVkIjpbIjYwNDQ5MjIwLWY2ZGYtNDQwZi05ODY0LTBjOGU4OGNjMjU1MSJdLCJhdXRoX3RpbWUiOjE2Njk2MTIyNzUsImV4cCI6MTY2OTYxOTgxNiwiaWF0IjoxNjY5NjEyNjE2LCJpc3MiOiJodHRwczovL29pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbS9vYXV0aDIiLCJqdGkiOiI5MTliOWVjMy0yNDQxLTQ4MTQtYjk0Mi05NjcyZDMxNTU2MmMiLCJuYW1lIjoiSVNWIERldiIsIm5vbmNlIjoidlNqOG5pa1hrVSIsInByZWZlcnJlZF91c2VybmFtZSI6ImlzdmRldkBpYm0uY29tIiwicmF0IjoxNjY5NjEyNjE1LCJyZWFsbU5hbWUiOiJjbG91ZElkZW50aXR5UmVhbG0iLCJzX2hhc2giOiJNY2pRWmxGbGNxQzloZVdHaXBhRjBnIiwic3ViIjoiNjE2MDAxN042NyJ9.JLVICUEy2sEekvL4-7Ee_G5QFx9heTQBvA9Hkygs92j5qz4MilZKX2nyOLifWxDhCeO9FsvjxqtJrGaZPJ3fzxwOj0YAKiLMBsrb0ymQtn5bSQtvK81fZhV7UKSeo3AqHKRFyFURCdVE7qkCNvzC2gpdPEhbf5tM2HO8vrnUz0uJz8sy6wVy70U0fQZoxcZLc-FwaXdXmbCwHejOoA5K7RVTI9jpYRfEFTwdXNrc-W0GQqeoEyrM66bfiV9M6DJf5NvXvh9QzDoSy37vOMBYwJoytQd8bKmgsfWJVkT7x7SKNoFCsKYMMQtSBePShiWSv40wb_c1yDx2J6ZFaeatwg","scope":"openid","token_type":"bearer"}
2022-11-28 05:16:56 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
access_token
w5aLaYq8xvZbvPjNzLX5MeG-h4B5CioVyZWD1iYa1tQ.yMSYLP045nP5ihFlLw6uXP8RbFpYxfQDYxfK4drDDGVfdc6jJd6aX-yvxifTCnoLYtjljW76Z8ZpNg4uFjaZVQ.M18xNjY5NjEyNjE2XzE4
expires_in
7200
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJfa3o1bXh5T212blo1QkxRdW1IaDhRIiwiYXVkIjpbIjYwNDQ5MjIwLWY2ZGYtNDQwZi05ODY0LTBjOGU4OGNjMjU1MSJdLCJhdXRoX3RpbWUiOjE2Njk2MTIyNzUsImV4cCI6MTY2OTYxOTgxNiwiaWF0IjoxNjY5NjEyNjE2LCJpc3MiOiJodHRwczovL29pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbS9vYXV0aDIiLCJqdGkiOiI5MTliOWVjMy0yNDQxLTQ4MTQtYjk0Mi05NjcyZDMxNTU2MmMiLCJuYW1lIjoiSVNWIERldiIsIm5vbmNlIjoidlNqOG5pa1hrVSIsInByZWZlcnJlZF91c2VybmFtZSI6ImlzdmRldkBpYm0uY29tIiwicmF0IjoxNjY5NjEyNjE1LCJyZWFsbU5hbWUiOiJjbG91ZElkZW50aXR5UmVhbG0iLCJzX2hhc2giOiJNY2pRWmxGbGNxQzloZVdHaXBhRjBnIiwic3ViIjoiNjE2MDAxN042NyJ9.JLVICUEy2sEekvL4-7Ee_G5QFx9heTQBvA9Hkygs92j5qz4MilZKX2nyOLifWxDhCeO9FsvjxqtJrGaZPJ3fzxwOj0YAKiLMBsrb0ymQtn5bSQtvK81fZhV7UKSeo3AqHKRFyFURCdVE7qkCNvzC2gpdPEhbf5tM2HO8vrnUz0uJz8sy6wVy70U0fQZoxcZLc-FwaXdXmbCwHejOoA5K7RVTI9jpYRfEFTwdXNrc-W0GQqeoEyrM66bfiV9M6DJf5NvXvh9QzDoSy37vOMBYwJoytQd8bKmgsfWJVkT7x7SKNoFCsKYMMQtSBePShiWSv40wb_c1yDx2J6ZFaeatwg
scope
openid
token_type
bearer
2022-11-28 05:16:56 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2022-11-28 05:16:56 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
w5aLaYq8xvZbvPjNzLX5MeG-h4B5CioVyZWD1iYa1tQ.yMSYLP045nP5ihFlLw6uXP8RbFpYxfQDYxfK4drDDGVfdc6jJd6aX-yvxifTCnoLYtjljW76Z8ZpNg4uFjaZVQ.M18xNjY5NjEyNjE2XzE4
2022-11-28 05:16:56 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
w5aLaYq8xvZbvPjNzLX5MeG-h4B5CioVyZWD1iYa1tQ.yMSYLP045nP5ihFlLw6uXP8RbFpYxfQDYxfK4drDDGVfdc6jJd6aX-yvxifTCnoLYtjljW76Z8ZpNg4uFjaZVQ.M18xNjY5NjEyNjE2XzE4
type
bearer
2022-11-28 05:16:56 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
7200
2022-11-28 05:16:56 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
7200
2022-11-28 05:16:56 INFO
CheckForRefreshTokenValue
Couldn't find refresh token
2022-11-28 05:16:56 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJfa3o1bXh5T212blo1QkxRdW1IaDhRIiwiYXVkIjpbIjYwNDQ5MjIwLWY2ZGYtNDQwZi05ODY0LTBjOGU4OGNjMjU1MSJdLCJhdXRoX3RpbWUiOjE2Njk2MTIyNzUsImV4cCI6MTY2OTYxOTgxNiwiaWF0IjoxNjY5NjEyNjE2LCJpc3MiOiJodHRwczovL29pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbS9vYXV0aDIiLCJqdGkiOiI5MTliOWVjMy0yNDQxLTQ4MTQtYjk0Mi05NjcyZDMxNTU2MmMiLCJuYW1lIjoiSVNWIERldiIsIm5vbmNlIjoidlNqOG5pa1hrVSIsInByZWZlcnJlZF91c2VybmFtZSI6ImlzdmRldkBpYm0uY29tIiwicmF0IjoxNjY5NjEyNjE1LCJyZWFsbU5hbWUiOiJjbG91ZElkZW50aXR5UmVhbG0iLCJzX2hhc2giOiJNY2pRWmxGbGNxQzloZVdHaXBhRjBnIiwic3ViIjoiNjE2MDAxN042NyJ9.JLVICUEy2sEekvL4-7Ee_G5QFx9heTQBvA9Hkygs92j5qz4MilZKX2nyOLifWxDhCeO9FsvjxqtJrGaZPJ3fzxwOj0YAKiLMBsrb0ymQtn5bSQtvK81fZhV7UKSeo3AqHKRFyFURCdVE7qkCNvzC2gpdPEhbf5tM2HO8vrnUz0uJz8sy6wVy70U0fQZoxcZLc-FwaXdXmbCwHejOoA5K7RVTI9jpYRfEFTwdXNrc-W0GQqeoEyrM66bfiV9M6DJf5NvXvh9QzDoSy37vOMBYwJoytQd8bKmgsfWJVkT7x7SKNoFCsKYMMQtSBePShiWSv40wb_c1yDx2J6ZFaeatwg
header
{
  "kid": "server",
  "alg": "RS256"
}
claims
{
  "at_hash": "_kz5mxyOmvnZ5BLQumHh8Q",
  "sub": "6160017N67",
  "rat": 1669612615,
  "realmName": "cloudIdentityRealm",
  "amr": [
    "password"
  ],
  "iss": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2",
  "preferred_username": "isvdev@ibm.com",
  "nonce": "vSj8nikXkU",
  "acr": "urn:ibm:security:policy:id:1",
  "aud": "60449220-f6df-440f-9864-0c8e88cc2551",
  "s_hash": "McjQZlFlcqC9heWGipaF0g",
  "auth_time": 1669612275,
  "name": "ISV Dev",
  "exp": 1669619816,
  "iat": 1669612616,
  "jti": "919b9ec3-2441-4814-b942-9672d315562c"
}
2022-11-28 05:16:56 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2022-11-28 05:16:56
ValidateIdTokenStandardClaims
sub is a string with content
2022-11-28 05:16:56
ValidateIdTokenStandardClaims
Skipping unknown claim: rat
2022-11-28 05:16:56
ValidateIdTokenStandardClaims
Skipping unknown claim: realmName
2022-11-28 05:16:56
ValidateIdTokenStandardClaims
preferred_username is a string with content
2022-11-28 05:16:56
ValidateIdTokenStandardClaims
name is a string with content
2022-11-28 05:16:56 SUCCESS
ValidateIdTokenStandardClaims
id_token claims are valid
2022-11-28 05:16:56 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
vSj8nikXkU
2022-11-28 05:16:56 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2022-11-28 05:16:56 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJfa3o1bXh5T212blo1QkxRdW1IaDhRIiwiYXVkIjpbIjYwNDQ5MjIwLWY2ZGYtNDQwZi05ODY0LTBjOGU4OGNjMjU1MSJdLCJhdXRoX3RpbWUiOjE2Njk2MTIyNzUsImV4cCI6MTY2OTYxOTgxNiwiaWF0IjoxNjY5NjEyNjE2LCJpc3MiOiJodHRwczovL29pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbS9vYXV0aDIiLCJqdGkiOiI5MTliOWVjMy0yNDQxLTQ4MTQtYjk0Mi05NjcyZDMxNTU2MmMiLCJuYW1lIjoiSVNWIERldiIsIm5vbmNlIjoidlNqOG5pa1hrVSIsInByZWZlcnJlZF91c2VybmFtZSI6ImlzdmRldkBpYm0uY29tIiwicmF0IjoxNjY5NjEyNjE1LCJyZWFsbU5hbWUiOiJjbG91ZElkZW50aXR5UmVhbG0iLCJzX2hhc2giOiJNY2pRWmxGbGNxQzloZVdHaXBhRjBnIiwic3ViIjoiNjE2MDAxN042NyJ9.JLVICUEy2sEekvL4-7Ee_G5QFx9heTQBvA9Hkygs92j5qz4MilZKX2nyOLifWxDhCeO9FsvjxqtJrGaZPJ3fzxwOj0YAKiLMBsrb0ymQtn5bSQtvK81fZhV7UKSeo3AqHKRFyFURCdVE7qkCNvzC2gpdPEhbf5tM2HO8vrnUz0uJz8sy6wVy70U0fQZoxcZLc-FwaXdXmbCwHejOoA5K7RVTI9jpYRfEFTwdXNrc-W0GQqeoEyrM66bfiV9M6DJf5NvXvh9QzDoSy37vOMBYwJoytQd8bKmgsfWJVkT7x7SKNoFCsKYMMQtSBePShiWSv40wb_c1yDx2J6ZFaeatwg
2022-11-28 05:16:56 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJfa3o1bXh5T212blo1QkxRdW1IaDhRIiwiYXVkIjpbIjYwNDQ5MjIwLWY2ZGYtNDQwZi05ODY0LTBjOGU4OGNjMjU1MSJdLCJhdXRoX3RpbWUiOjE2Njk2MTIyNzUsImV4cCI6MTY2OTYxOTgxNiwiaWF0IjoxNjY5NjEyNjE2LCJpc3MiOiJodHRwczovL29pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbS9vYXV0aDIiLCJqdGkiOiI5MTliOWVjMy0yNDQxLTQ4MTQtYjk0Mi05NjcyZDMxNTU2MmMiLCJuYW1lIjoiSVNWIERldiIsIm5vbmNlIjoidlNqOG5pa1hrVSIsInByZWZlcnJlZF91c2VybmFtZSI6ImlzdmRldkBpYm0uY29tIiwicmF0IjoxNjY5NjEyNjE1LCJyZWFsbU5hbWUiOiJjbG91ZElkZW50aXR5UmVhbG0iLCJzX2hhc2giOiJNY2pRWmxGbGNxQzloZVdHaXBhRjBnIiwic3ViIjoiNjE2MDAxN042NyJ9.JLVICUEy2sEekvL4-7Ee_G5QFx9heTQBvA9Hkygs92j5qz4MilZKX2nyOLifWxDhCeO9FsvjxqtJrGaZPJ3fzxwOj0YAKiLMBsrb0ymQtn5bSQtvK81fZhV7UKSeo3AqHKRFyFURCdVE7qkCNvzC2gpdPEhbf5tM2HO8vrnUz0uJz8sy6wVy70U0fQZoxcZLc-FwaXdXmbCwHejOoA5K7RVTI9jpYRfEFTwdXNrc-W0GQqeoEyrM66bfiV9M6DJf5NvXvh9QzDoSy37vOMBYwJoytQd8bKmgsfWJVkT7x7SKNoFCsKYMMQtSBePShiWSv40wb_c1yDx2J6ZFaeatwg
2022-11-28 05:16:56 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
6160017N67
2022-11-28 05:16:56
EnsureIdTokenUpdatedAtValid
id_token response does not contain 'updated_at'
2022-11-28 05:16:56 INFO
ValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2022-11-28 05:16:56 SUCCESS
VerifyIdTokenSubConsistentHybridFlow
authorization endpoint and token endpoint id_token have same sub
sub_auth_endpoint
6160017N67
sub_token_endpoint
6160017N67
Userinfo endpoint tests
2022-11-28 05:16:56
CallProtectedResource
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/userinfo
request_method
GET
request_headers
{
  "accept": "application/json",
  "authorization": "bearer w5aLaYq8xvZbvPjNzLX5MeG-h4B5CioVyZWD1iYa1tQ.yMSYLP045nP5ihFlLw6uXP8RbFpYxfQDYxfK4drDDGVfdc6jJd6aX-yvxifTCnoLYtjljW76Z8ZpNg4uFjaZVQ.M18xNjY5NjEyNjE2XzE4",
  "content-length": "0"
}
request_body

                                
2022-11-28 05:16:57 RESPONSE
CallProtectedResource
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-frame-options": "SAMEORIGIN",
  "x-content-type-options": "nosniff",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "expires": "0",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AKc195bde6-f0b2-4b80-b4f8-7771379a872f",
  "content-security-policy": "frame-ancestors \u0027self\u0027",
  "x-ua-compatible": "IE\u003dedge",
  "x-global-transaction-id": "efc5c2816384444903f859c7",
  "content-length": "324",
  "date": "Mon, 28 Nov 2022 05:16:57 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:WguTe7Lt/42sg803S4qIsrMReyjvsC9RVNZzAQOSq1c\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:54725591; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d3CD89ECB53528A5C88091F32716E6FFF~-1~YAAQXXYGF3364oSEAQAAxL2qvAiWvRAYsHlwCZFiwwqKO8GtwNf8qcGMdeXK77malSeZHEqmief+APEpHzJDRf7jcqT4P7TDbuNH5GlzD5NetavuF88bdyoPuwRhflCbXF67vMVPlP9fkw8Yuhrd2lNWcz7eS4o9aAuwXQWVL9scFSh45J2xR5h0GiHTeHQycIkw0CwqZq8G8ebUdf8xOsxy+xCgBnQ6r4hVxv0oxviICMUb7y7+FsFSJIfHHZiuru5y9TGhJO6e8Cifcq6cQn3bOO8R2X/eYGAuihruGVlKKq7agXB+y6gX3TPkuf6oo+sLEnQx6a7RHOOdUXlOuzscYzE68nPQF6YCO5xCTgZx9ssddiAeE08plGxK86PjGehpjgU\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dTue, 28 Nov 2023 05:16:57 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003dEEA11EEC63D216E00BB93EBE532FE8BD~YAAQXXYGF3764oSEAQAAxL2qvBFVXS5uX0nU2y88DzKoyepT7Qfi+I1WByry6856SfbKLk82/q20IssJxVLdojp85Cbc4DaCug6GlcGrxip40+XkJLtj55Ii52qNdD5LMCo+wvKdXp5js7+qKkVyoFkMEPzqWHGx4YEdHbaHG9eh6vU/Bc8VQo8xccONFgShS//Kfy9QAb9wrglF+dDLrNbHT7AC5n92FIFSWhgu1rsQMX2Sn0910YQ0S8c0HfTLZQB+vBKsNHM7wd+A9Dwen3ES7A8FftPwjMqEXH5AGGCfUcW4HARugWbFHgo7~3616834~3355446; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 28 Nov 2022 09:16:56 GMT; Max-Age\u003d14399; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d90",
    "origin; dur\u003d139"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body
{"acr":"urn:ibm:security:policy:id:1","amr":["password"],"aud":["60449220-f6df-440f-9864-0c8e88cc2551"],"auth_time":1669612275,"iss":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2","name":"ISV Dev","preferred_username":"isvdev@ibm.com","rat":1669612615,"realmName":"cloudIdentityRealm","sub":"6160017N67"}
2022-11-28 05:16:57 SUCCESS
CallProtectedResource
Got a response from the resource endpoint
status
200
endpoint_name
resource
headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-frame-options": "SAMEORIGIN",
  "x-content-type-options": "nosniff",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "expires": "0",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AKc195bde6-f0b2-4b80-b4f8-7771379a872f",
  "content-security-policy": "frame-ancestors \u0027self\u0027",
  "x-ua-compatible": "IE\u003dedge",
  "x-global-transaction-id": "efc5c2816384444903f859c7",
  "content-length": "324",
  "date": "Mon, 28 Nov 2022 05:16:57 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:WguTe7Lt/42sg803S4qIsrMReyjvsC9RVNZzAQOSq1c\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:54725591; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d3CD89ECB53528A5C88091F32716E6FFF~-1~YAAQXXYGF3364oSEAQAAxL2qvAiWvRAYsHlwCZFiwwqKO8GtwNf8qcGMdeXK77malSeZHEqmief+APEpHzJDRf7jcqT4P7TDbuNH5GlzD5NetavuF88bdyoPuwRhflCbXF67vMVPlP9fkw8Yuhrd2lNWcz7eS4o9aAuwXQWVL9scFSh45J2xR5h0GiHTeHQycIkw0CwqZq8G8ebUdf8xOsxy+xCgBnQ6r4hVxv0oxviICMUb7y7+FsFSJIfHHZiuru5y9TGhJO6e8Cifcq6cQn3bOO8R2X/eYGAuihruGVlKKq7agXB+y6gX3TPkuf6oo+sLEnQx6a7RHOOdUXlOuzscYzE68nPQF6YCO5xCTgZx9ssddiAeE08plGxK86PjGehpjgU\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dTue, 28 Nov 2023 05:16:57 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003dEEA11EEC63D216E00BB93EBE532FE8BD~YAAQXXYGF3764oSEAQAAxL2qvBFVXS5uX0nU2y88DzKoyepT7Qfi+I1WByry6856SfbKLk82/q20IssJxVLdojp85Cbc4DaCug6GlcGrxip40+XkJLtj55Ii52qNdD5LMCo+wvKdXp5js7+qKkVyoFkMEPzqWHGx4YEdHbaHG9eh6vU/Bc8VQo8xccONFgShS//Kfy9QAb9wrglF+dDLrNbHT7AC5n92FIFSWhgu1rsQMX2Sn0910YQ0S8c0HfTLZQB+vBKsNHM7wd+A9Dwen3ES7A8FftPwjMqEXH5AGGCfUcW4HARugWbFHgo7~3616834~3355446; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 28 Nov 2022 09:16:56 GMT; Max-Age\u003d14399; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d90",
    "origin; dur\u003d139"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
body
{"acr":"urn:ibm:security:policy:id:1","amr":["password"],"aud":["60449220-f6df-440f-9864-0c8e88cc2551"],"auth_time":1669612275,"iss":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2","name":"ISV Dev","preferred_username":"isvdev@ibm.com","rat":1669612615,"realmName":"cloudIdentityRealm","sub":"6160017N67"}
2022-11-28 05:16:57 SUCCESS
EnsureHttpStatusCodeIs200
resource endpoint returned the expected http status
expected_status
200
http_status
200
2022-11-28 05:16:57 FINISHED
oidcc-redirect-uri-query-OK
Test has run to completion
testmodule_result
PASSED
Unregister dynamically registered client
2022-11-28 05:16:57
UnregisterDynamicallyRegisteredClient
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register/60449220-f6df-440f-9864-0c8e88cc2551
request_method
DELETE
request_headers
{
  "accept": "application/json",
  "authorization": "Bearer WjBrVIDmG5MMAsJ09spF6u2kcWW5F-q_lsrggM9CWzI.G1J9R5ZKmLk9Jzrn5TMEXcT9miMgIaALKL1LgkC2nPBFgKgOmVWzooWGpB08fyyAnX7CF0C3sMCKSVrLVN0jkg.M18xNjY5NjEyNTg5XzE4",
  "content-length": "0"
}
request_body

                                
2022-11-28 05:16:58 RESPONSE
UnregisterDynamicallyRegisteredClient
HTTP response
response_status_code
204 NO_CONTENT
response_status_text
No Content
response_headers
{
  "x-backside-transport": "OK OK",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-content-type-options": "nosniff",
  "cache-control": "no-store",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK766c8b13-b3c9-4168-9ae0-8a958074ada0",
  "pragma": "no-cache",
  "x-global-transaction-id": "efc5c28163844449119f5cc9",
  "date": "Mon, 28 Nov 2022 05:16:58 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:Grrv5Aqduhjuytarlwztpd7TYbDVjPXjCY1iO6df/1s\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:57871319; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003dBE453AD70D363C97BD8394318057F4C6~-1~YAAQXXYGF5v64oSEAQAAMsKqvAgxi3tWakIXqELQVZ072dsdWXEW3FgflnlnjU8iVuxBrwKKRSOPJlBiZIand5NRpT+tpDNjvZvfegQHLZmjrUrS2vEGpybDOlbAOXMJCuE1aEJKC9fmQDqIi/Esmta5Qkjj7McnvZWKAGkioT9KcZ0ivcVwQllLFa50tm0ISFchKctK1UIN2mL+FuyVweMTbbTKZaubA1xn5IQkuGIhu/c3dWKysMsnbOgEG3TcjLvr5AX4cZhPhR6AMwu99N9C68JkD9z/4Ob0gfiUCzK3Z/7C2qkUd/6c+nY16Q0R+CxTW5OJ/I3nDqXEeimzxv6CYqjy2IwJdvpAgCJAX7EEQt09yFf+zMNjzVX815qjpMe69eE\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dTue, 28 Nov 2023 05:16:58 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003dEBBB8D5EE507F81C3FA807FB2EA0057D~YAAQXXYGF5z64oSEAQAAMsKqvBFtl/W7NTu3uO/VdoDW1rx0Ff29DRYe714dvJTXKgZ9o7w+6NelOA3lqvT6itL32EnPVA7OTiNcYZNhjIKcuOSW07DIZvJ7igenD23vLdOOpQAA0BIWu8JBBPXCYZkyaWafsNlptRwH4J8cd0vX1tQi4PvRraEBldMDOvdp6OZQFFgig++qOuLb00Mlwg4g8A2z2D2KZKgszvEyp35uAUT+nf9JAAHyyuxmPlEitL6FvIlvOGoUKriUDIPuIP8GxZJK2T3vpLwiZT6ea338BfNykLsg73tpcBKj~3158064~3359282; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 28 Nov 2022 09:16:57 GMT; Max-Age\u003d14399; Secure"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body

                                
2022-11-28 05:16:58 SUCCESS
UnregisterDynamicallyRegisteredClient
Client successfully unregistered
2022-11-28 05:17:00
TEST-RUNNER
Alias has now been claimed by another test
alias
isv_op_oidc_core_test
new_test_id
K6ai7V4LGPJS0od
Test Results