Test Summary

Test Results

Expand All Collapse All
All times are UTC
2022-11-27 18:26:12 INFO
TEST-RUNNER
Test instance njTuOdQRVqRGfTE created
baseUrl
https://www.certification.openid.net/test/a/isv_op_oidc_core_test
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "code id_token token",
  "server_metadata": "discovery",
  "response_mode": "default",
  "client_registration": "dynamic_client"
}
alias
isv_op_oidc_core_test
description
isv_op_oidc_core_test_dynamic_client
planId
rdCLwWmseshp4
config
{
  "server": {
    "discoveryUrl": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/.well-known/openid-configuration",
    "login_hint": "isvdev@ibm.com"
  },
  "client": {
    "client_name": "Ristretto Core Conformance Test Dynamic Client One"
  },
  "client2": {
    "client_name": "Ristretto Core Conformance Test Dynamic Client Two"
  },
  "consent": {},
  "alias": "isv_op_oidc_core_test",
  "description": "isv_op_oidc_core_test_dynamic_client"
}
testName
oidcc-max-age-1
2022-11-27 18:26:12 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback
2022-11-27 18:26:12
GetDynamicServerConfiguration
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/.well-known/openid-configuration
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2022-11-27 18:26:12 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-frame-options": "SAMEORIGIN",
  "x-content-type-options": "nosniff",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "expires": "0",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK5c1742a4-73ef-437d-a78b-462d17e94242",
  "content-security-policy": "frame-ancestors \u0027self\u0027",
  "x-ua-compatible": "IE\u003dedge",
  "x-global-transaction-id": "efc5c2816383abc407b2e373",
  "vary": "Accept-Encoding",
  "date": "Sun, 27 Nov 2022 18:26:12 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:ycbCd7ymkpZh/hKbnC5O+dVsjnORCS77McfveLJD4OM\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:61017047; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003dF0288E78EAE26AC52C123375281713E1~-1~YAAQbdoHYEwd5YKEAQAARvhWugiMD/Z5qFNuGcqbS7QfY9GeaLMWqY1IAR+IPLWPIQUp0qnc6HZi89FEkqr5MCun80G1MmL/uKStroFXRwWpCUbE1/PjmnWnM3Xd2ol/mce0pp3LwZH33cX0/PmBkmKwkr9HA6APurae4IuK2RMqaeeAK29eTlC7GEZmmpMdU68IpP1qLi3fFG8sLm1/yFbQXAgZeqiFDtWJrrXdDJXFPcOusgojZbe/woLGws1TFVhONwAgAvN5AFVbFCVzlpWggAy6HrHnbYXH0Aif2eEttDggTNCnX1iJuz8e+0xSk5x2hxkbSr599+i4iAT40sW5ifPXT8fYiZHm1dRW027qgabuGG0tOfMOR3HtBKkAaYLti8o\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 27 Nov 2023 18:26:12 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003dD21F15E1E6EC6673F6D42906CF65FE8D~YAAQbdoHYE0d5YKEAQAAR/hWuhGoyUyysduldNF8mW5Up1emL28TKE7fKPDcLki6oILXEaQj7OUgef/6T1Md6Fg6vp08mJq4gEZhYZc37pdRBzC2k6XN23JrconZU01TPzX529pCxACVF5CwiltXlQf9nUHHCzcp3iuPthGpp6/kKaM4fyxwzQZOuRqrVWkoiIjSQ1HofWkVmLTzpTk4o/nVGwsQScf4bSRLtnt55JhKhUlHHlnOHKWJDs9+6kCRJI+qZKE9FSayH9suQAfgAB41N+Ap7f2eRKGERGdOdoyMZDi26Xx2xlfdH3dQ~4469826~3622197; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dSun, 27 Nov 2022 22:26:12 GMT; Max-Age\u003d14400; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d96",
    "origin; dur\u003d99"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body
{"issuer":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2","authorization_endpoint":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/authorize","token_endpoint":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/token","introspection_endpoint":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/introspect","userinfo_endpoint":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/userinfo","revocation_endpoint":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/revoke","pushed_authorization_request_endpoint":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/par","registration_endpoint":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register","jwks_uri":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/jwks","response_types_supported":["none","code","token","id_token","code token","code id_token","token id_token","code token id_token"],"response_modes_supported":["query","fragment","form_post","jwt","query.jwt","fragment.jwt","form_post.jwt"],"grant_types_supported":["authorization_code","implicit","password","refresh_token","client_credentials"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","private_key_jwt","tls_client_auth"],"authorization_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"authorization_encryption_alg_values_supported":["none","RSA-OAEP","RSA-OAEP-256"],"authorization_encryption_enc_values_supported":["none","A128GCM","A192GCM","A256GCM"],"id_token_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"id_token_encryption_alg_values_supported":["none","RSA-OAEP","RSA-OAEP-256"],"id_token_encryption_enc_values_supported":["none","A128GCM","A192GCM","A256GCM"],"userinfo_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"userinfo_encryption_alg_values_supported":["none","RSA-OAEP","RSA-OAEP-256"],"userinfo_encryption_enc_values_supported":["none","A128GCM","A192GCM","A256GCM"],"token_endpoint_auth_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"request_object_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"],"request_object_encryption_alg_values_supported":["none","RSA-OAEP","RSA-OAEP-256"],"request_object_encryption_enc_values_supported":["none","A128GCM","A192GCM","A256GCM"],"subject_types_supported":["public"],"scopes_supported":["openid","profile","email","phone","address"],"claims_supported":["name","email","given_name","tenantId","employee_id","mobile_number","department","upn","preferred_username","groupIds","family_name","job_title","realmName","uid","iss","acr"],"claim_types_supported":["normal"],"claims_parameter_supported":true,"request_parameter_supported":true,"request_uri_parameter_supported":true,"require_request_uri_registration":true,"tls_client_certificate_bound_access_tokens":true,"mtls_endpoint_aliases":{"introspection_endpoint":"https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/introspect","pushed_authorization_request_endpoint":"https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/par","revocation_endpoint":"https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/revoke","token_endpoint":"https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/token"},"dpop_signing_alg_values_supported":["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"]}
2022-11-27 18:26:12 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
issuer
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2
authorization_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/authorize
token_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/token
introspection_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/introspect
userinfo_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/userinfo
revocation_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/revoke
pushed_authorization_request_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/par
registration_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register
jwks_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/jwks
response_types_supported
[
  "none",
  "code",
  "token",
  "id_token",
  "code token",
  "code id_token",
  "token id_token",
  "code token id_token"
]
response_modes_supported
[
  "query",
  "fragment",
  "form_post",
  "jwt",
  "query.jwt",
  "fragment.jwt",
  "form_post.jwt"
]
grant_types_supported
[
  "authorization_code",
  "implicit",
  "password",
  "refresh_token",
  "client_credentials"
]
token_endpoint_auth_methods_supported
[
  "client_secret_basic",
  "client_secret_post",
  "private_key_jwt",
  "tls_client_auth"
]
authorization_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES384",
  "ES512"
]
authorization_encryption_alg_values_supported
[
  "none",
  "RSA-OAEP",
  "RSA-OAEP-256"
]
authorization_encryption_enc_values_supported
[
  "none",
  "A128GCM",
  "A192GCM",
  "A256GCM"
]
id_token_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES384",
  "ES512"
]
id_token_encryption_alg_values_supported
[
  "none",
  "RSA-OAEP",
  "RSA-OAEP-256"
]
id_token_encryption_enc_values_supported
[
  "none",
  "A128GCM",
  "A192GCM",
  "A256GCM"
]
userinfo_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES384",
  "ES512"
]
userinfo_encryption_alg_values_supported
[
  "none",
  "RSA-OAEP",
  "RSA-OAEP-256"
]
userinfo_encryption_enc_values_supported
[
  "none",
  "A128GCM",
  "A192GCM",
  "A256GCM"
]
token_endpoint_auth_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES384",
  "ES512"
]
request_object_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES384",
  "ES512"
]
request_object_encryption_alg_values_supported
[
  "none",
  "RSA-OAEP",
  "RSA-OAEP-256"
]
request_object_encryption_enc_values_supported
[
  "none",
  "A128GCM",
  "A192GCM",
  "A256GCM"
]
subject_types_supported
[
  "public"
]
scopes_supported
[
  "openid",
  "profile",
  "email",
  "phone",
  "address"
]
claims_supported
[
  "name",
  "email",
  "given_name",
  "tenantId",
  "employee_id",
  "mobile_number",
  "department",
  "upn",
  "preferred_username",
  "groupIds",
  "family_name",
  "job_title",
  "realmName",
  "uid",
  "iss",
  "acr"
]
claim_types_supported
[
  "normal"
]
claims_parameter_supported
true
request_parameter_supported
true
request_uri_parameter_supported
true
require_request_uri_registration
true
tls_client_certificate_bound_access_tokens
true
mtls_endpoint_aliases
{
  "introspection_endpoint": "https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/introspect",
  "pushed_authorization_request_endpoint": "https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/par",
  "revocation_endpoint": "https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/revoke",
  "token_endpoint": "https://fapipoc.rel.vanitytst.cloudidentity.ibm.com/oauth2/token"
}
dpop_signing_alg_values_supported
[
  "RS256",
  "RS384",
  "RS512",
  "PS256",
  "PS384",
  "PS512",
  "ES256",
  "ES384",
  "ES512"
]
2022-11-27 18:26:12 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2022-11-27 18:26:12 SUCCESS
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
registration_endpoint
{
  "testHost": "oidc-conformance.rel.verify.ibmcloudsecurity.com",
  "testPort": 443
}
authorization_endpoint
{
  "testHost": "oidc-conformance.rel.verify.ibmcloudsecurity.com",
  "testPort": 443
}
token_endpoint
{
  "testHost": "oidc-conformance.rel.verify.ibmcloudsecurity.com",
  "testPort": 443
}
userinfo_endpoint
{
  "testHost": "oidc-conformance.rel.verify.ibmcloudsecurity.com",
  "testPort": 443
}
2022-11-27 18:26:12
FetchServerKeys
Fetching server key
jwks_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/jwks
2022-11-27 18:26:12
FetchServerKeys
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/jwks
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2022-11-27 18:26:12 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-frame-options": "SAMEORIGIN",
  "x-content-type-options": "nosniff",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "expires": "0",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AKfa4fe15a-6370-4947-9b18-be9863ae97e6",
  "content-security-policy": "frame-ancestors \u0027self\u0027",
  "x-ua-compatible": "IE\u003dedge",
  "x-global-transaction-id": "efc5c2816383abc4354bdba1",
  "vary": "Accept-Encoding",
  "date": "Sun, 27 Nov 2022 18:26:12 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:khwmXAp4RUxdUcnKlrchtPBVtpzChvUQp+4ssht/wAM\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:57871319; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d337ECD275E9E203B9CB7063F1E31E6A3~-1~YAAQbdoHYF0d5YKEAQAASvlWugg1D4O9Sn4+VT7vw6tonb/XAOXQrj6WubljvVwYHCLJIoDXyLJ1q4m94s3e30AmuNv7NbPeqhEGARiXf9OfTkY68a9vdhSPM7sHcN6Sd2M5UQcjTHUl5cbHhXZOsRUpZBJFFV4zQWDsF+kbC1thYls9vNxgYCAp1CxBvfp0ZBNWZc70Yrmfw8YSDpjLfkk6eCbfGPhAlwMbZyaIkHu22VpK6DVp6mt1geiWloPMPkmOV44Sl5JjPfeQKHW5tM+8PMykygPt3yai8Y5uG4CXev6yj4ZwfkgHki06V2JUaOTfUH9vDCIG5HojDVjwVKz4MUkMFfOAsilwTQhgSq6zOBQO79h5v3WL3UtO2yUwROHTyHE\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 27 Nov 2023 18:26:12 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003dE59EA39F3842B8FEDFD7F492AF6AA8E8~YAAQbdoHYF4d5YKEAQAASvlWuhG2gf5bBPiBrxsQDU9auhteblYiabgn3vSlHQ5MJKXlo8SZjb8NyFjlnP6ZackrFgyUF5J/ZXKR9wjYePHr2jRzebdSXukgixnoK4iWsfkIP3/ighPKqLFWko06SvHDxi97bqlRWTRi2l8BU7/zfa6Ms9MyZkB0TVOAGEmc+eEuEJ80SyHS21ruIT3a0XhUjJF2yoqvE/wgIJXgExLZtdkudO3kVMQlUBm0DyJL6GCNuMiVfauUkAao9ljFEjUMveshiTmxXbULIizQMdO1pvjo+VhCrW4sR6R1~4469826~3622197; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dSun, 27 Nov 2022 22:26:12 GMT; Max-Age\u003d14400; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d90",
    "origin; dur\u003d92"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body
{"keys":[{"kid":"server","kty":"RSA","use":"sig","x5c":["MIIDYDCCAkigAwIBAgIEIFW8uDANBgkqhkiG9w0BAQsFADByMQkwBwYDVQQGEwAxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYDVQQKEwAxCTAHBgNVBAsTADE5MDcGA1UEAxMwb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tMB4XDTIyMTExNDA0NDI0MFoXDTMyMTExMTA0NDI0MFowcjEJMAcGA1UEBhMAMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJMAcGA1UEChMAMQkwBwYDVQQLEwAxOTA3BgNVBAMTMG9pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALBtmxl55OH/ceueSG0bRucWkdCLybhWwz+x9J6IOb8Q89d4lcd7xhdkN+9nYEjqQMDrUEFDj2ajikKlxrJk7tZSkbu5skFuxHUETDhjHBqnNQb1jwhAdYzBPFTyQ9Ii7lm0uYTthnBJKvpvjKPoz7H9Vuu15RNDujq7RF6sDGSIJUTaxbx7EM2Xv37iqfSAjaMCvfLelacNHUfCAoyGeJYXCIOnlg2/KdfoN4QHKw9Dwq12Br2vau/TcvbD8Na4b+Mm/NEf00wFjt+MtbMCDyUFMQbsAuAk2eFS3eABb1VOQ9ZZOOcsXwB4nRewWIVVhJyMEixDXxm73G9oJBUpI6sCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhvvrczfcb1xsYJeEiVtctWlLfHXyKkfyJpIU1nTGdKpd18tPv4OeLMyuJsOFenhJD95UauFwz3AT1zdHShp04JHWTtkb7aezFN4C9fpb97BUR0BheoYzkC6pgZ7M4QkkKE/AKYZfWLahqcbZ6ICmUfXyDJ2mWpXLpLm+l6jh32NF74ho8h4b65cMpDk5mFEp9vf1WgnmaWGtFjVuhAgaS8IrYcDy3DzVrZX/0kCPa0EXng7Xx1IkhUaKz0ajx3ZCmC6HmNa6U+oDKboGq7w1ZfscjOr8nB9M0f5BUAQN1m0nGAR1Ac96BMjfwwS/05lpPLF3Dv5CzOGLuIi0Cws7xA=="],"x5t#S256":"PVCDmVgwC-YE7Q8Bfe_9jJ8izpYjwStjUEYZEe-58Y4","n":"sG2bGXnk4f9x655IbRtG5xaR0IvJuFbDP7H0nog5vxDz13iVx3vGF2Q372dgSOpAwOtQQUOPZqOKQqXGsmTu1lKRu7myQW7EdQRMOGMcGqc1BvWPCEB1jME8VPJD0iLuWbS5hO2GcEkq-m-Mo-jPsf1W67XlE0O6OrtEXqwMZIglRNrFvHsQzZe_fuKp9ICNowK98t6Vpw0dR8ICjIZ4lhcIg6eWDb8p1-g3hAcrD0PCrXYGva9q79Ny9sPw1rhv4yb80R_TTAWO34y1swIPJQUxBuwC4CTZ4VLd4AFvVU5D1lk45yxfAHidF7BYhVWEnIwSLENfGbvcb2gkFSkjqw","e":"AQAB"}]}
2022-11-27 18:26:12
FetchServerKeys
Found JWK set string
jwk_string
{"keys":[{"kid":"server","kty":"RSA","use":"sig","x5c":["MIIDYDCCAkigAwIBAgIEIFW8uDANBgkqhkiG9w0BAQsFADByMQkwBwYDVQQGEwAxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYDVQQKEwAxCTAHBgNVBAsTADE5MDcGA1UEAxMwb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tMB4XDTIyMTExNDA0NDI0MFoXDTMyMTExMTA0NDI0MFowcjEJMAcGA1UEBhMAMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJMAcGA1UEChMAMQkwBwYDVQQLEwAxOTA3BgNVBAMTMG9pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALBtmxl55OH/ceueSG0bRucWkdCLybhWwz+x9J6IOb8Q89d4lcd7xhdkN+9nYEjqQMDrUEFDj2ajikKlxrJk7tZSkbu5skFuxHUETDhjHBqnNQb1jwhAdYzBPFTyQ9Ii7lm0uYTthnBJKvpvjKPoz7H9Vuu15RNDujq7RF6sDGSIJUTaxbx7EM2Xv37iqfSAjaMCvfLelacNHUfCAoyGeJYXCIOnlg2/KdfoN4QHKw9Dwq12Br2vau/TcvbD8Na4b+Mm/NEf00wFjt+MtbMCDyUFMQbsAuAk2eFS3eABb1VOQ9ZZOOcsXwB4nRewWIVVhJyMEixDXxm73G9oJBUpI6sCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhvvrczfcb1xsYJeEiVtctWlLfHXyKkfyJpIU1nTGdKpd18tPv4OeLMyuJsOFenhJD95UauFwz3AT1zdHShp04JHWTtkb7aezFN4C9fpb97BUR0BheoYzkC6pgZ7M4QkkKE/AKYZfWLahqcbZ6ICmUfXyDJ2mWpXLpLm+l6jh32NF74ho8h4b65cMpDk5mFEp9vf1WgnmaWGtFjVuhAgaS8IrYcDy3DzVrZX/0kCPa0EXng7Xx1IkhUaKz0ajx3ZCmC6HmNa6U+oDKboGq7w1ZfscjOr8nB9M0f5BUAQN1m0nGAR1Ac96BMjfwwS/05lpPLF3Dv5CzOGLuIi0Cws7xA=="],"x5t#S256":"PVCDmVgwC-YE7Q8Bfe_9jJ8izpYjwStjUEYZEe-58Y4","n":"sG2bGXnk4f9x655IbRtG5xaR0IvJuFbDP7H0nog5vxDz13iVx3vGF2Q372dgSOpAwOtQQUOPZqOKQqXGsmTu1lKRu7myQW7EdQRMOGMcGqc1BvWPCEB1jME8VPJD0iLuWbS5hO2GcEkq-m-Mo-jPsf1W67XlE0O6OrtEXqwMZIglRNrFvHsQzZe_fuKp9ICNowK98t6Vpw0dR8ICjIZ4lhcIg6eWDb8p1-g3hAcrD0PCrXYGva9q79Ny9sPw1rhv4yb80R_TTAWO34y1swIPJQUxBuwC4CTZ4VLd4AFvVU5D1lk45yxfAHidF7BYhVWEnIwSLENfGbvcb2gkFSkjqw","e":"AQAB"}]}
2022-11-27 18:26:12 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kid": "server",
      "kty": "RSA",
      "use": "sig",
      "x5c": [
        "MIIDYDCCAkigAwIBAgIEIFW8uDANBgkqhkiG9w0BAQsFADByMQkwBwYDVQQGEwAxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYDVQQKEwAxCTAHBgNVBAsTADE5MDcGA1UEAxMwb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tMB4XDTIyMTExNDA0NDI0MFoXDTMyMTExMTA0NDI0MFowcjEJMAcGA1UEBhMAMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJMAcGA1UEChMAMQkwBwYDVQQLEwAxOTA3BgNVBAMTMG9pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALBtmxl55OH/ceueSG0bRucWkdCLybhWwz+x9J6IOb8Q89d4lcd7xhdkN+9nYEjqQMDrUEFDj2ajikKlxrJk7tZSkbu5skFuxHUETDhjHBqnNQb1jwhAdYzBPFTyQ9Ii7lm0uYTthnBJKvpvjKPoz7H9Vuu15RNDujq7RF6sDGSIJUTaxbx7EM2Xv37iqfSAjaMCvfLelacNHUfCAoyGeJYXCIOnlg2/KdfoN4QHKw9Dwq12Br2vau/TcvbD8Na4b+Mm/NEf00wFjt+MtbMCDyUFMQbsAuAk2eFS3eABb1VOQ9ZZOOcsXwB4nRewWIVVhJyMEixDXxm73G9oJBUpI6sCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhvvrczfcb1xsYJeEiVtctWlLfHXyKkfyJpIU1nTGdKpd18tPv4OeLMyuJsOFenhJD95UauFwz3AT1zdHShp04JHWTtkb7aezFN4C9fpb97BUR0BheoYzkC6pgZ7M4QkkKE/AKYZfWLahqcbZ6ICmUfXyDJ2mWpXLpLm+l6jh32NF74ho8h4b65cMpDk5mFEp9vf1WgnmaWGtFjVuhAgaS8IrYcDy3DzVrZX/0kCPa0EXng7Xx1IkhUaKz0ajx3ZCmC6HmNa6U+oDKboGq7w1ZfscjOr8nB9M0f5BUAQN1m0nGAR1Ac96BMjfwwS/05lpPLF3Dv5CzOGLuIi0Cws7xA\u003d\u003d"
      ],
      "x5t#S256": "PVCDmVgwC-YE7Q8Bfe_9jJ8izpYjwStjUEYZEe-58Y4",
      "n": "sG2bGXnk4f9x655IbRtG5xaR0IvJuFbDP7H0nog5vxDz13iVx3vGF2Q372dgSOpAwOtQQUOPZqOKQqXGsmTu1lKRu7myQW7EdQRMOGMcGqc1BvWPCEB1jME8VPJD0iLuWbS5hO2GcEkq-m-Mo-jPsf1W67XlE0O6OrtEXqwMZIglRNrFvHsQzZe_fuKp9ICNowK98t6Vpw0dR8ICjIZ4lhcIg6eWDb8p1-g3hAcrD0PCrXYGva9q79Ny9sPw1rhv4yb80R_TTAWO34y1swIPJQUxBuwC4CTZ4VLd4AFvVU5D1lk45yxfAHidF7BYhVWEnIwSLENfGbvcb2gkFSkjqw",
      "e": "AQAB"
    }
  ]
}
2022-11-27 18:26:12 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kid": "server",
      "kty": "RSA",
      "use": "sig",
      "x5c": [
        "MIIDYDCCAkigAwIBAgIEIFW8uDANBgkqhkiG9w0BAQsFADByMQkwBwYDVQQGEwAxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYDVQQKEwAxCTAHBgNVBAsTADE5MDcGA1UEAxMwb2lkYy1jb25mb3JtYW5jZS5yZWwudmVyaWZ5LmlibWNsb3Vkc2VjdXJpdHkuY29tMB4XDTIyMTExNDA0NDI0MFoXDTMyMTExMTA0NDI0MFowcjEJMAcGA1UEBhMAMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEJMAcGA1UEChMAMQkwBwYDVQQLEwAxOTA3BgNVBAMTMG9pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALBtmxl55OH/ceueSG0bRucWkdCLybhWwz+x9J6IOb8Q89d4lcd7xhdkN+9nYEjqQMDrUEFDj2ajikKlxrJk7tZSkbu5skFuxHUETDhjHBqnNQb1jwhAdYzBPFTyQ9Ii7lm0uYTthnBJKvpvjKPoz7H9Vuu15RNDujq7RF6sDGSIJUTaxbx7EM2Xv37iqfSAjaMCvfLelacNHUfCAoyGeJYXCIOnlg2/KdfoN4QHKw9Dwq12Br2vau/TcvbD8Na4b+Mm/NEf00wFjt+MtbMCDyUFMQbsAuAk2eFS3eABb1VOQ9ZZOOcsXwB4nRewWIVVhJyMEixDXxm73G9oJBUpI6sCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhvvrczfcb1xsYJeEiVtctWlLfHXyKkfyJpIU1nTGdKpd18tPv4OeLMyuJsOFenhJD95UauFwz3AT1zdHShp04JHWTtkb7aezFN4C9fpb97BUR0BheoYzkC6pgZ7M4QkkKE/AKYZfWLahqcbZ6ICmUfXyDJ2mWpXLpLm+l6jh32NF74ho8h4b65cMpDk5mFEp9vf1WgnmaWGtFjVuhAgaS8IrYcDy3DzVrZX/0kCPa0EXng7Xx1IkhUaKz0ajx3ZCmC6HmNa6U+oDKboGq7w1ZfscjOr8nB9M0f5BUAQN1m0nGAR1Ac96BMjfwwS/05lpPLF3Dv5CzOGLuIi0Cws7xA\u003d\u003d"
      ],
      "x5t#S256": "PVCDmVgwC-YE7Q8Bfe_9jJ8izpYjwStjUEYZEe-58Y4",
      "n": "sG2bGXnk4f9x655IbRtG5xaR0IvJuFbDP7H0nog5vxDz13iVx3vGF2Q372dgSOpAwOtQQUOPZqOKQqXGsmTu1lKRu7myQW7EdQRMOGMcGqc1BvWPCEB1jME8VPJD0iLuWbS5hO2GcEkq-m-Mo-jPsf1W67XlE0O6OrtEXqwMZIglRNrFvHsQzZe_fuKp9ICNowK98t6Vpw0dR8ICjIZ4lhcIg6eWDb8p1-g3hAcrD0PCrXYGva9q79Ny9sPw1rhv4yb80R_TTAWO34y1swIPJQUxBuwC4CTZ4VLd4AFvVU5D1lk45yxfAHidF7BYhVWEnIwSLENfGbvcb2gkFSkjqw",
      "e": "AQAB"
    }
  ]
}
2022-11-27 18:26:12 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2022-11-27 18:26:12 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2022-11-27 18:26:12 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2022-11-27 18:26:12 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2022-11-27 18:26:12
StoreOriginalClientConfiguration
Created original_client_config object from the client configuration.
client_name
Ristretto Core Conformance Test Dynamic Client One
2022-11-27 18:26:12
ExtractClientNameFromStoredConfig
Extracted client_name from stored client configuration.
client_name
Ristretto Core Conformance Test Dynamic Client One
2022-11-27 18:26:13 SUCCESS
GenerateRS256ClientJWKs
Generated client JWKs
client_jwks
{
  "keys": [
    {
      "p": "1avpc4beminPIVwGgCJRV7dtz7Y3hUUgm3iZ3OVWTT-iJzAZSt6tAYbLVqhRxWVjX7GdiZZb6zE36IB8TZpWXEHAwko4Vu1Ar2GvKHiPJlLR4gv28bmzMmoY920hKC2RFhSJFojP6q2ESM7IdOiL1NOtc72aCPVZ3YFz0Tb-ybU",
      "kty": "RSA",
      "q": "w4kYJtuj-vEqVK83WA1rpWiRxxpwG6c7AYwkK3lRhaueq2Gd2VEgkBpIDg8zv09QtIrwpkQxNXrp3-lSTIrRCZ2S43IiW1N9qQMgszAtVNwpuTLLnxLOpyIdLgNGJx-Tj2xYsG6xl8o1FKyglxepva9rdyZE7T889UF9GWA1_N0",
      "d": "Nwen_ZH6fotCr8-X3YbmoBiOx5HrIlsVIhMCwRftiB2U6hpFgLISwvh0LLdvFxakIKDa5oo0YoMCipHBKFueFKpkcbZ5g6cQNt-Eg09qm84mEK3Ppx2h8-73G1CZgAyepEPxNl1fvlCKrH87P9Ey_4L_0oxTjalUix-6awbQ_cxIRQyfuMDoXbZmD0jTm3sVtDZj4w7dnu2w0Fy96nUPUnpltqkU0_EQaN3lvgTzW4mN2vXebYpA323I8Z6Pp0P-Xyv7GoUuqiRkNBjnQcitF-8TzkME5b5t-YhmXRoRG7hKnZsgOXbYcX8_hjHRsjEL3IQhcOrAcJ2URG0kQnVEYQ",
      "e": "AQAB",
      "use": "sig",
      "qi": "cGPNkUj4-rkx2TIYtGw9O58eiOcPk5K9uWCjqvxi-HMWhCyvvueLM9tQG36RkN5leKa8XIbel_eIJe0N62xUxojs5PZEdxterfk8r_XSvFGKf-hWXApqLTHBNH1SI-UIOB6S199B_POo3-HXspEIHAI0Uik2X8qO1zpH7Fo_zhI",
      "dp": "RJ0IwU1c7Bpi5i578-eRQV6ox5uW5pfVKbeniPSoKvQ1KOpcJNuuqJ_VagVxBLdTGuaZVRZQfAz5DBM-V1kpRETlFj7pKpjTPb5bld5o8YCE31bCPMtKDPVfAQ0tKY7AWVvMzcyvH4gKw6qLWmdWh8hVmaYX8ap_6g5o15UWakU",
      "alg": "RS256",
      "dq": "RcPpaRve0w8u8k4d6f3H1ZmMwcROEZ_GLtQop5Y-nvnPwAgxQLNwcdnesZ188hpDilc0a65S_GjhfzGJWqQA13RwT1SOq5ULdb0W8rgSxH9VJ63W9ufH8dv7G0qxwg3DIV4f-rtUA_tymvDIz3_y4Snwpu9xklCI2FzIXMB2IsU",
      "n": "ozRf-3tJJvfhutecnaGQFGE0zggMSHQepLyn4zVMEOdKQTCJGvD06fTqQeO7H4HnA8m7Ra78phJ0g77MPZfzZijuIzSELv6Vyko6X6SYZmsEvHWcwKVxVxrXpFaGQG-RuS1z2eSXeowAbdh4SP06pnkTgOTM13C-yHc_iiC3L3LxzK8swzoZFgxXdNvHOt4cmq6c4Qtbqs2mlpDsw_y25tMYCy3hE5TOv-UPuumOoMnIJ2ASj4Na2O0fdEwOgB0DiAFCgatRGGT8BciNWqd6AkpzA-VVVOANxXe86mVjnlhpPQPzRhYMYGl3H9BJ-roIdooTtCrJwktNBu_P6vtNQQ"
    }
  ]
}
public_client_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS256",
      "n": "ozRf-3tJJvfhutecnaGQFGE0zggMSHQepLyn4zVMEOdKQTCJGvD06fTqQeO7H4HnA8m7Ra78phJ0g77MPZfzZijuIzSELv6Vyko6X6SYZmsEvHWcwKVxVxrXpFaGQG-RuS1z2eSXeowAbdh4SP06pnkTgOTM13C-yHc_iiC3L3LxzK8swzoZFgxXdNvHOt4cmq6c4Qtbqs2mlpDsw_y25tMYCy3hE5TOv-UPuumOoMnIJ2ASj4Na2O0fdEwOgB0DiAFCgatRGGT8BciNWqd6AkpzA-VVVOANxXe86mVjnlhpPQPzRhYMYGl3H9BJ-roIdooTtCrJwktNBu_P6vtNQQ"
    }
  ]
}
2022-11-27 18:26:13 SUCCESS
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2022-11-27 18:26:13
CreateEmptyDynamicRegistrationRequest
Created empty dynamic registration request
2022-11-27 18:26:13
AddClientNameToDynamicRegistrationRequest
Added client_name to registration request
client_name
Ristretto Core Conformance Test Dynamic Client One njTuOdQRVqRGfTE
2022-11-27 18:26:13
AddAuthorizationCodeGrantTypeToDynamicRegistrationRequest
Added 'authorization_code' to 'grant_types'
grant_types
[
  "authorization_code"
]
2022-11-27 18:26:13
AddImplicitGrantTypeToDynamicRegistrationRequest
Added 'implicit' to 'grant_types'
grant_types
[
  "authorization_code",
  "implicit"
]
2022-11-27 18:26:13
AddPublicJwksToDynamicRegistrationRequest
Added client public JWKS to dynamic registration request
dynamic_registration_request
{
  "client_name": "Ristretto Core Conformance Test Dynamic Client One njTuOdQRVqRGfTE",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ozRf-3tJJvfhutecnaGQFGE0zggMSHQepLyn4zVMEOdKQTCJGvD06fTqQeO7H4HnA8m7Ra78phJ0g77MPZfzZijuIzSELv6Vyko6X6SYZmsEvHWcwKVxVxrXpFaGQG-RuS1z2eSXeowAbdh4SP06pnkTgOTM13C-yHc_iiC3L3LxzK8swzoZFgxXdNvHOt4cmq6c4Qtbqs2mlpDsw_y25tMYCy3hE5TOv-UPuumOoMnIJ2ASj4Na2O0fdEwOgB0DiAFCgatRGGT8BciNWqd6AkpzA-VVVOANxXe86mVjnlhpPQPzRhYMYGl3H9BJ-roIdooTtCrJwktNBu_P6vtNQQ"
      }
    ]
  }
}
2022-11-27 18:26:13
AddTokenEndpointAuthMethodToDynamicRegistrationRequestFromEnvironment
Added token endpoint auth method to dynamic registration request
dynamic_registration_request
{
  "client_name": "Ristretto Core Conformance Test Dynamic Client One njTuOdQRVqRGfTE",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ozRf-3tJJvfhutecnaGQFGE0zggMSHQepLyn4zVMEOdKQTCJGvD06fTqQeO7H4HnA8m7Ra78phJ0g77MPZfzZijuIzSELv6Vyko6X6SYZmsEvHWcwKVxVxrXpFaGQG-RuS1z2eSXeowAbdh4SP06pnkTgOTM13C-yHc_iiC3L3LxzK8swzoZFgxXdNvHOt4cmq6c4Qtbqs2mlpDsw_y25tMYCy3hE5TOv-UPuumOoMnIJ2ASj4Na2O0fdEwOgB0DiAFCgatRGGT8BciNWqd6AkpzA-VVVOANxXe86mVjnlhpPQPzRhYMYGl3H9BJ-roIdooTtCrJwktNBu_P6vtNQQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic"
}
2022-11-27 18:26:13
AddResponseTypesArrayToDynamicRegistrationRequestFromEnvironment
Added response_types array to dynamic registration request
dynamic_registration_request
{
  "client_name": "Ristretto Core Conformance Test Dynamic Client One njTuOdQRVqRGfTE",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ozRf-3tJJvfhutecnaGQFGE0zggMSHQepLyn4zVMEOdKQTCJGvD06fTqQeO7H4HnA8m7Ra78phJ0g77MPZfzZijuIzSELv6Vyko6X6SYZmsEvHWcwKVxVxrXpFaGQG-RuS1z2eSXeowAbdh4SP06pnkTgOTM13C-yHc_iiC3L3LxzK8swzoZFgxXdNvHOt4cmq6c4Qtbqs2mlpDsw_y25tMYCy3hE5TOv-UPuumOoMnIJ2ASj4Na2O0fdEwOgB0DiAFCgatRGGT8BciNWqd6AkpzA-VVVOANxXe86mVjnlhpPQPzRhYMYGl3H9BJ-roIdooTtCrJwktNBu_P6vtNQQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code id_token token"
  ]
}
2022-11-27 18:26:13
AddRedirectUriToDynamicRegistrationRequest
Added redirect_uris array to dynamic registration request
dynamic_registration_request
{
  "client_name": "Ristretto Core Conformance Test Dynamic Client One njTuOdQRVqRGfTE",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ozRf-3tJJvfhutecnaGQFGE0zggMSHQepLyn4zVMEOdKQTCJGvD06fTqQeO7H4HnA8m7Ra78phJ0g77MPZfzZijuIzSELv6Vyko6X6SYZmsEvHWcwKVxVxrXpFaGQG-RuS1z2eSXeowAbdh4SP06pnkTgOTM13C-yHc_iiC3L3LxzK8swzoZFgxXdNvHOt4cmq6c4Qtbqs2mlpDsw_y25tMYCy3hE5TOv-UPuumOoMnIJ2ASj4Na2O0fdEwOgB0DiAFCgatRGGT8BciNWqd6AkpzA-VVVOANxXe86mVjnlhpPQPzRhYMYGl3H9BJ-roIdooTtCrJwktNBu_P6vtNQQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code id_token token"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback"
  ]
}
2022-11-27 18:26:13
AddContactsToDynamicRegistrationRequest
Added contacts array to dynamic registration request
dynamic_registration_request
{
  "client_name": "Ristretto Core Conformance Test Dynamic Client One njTuOdQRVqRGfTE",
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "jwks": {
    "keys": [
      {
        "kty": "RSA",
        "e": "AQAB",
        "use": "sig",
        "alg": "RS256",
        "n": "ozRf-3tJJvfhutecnaGQFGE0zggMSHQepLyn4zVMEOdKQTCJGvD06fTqQeO7H4HnA8m7Ra78phJ0g77MPZfzZijuIzSELv6Vyko6X6SYZmsEvHWcwKVxVxrXpFaGQG-RuS1z2eSXeowAbdh4SP06pnkTgOTM13C-yHc_iiC3L3LxzK8swzoZFgxXdNvHOt4cmq6c4Qtbqs2mlpDsw_y25tMYCy3hE5TOv-UPuumOoMnIJ2ASj4Na2O0fdEwOgB0DiAFCgatRGGT8BciNWqd6AkpzA-VVVOANxXe86mVjnlhpPQPzRhYMYGl3H9BJ-roIdooTtCrJwktNBu_P6vtNQQ"
      }
    ]
  },
  "token_endpoint_auth_method": "client_secret_basic",
  "response_types": [
    "code id_token token"
  ],
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback"
  ],
  "contacts": [
    "certification@oidf.org"
  ]
}
2022-11-27 18:26:13
CallDynamicRegistrationEndpoint
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register
request_method
POST
request_headers
{
  "accept": "application/json",
  "accept-charset": "utf-8",
  "content-type": "application/json",
  "content-length": "775"
}
request_body
{"client_name":"Ristretto Core Conformance Test Dynamic Client One njTuOdQRVqRGfTE","grant_types":["authorization_code","implicit"],"jwks":{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS256","n":"ozRf-3tJJvfhutecnaGQFGE0zggMSHQepLyn4zVMEOdKQTCJGvD06fTqQeO7H4HnA8m7Ra78phJ0g77MPZfzZijuIzSELv6Vyko6X6SYZmsEvHWcwKVxVxrXpFaGQG-RuS1z2eSXeowAbdh4SP06pnkTgOTM13C-yHc_iiC3L3LxzK8swzoZFgxXdNvHOt4cmq6c4Qtbqs2mlpDsw_y25tMYCy3hE5TOv-UPuumOoMnIJ2ASj4Na2O0fdEwOgB0DiAFCgatRGGT8BciNWqd6AkpzA-VVVOANxXe86mVjnlhpPQPzRhYMYGl3H9BJ-roIdooTtCrJwktNBu_P6vtNQQ"}]},"token_endpoint_auth_method":"client_secret_basic","response_types":["code id_token token"],"redirect_uris":["https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback"],"contacts":["certification@oidf.org"]}
2022-11-27 18:26:15 RESPONSE
CallDynamicRegistrationEndpoint
HTTP response
response_status_code
201 CREATED
response_status_text
Created
response_headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-content-type-options": "nosniff",
  "cache-control": "no-store",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK4e7f41d0-caf7-41b8-8458-a0c4ac1968cb",
  "pragma": "no-cache",
  "x-global-transaction-id": "efc5c2816383abc5354bdcc1",
  "content-length": "1443",
  "date": "Sun, 27 Nov 2022 18:26:15 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:NGPdpDIkM4OnolsIkTxExW++zkaGWn+s6Um2mVLF3hk\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:61017047; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d80D819760B1411D507C720F5A9DDBCF8~-1~YAAQbdoHYNUd5YKEAQAA6wJXughGedjpE+4bxG2XQ7zizzIzns2y8phNGApDx4qpavZv/dh0B+b5vVmNKvYXRKC78PSQDLx+W1zqMnbCFpCFH/22+K2btXAjluxHwbT90k+TIXqGqM9gqLYZo1haJX9VXwGWN9Pq7mHnMpT5zxOM8K92Uv/VpsB5+rE6wK1oMKL60nWklp7YWwyk8D4+c/kunL011PZpy2/hUkNK3iKKpeVGmIilNYtbt7I8VLvS9TxH9I4LNL1/fZRmM+4f8vFpKS2y33NM6q1DfHDlEuSTEZELYJh9dGnRSvngPd6Fc815z3sWdYq4Zb3jDU9f4ssQOceGAmYZSz6XHSnxDiroVgbUGgc81NBgLiJW8sXC9Id7BIY\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 27 Nov 2023 18:26:15 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d3EF9B0E109231FF24F26A26FF446A92F~YAAQbdoHYNYd5YKEAQAA6wJXuhHBpIvBtN/a5Gpe6j6+T5e4mKLgdzfupleQ+2cqholnX4lJFTYeuaN0oit9XKwWBLWmBtNZ48oQ5iZnYe6xkvO892VGkk5kA9b15YmBvOul3gunJJC45Qmbh0L6eJ/Xs5iiIZse1FXwu5miM4iC20bGy3J5EAO8IqKALxTjXZWS+CRrN90U5EZH450egjfzix7cHfcBxppm2pUjK7ioHkbbB9ThDccUrJ3Ebd1ooZ6Y80t2MADKH5Xkb4UkoxFUrsRH3B2Wq9syVlypBHT0Wosy2mbqWP1M/vaE~3355445~4337985; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dSun, 27 Nov 2022 22:26:13 GMT; Max-Age\u003d14398; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d102",
    "origin; dur\u003d2204"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body
{"all_users_entitled":true,"client_id":"8ac2aa19-9b6a-484b-89ab-23235a2e3b09","client_id_issued_at":"2022-11-27T18:26:13Z","client_name":"Ristretto Core Conformance Test Dynamic Client One njTuOdQRVqRGfTE","client_secret":"yyjZYztRoW","client_secret_expires_at":0,"consent_action":"always_prompt","enforce_pkce":false,"grant_types":["authorization_code","implicit"],"id_token_map":[],"id_token_signed_response_alg":"RS256","initiate_login_uri":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com","jwks":{"keys":[{"use":"sig","kty":"RSA","alg":"RS256","n":"ozRf-3tJJvfhutecnaGQFGE0zggMSHQepLyn4zVMEOdKQTCJGvD06fTqQeO7H4HnA8m7Ra78phJ0g77MPZfzZijuIzSELv6Vyko6X6SYZmsEvHWcwKVxVxrXpFaGQG-RuS1z2eSXeowAbdh4SP06pnkTgOTM13C-yHc_iiC3L3LxzK8swzoZFgxXdNvHOt4cmq6c4Qtbqs2mlpDsw_y25tMYCy3hE5TOv-UPuumOoMnIJ2ASj4Na2O0fdEwOgB0DiAFCgatRGGT8BciNWqd6AkpzA-VVVOANxXe86mVjnlhpPQPzRhYMYGl3H9BJ-roIdooTtCrJwktNBu_P6vtNQQ","e":"AQAB"}]},"redirect_uris":["https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback"],"registration_access_token":"B67ilxckjuOJXJHrKklV6aiX2dAtAelj9BpZOQScdLs.025yzPLwFiNrh1y85Gl7PlMPBMDbkGvFYDNPpM3nixFXwI5GDYC6wrNZV_9SUNBoIrKP730D8UQhSqrWM_lw_w.M18xNjY5NTczNTc1XzE4","registration_client_uri":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register/8ac2aa19-9b6a-484b-89ab-23235a2e3b09","response_types":["code token id_token"],"token_endpoint_auth_method":"client_secret_basic","token_map":[]}
2022-11-27 18:26:15
CallDynamicRegistrationEndpoint
Parsed registration endpoint response
status
201
endpoint_name
dynamic registration
headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-content-type-options": "nosniff",
  "cache-control": "no-store",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK4e7f41d0-caf7-41b8-8458-a0c4ac1968cb",
  "pragma": "no-cache",
  "x-global-transaction-id": "efc5c2816383abc5354bdcc1",
  "content-length": "1443",
  "date": "Sun, 27 Nov 2022 18:26:15 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:NGPdpDIkM4OnolsIkTxExW++zkaGWn+s6Um2mVLF3hk\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:61017047; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d80D819760B1411D507C720F5A9DDBCF8~-1~YAAQbdoHYNUd5YKEAQAA6wJXughGedjpE+4bxG2XQ7zizzIzns2y8phNGApDx4qpavZv/dh0B+b5vVmNKvYXRKC78PSQDLx+W1zqMnbCFpCFH/22+K2btXAjluxHwbT90k+TIXqGqM9gqLYZo1haJX9VXwGWN9Pq7mHnMpT5zxOM8K92Uv/VpsB5+rE6wK1oMKL60nWklp7YWwyk8D4+c/kunL011PZpy2/hUkNK3iKKpeVGmIilNYtbt7I8VLvS9TxH9I4LNL1/fZRmM+4f8vFpKS2y33NM6q1DfHDlEuSTEZELYJh9dGnRSvngPd6Fc815z3sWdYq4Zb3jDU9f4ssQOceGAmYZSz6XHSnxDiroVgbUGgc81NBgLiJW8sXC9Id7BIY\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 27 Nov 2023 18:26:15 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d3EF9B0E109231FF24F26A26FF446A92F~YAAQbdoHYNYd5YKEAQAA6wJXuhHBpIvBtN/a5Gpe6j6+T5e4mKLgdzfupleQ+2cqholnX4lJFTYeuaN0oit9XKwWBLWmBtNZ48oQ5iZnYe6xkvO892VGkk5kA9b15YmBvOul3gunJJC45Qmbh0L6eJ/Xs5iiIZse1FXwu5miM4iC20bGy3J5EAO8IqKALxTjXZWS+CRrN90U5EZH450egjfzix7cHfcBxppm2pUjK7ioHkbbB9ThDccUrJ3Ebd1ooZ6Y80t2MADKH5Xkb4UkoxFUrsRH3B2Wq9syVlypBHT0Wosy2mbqWP1M/vaE~3355445~4337985; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dSun, 27 Nov 2022 22:26:13 GMT; Max-Age\u003d14398; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d102",
    "origin; dur\u003d2204"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
body
{"all_users_entitled":true,"client_id":"8ac2aa19-9b6a-484b-89ab-23235a2e3b09","client_id_issued_at":"2022-11-27T18:26:13Z","client_name":"Ristretto Core Conformance Test Dynamic Client One njTuOdQRVqRGfTE","client_secret":"yyjZYztRoW","client_secret_expires_at":0,"consent_action":"always_prompt","enforce_pkce":false,"grant_types":["authorization_code","implicit"],"id_token_map":[],"id_token_signed_response_alg":"RS256","initiate_login_uri":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com","jwks":{"keys":[{"use":"sig","kty":"RSA","alg":"RS256","n":"ozRf-3tJJvfhutecnaGQFGE0zggMSHQepLyn4zVMEOdKQTCJGvD06fTqQeO7H4HnA8m7Ra78phJ0g77MPZfzZijuIzSELv6Vyko6X6SYZmsEvHWcwKVxVxrXpFaGQG-RuS1z2eSXeowAbdh4SP06pnkTgOTM13C-yHc_iiC3L3LxzK8swzoZFgxXdNvHOt4cmq6c4Qtbqs2mlpDsw_y25tMYCy3hE5TOv-UPuumOoMnIJ2ASj4Na2O0fdEwOgB0DiAFCgatRGGT8BciNWqd6AkpzA-VVVOANxXe86mVjnlhpPQPzRhYMYGl3H9BJ-roIdooTtCrJwktNBu_P6vtNQQ","e":"AQAB"}]},"redirect_uris":["https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback"],"registration_access_token":"B67ilxckjuOJXJHrKklV6aiX2dAtAelj9BpZOQScdLs.025yzPLwFiNrh1y85Gl7PlMPBMDbkGvFYDNPpM3nixFXwI5GDYC6wrNZV_9SUNBoIrKP730D8UQhSqrWM_lw_w.M18xNjY5NTczNTc1XzE4","registration_client_uri":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register/8ac2aa19-9b6a-484b-89ab-23235a2e3b09","response_types":["code token id_token"],"token_endpoint_auth_method":"client_secret_basic","token_map":[]}
body_json
{
  "all_users_entitled": true,
  "client_id": "8ac2aa19-9b6a-484b-89ab-23235a2e3b09",
  "client_id_issued_at": "2022-11-27T18:26:13Z",
  "client_name": "Ristretto Core Conformance Test Dynamic Client One njTuOdQRVqRGfTE",
  "client_secret": "yyjZYztRoW",
  "client_secret_expires_at": 0,
  "consent_action": "always_prompt",
  "enforce_pkce": false,
  "grant_types": [
    "authorization_code",
    "implicit"
  ],
  "id_token_map": [],
  "id_token_signed_response_alg": "RS256",
  "initiate_login_uri": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com",
  "jwks": {
    "keys": [
      {
        "use": "sig",
        "kty": "RSA",
        "alg": "RS256",
        "n": "ozRf-3tJJvfhutecnaGQFGE0zggMSHQepLyn4zVMEOdKQTCJGvD06fTqQeO7H4HnA8m7Ra78phJ0g77MPZfzZijuIzSELv6Vyko6X6SYZmsEvHWcwKVxVxrXpFaGQG-RuS1z2eSXeowAbdh4SP06pnkTgOTM13C-yHc_iiC3L3LxzK8swzoZFgxXdNvHOt4cmq6c4Qtbqs2mlpDsw_y25tMYCy3hE5TOv-UPuumOoMnIJ2ASj4Na2O0fdEwOgB0DiAFCgatRGGT8BciNWqd6AkpzA-VVVOANxXe86mVjnlhpPQPzRhYMYGl3H9BJ-roIdooTtCrJwktNBu_P6vtNQQ",
        "e": "AQAB"
      }
    ]
  },
  "redirect_uris": [
    "https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback"
  ],
  "registration_access_token": "B67ilxckjuOJXJHrKklV6aiX2dAtAelj9BpZOQScdLs.025yzPLwFiNrh1y85Gl7PlMPBMDbkGvFYDNPpM3nixFXwI5GDYC6wrNZV_9SUNBoIrKP730D8UQhSqrWM_lw_w.M18xNjY5NTczNTc1XzE4",
  "registration_client_uri": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register/8ac2aa19-9b6a-484b-89ab-23235a2e3b09",
  "response_types": [
    "code token id_token"
  ],
  "token_endpoint_auth_method": "client_secret_basic",
  "token_map": []
}
2022-11-27 18:26:15 SUCCESS
EnsureContentTypeJson
endpoint_response Content-Type: header is application/json
2022-11-27 18:26:15 SUCCESS
EnsureHttpStatusCodeIs201
dynamic registration endpoint returned the expected http status
expected_status
201
http_status
201
2022-11-27 18:26:15 SUCCESS
CheckNoErrorFromDynamicRegistrationEndpoint
Dynamic registration endpoint did not return an error.
2022-11-27 18:26:15 SUCCESS
ExtractDynamicRegistrationResponse
Extracted client from dynamic registration response
client_id
8ac2aa19-9b6a-484b-89ab-23235a2e3b09
2022-11-27 18:26:15 SUCCESS
VerifyClientManagementCredentials
Verified dynamic registration management credentials
registration_client_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register/8ac2aa19-9b6a-484b-89ab-23235a2e3b09
registration_access_token
B67ilxckjuOJXJHrKklV6aiX2dAtAelj9BpZOQScdLs.025yzPLwFiNrh1y85Gl7PlMPBMDbkGvFYDNPpM3nixFXwI5GDYC6wrNZV_9SUNBoIrKP730D8UQhSqrWM_lw_w.M18xNjY5NTczNTc1XzE4
2022-11-27 18:26:15
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
2022-11-27 18:26:15 SUCCESS
EnsureServerConfigurationSupportsClientSecretBasic
Contents of 'token_endpoint_auth_methods_supported' in discovery document matches expectations.
actual
[
  "client_secret_basic",
  "client_secret_post",
  "private_key_jwt",
  "tls_client_auth"
]
expected
[
  "client_secret_basic"
]
minimum_matches_required
1
2022-11-27 18:26:15 SUCCESS
SetProtectedResourceUrlToUserInfoEndpoint
userinfo_endpoint will be used to test access token. The user info is not a mandatory to implement feature in the OpenID Connect specification, but is mandatory for certification.
protected_resource_url
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/userinfo
2022-11-27 18:26:15
oidcc-max-age-1
Setup Done
Make request to authorization endpoint
2022-11-27 18:26:15 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
8ac2aa19-9b6a-484b-89ab-23235a2e3b09
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback
scope
openid
2022-11-27 18:26:15
CreateRandomStateValue
Created state value
requested_state_length
10
state
SnXWL6NbQ9
2022-11-27 18:26:15 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
8ac2aa19-9b6a-484b-89ab-23235a2e3b09
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback
scope
openid
state
SnXWL6NbQ9
2022-11-27 18:26:15
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
GzYpLm6H2S
2022-11-27 18:26:15 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
8ac2aa19-9b6a-484b-89ab-23235a2e3b09
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback
scope
openid
state
SnXWL6NbQ9
nonce
GzYpLm6H2S
2022-11-27 18:26:15 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
8ac2aa19-9b6a-484b-89ab-23235a2e3b09
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback
scope
openid
state
SnXWL6NbQ9
nonce
GzYpLm6H2S
response_type
code id_token token
2022-11-27 18:26:15 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
auth_request
{
  "client_id": "8ac2aa19-9b6a-484b-89ab-23235a2e3b09",
  "redirect_uri": "https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback",
  "scope": "openid",
  "state": "SnXWL6NbQ9",
  "nonce": "GzYpLm6H2S",
  "response_type": "code id_token token"
}
redirect_to_authorization_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/authorize?client_id=8ac2aa19-9b6a-484b-89ab-23235a2e3b09&redirect_uri=https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback&scope=openid&state=SnXWL6NbQ9&nonce=GzYpLm6H2S&response_type=code%20id_token%20token
2022-11-27 18:26:15 REDIRECT
oidcc-max-age-1
Redirecting to authorization endpoint
redirect_to
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/authorize?client_id=8ac2aa19-9b6a-484b-89ab-23235a2e3b09&redirect_uri=https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback&scope=openid&state=SnXWL6NbQ9&nonce=GzYpLm6H2S&response_type=code%20id_token%20token
2022-11-27 18:26:20 INCOMING
oidcc-max-age-1
Incoming HTTP request to /test/a/isv_op_oidc_core_test/callback
incoming_headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "sec-ch-ua-mobile": "?0",
  "sec-ch-ua-platform": "\"Windows\"",
  "referer": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9,zh-CN;q\u003d0.8,zh;q\u003d0.7",
  "cookie": "__utmz\u003d201319536.1668662898.14.3.utmcsr\u003dcertification.openid.net|utmccn\u003d(referral)|utmcmd\u003dreferral|utmcct\u003d/; __utmc\u003d201319536; __utma\u003d201319536.1094656506.1667372526.1669169819.1669192421.17; JSESSIONID\u003dA99EA218D2554846F38BDDE459E8C220",
  "connection": "close"
}
incoming_path
/test/a/isv_op_oidc_core_test/callback
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{}
incoming_body
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json
2022-11-27 18:26:20 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/pDhGDd6TIOyDqDNal5W2",
  "fullUrl": "https://www.certification.openid.net/test/a/isv_op_oidc_core_test/implicit/pDhGDd6TIOyDqDNal5W2"
}
2022-11-27 18:26:20 OUTGOING
oidcc-max-age-1
Response to HTTP request to test instance njTuOdQRVqRGfTE
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/isv_op_oidc_core_test/implicit/pDhGDd6TIOyDqDNal5W2, returnUrl=/log-detail.html?log=njTuOdQRVqRGfTE}]
outgoing_path
callback
2022-11-27 18:26:21 INCOMING
oidcc-max-age-1
Incoming HTTP request to /test/a/isv_op_oidc_core_test/implicit/pDhGDd6TIOyDqDNal5W2
incoming_headers
{
  "host": "www.certification.openid.net",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "accept": "*/*",
  "content-type": "text/plain",
  "x-requested-with": "XMLHttpRequest",
  "sec-ch-ua-mobile": "?0",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "sec-ch-ua-platform": "\"Windows\"",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9,zh-CN;q\u003d0.8,zh;q\u003d0.7",
  "cookie": "__utmz\u003d201319536.1668662898.14.3.utmcsr\u003dcertification.openid.net|utmccn\u003d(referral)|utmcmd\u003dreferral|utmcct\u003d/; __utmc\u003d201319536; __utma\u003d201319536.1094656506.1667372526.1669169819.1669192421.17; JSESSIONID\u003dA99EA218D2554846F38BDDE459E8C220",
  "connection": "close",
  "content-length": "1537"
}
incoming_path
/test/a/isv_op_oidc_core_test/implicit/pDhGDd6TIOyDqDNal5W2
incoming_body_form_params
incoming_method
POST
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{}
incoming_body
#access_token=sX0LtnnzZFRxvTDK3WtzKOytaivh1lCsdUdv69-w05g.zSCeS7umYRdivq7K5LYWpX1WzLOvGlhUBMfyGoYEvQMc3XuNAPpb4d__Zeq4luHyYq1ACcsZLYMzApnNR6ntLw.M18xNjY5NTczNTgwXzE4&code=QZWVxuwcytqKbulGUdFF-zmBE47JETmHed5wQl-qfDk.qowud3FCCR6Pkx-PXWQq6vxV2qqSutsrku-ULaUiRqF6uc0zdPhQIUdt21GhczzGYJ-pkYrFvdFeLzfhHrsAPQ&expires_in=7199&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJaNU83SWVSeE5XbGlDVFdOSUlVazBBIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM1MDIsImNfaGFzaCI6IkhaSWpnbklfTVUxYzZwYlVqaUliV3ciLCJleHAiOjE2Njk1ODA3ODAsImlhdCI6MTY2OTU3MzU4MCwiaXNzIjoiaHR0cHM6Ly9vaWRjLWNvbmZvcm1hbmNlLnJlbC52ZXJpZnkuaWJtY2xvdWRzZWN1cml0eS5jb20vb2F1dGgyIiwianRpIjoiMWIyODY4ZjctOGM3ZC00OWU3LWI0NmQtODBhZDhiOGUyNzdkIiwibmFtZSI6IklTViBEZXYiLCJub25jZSI6Ikd6WXBMbTZIMlMiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpc3ZkZXZAaWJtLmNvbSIsInJhdCI6MTY2OTU3MzU3NywicmVhbG1OYW1lIjoiY2xvdWRJZGVudGl0eVJlYWxtIiwic19oYXNoIjoiM2x2dFU1RFlWd1pxd012Y1Mwb21aQSIsInN1YiI6IjYxNjAwMTdONjcifQ.LgJYWULlfOxip5gZwtQ-LUlJt378jVsMNk6mp_U03kRybwOwDz6RAqFt107HfKKNISoPjYK5qcI7-XCu2l_pOD97XXa4zf-1QafNGJoWWQthxZgeqYRf5e578k7VjuC8wSEqFklhF4JU3SqzuoVwaubOn8zgtILTmLtVKUa6c6rmVzv15iBJ-fB9YOwFmssctyQHVl11qrBRydnC1kZhX8_cY3FVkKVKlYaIRfK1vzqQ0SpYnJlmhtVTGqksvnd_MoQtFhXW8QsIUvEbefjAm9YV4CwhvtRMMO8cq96QNnTrRRZX46m_ZJ8h_2azXseBfwLTA8-KXeOf_0WghrRWkA&iss=https%3A%2F%2Foidc-conformance.rel.verify.ibmcloudsecurity.com%2Foauth2&scope=openid&state=SnXWL6NbQ9&token_type=bearer
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json
2022-11-27 18:26:21 OUTGOING
oidcc-max-age-1
Response to HTTP request to test instance njTuOdQRVqRGfTE
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/pDhGDd6TIOyDqDNal5W2
2022-11-27 18:26:21
ExtractImplicitHashToCallbackResponse
Extracted response from URL fragment
parameters
[
  {
    "name": "access_token",
    "value": "sX0LtnnzZFRxvTDK3WtzKOytaivh1lCsdUdv69-w05g.zSCeS7umYRdivq7K5LYWpX1WzLOvGlhUBMfyGoYEvQMc3XuNAPpb4d__Zeq4luHyYq1ACcsZLYMzApnNR6ntLw.M18xNjY5NTczNTgwXzE4"
  },
  {
    "name": "code",
    "value": "QZWVxuwcytqKbulGUdFF-zmBE47JETmHed5wQl-qfDk.qowud3FCCR6Pkx-PXWQq6vxV2qqSutsrku-ULaUiRqF6uc0zdPhQIUdt21GhczzGYJ-pkYrFvdFeLzfhHrsAPQ"
  },
  {
    "name": "expires_in",
    "value": "7199"
  },
  {
    "name": "id_token",
    "value": "eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJaNU83SWVSeE5XbGlDVFdOSUlVazBBIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM1MDIsImNfaGFzaCI6IkhaSWpnbklfTVUxYzZwYlVqaUliV3ciLCJleHAiOjE2Njk1ODA3ODAsImlhdCI6MTY2OTU3MzU4MCwiaXNzIjoiaHR0cHM6Ly9vaWRjLWNvbmZvcm1hbmNlLnJlbC52ZXJpZnkuaWJtY2xvdWRzZWN1cml0eS5jb20vb2F1dGgyIiwianRpIjoiMWIyODY4ZjctOGM3ZC00OWU3LWI0NmQtODBhZDhiOGUyNzdkIiwibmFtZSI6IklTViBEZXYiLCJub25jZSI6Ikd6WXBMbTZIMlMiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpc3ZkZXZAaWJtLmNvbSIsInJhdCI6MTY2OTU3MzU3NywicmVhbG1OYW1lIjoiY2xvdWRJZGVudGl0eVJlYWxtIiwic19oYXNoIjoiM2x2dFU1RFlWd1pxd012Y1Mwb21aQSIsInN1YiI6IjYxNjAwMTdONjcifQ.LgJYWULlfOxip5gZwtQ-LUlJt378jVsMNk6mp_U03kRybwOwDz6RAqFt107HfKKNISoPjYK5qcI7-XCu2l_pOD97XXa4zf-1QafNGJoWWQthxZgeqYRf5e578k7VjuC8wSEqFklhF4JU3SqzuoVwaubOn8zgtILTmLtVKUa6c6rmVzv15iBJ-fB9YOwFmssctyQHVl11qrBRydnC1kZhX8_cY3FVkKVKlYaIRfK1vzqQ0SpYnJlmhtVTGqksvnd_MoQtFhXW8QsIUvEbefjAm9YV4CwhvtRMMO8cq96QNnTrRRZX46m_ZJ8h_2azXseBfwLTA8-KXeOf_0WghrRWkA"
  },
  {
    "name": "iss",
    "value": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2"
  },
  {
    "name": "scope",
    "value": "openid"
  },
  {
    "name": "state",
    "value": "SnXWL6NbQ9"
  },
  {
    "name": "token_type",
    "value": "bearer"
  }
]
2022-11-27 18:26:21 SUCCESS
ExtractImplicitHashToCallbackResponse
Extracted the hash values
access_token
sX0LtnnzZFRxvTDK3WtzKOytaivh1lCsdUdv69-w05g.zSCeS7umYRdivq7K5LYWpX1WzLOvGlhUBMfyGoYEvQMc3XuNAPpb4d__Zeq4luHyYq1ACcsZLYMzApnNR6ntLw.M18xNjY5NTczNTgwXzE4
code
QZWVxuwcytqKbulGUdFF-zmBE47JETmHed5wQl-qfDk.qowud3FCCR6Pkx-PXWQq6vxV2qqSutsrku-ULaUiRqF6uc0zdPhQIUdt21GhczzGYJ-pkYrFvdFeLzfhHrsAPQ
expires_in
7199
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJaNU83SWVSeE5XbGlDVFdOSUlVazBBIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM1MDIsImNfaGFzaCI6IkhaSWpnbklfTVUxYzZwYlVqaUliV3ciLCJleHAiOjE2Njk1ODA3ODAsImlhdCI6MTY2OTU3MzU4MCwiaXNzIjoiaHR0cHM6Ly9vaWRjLWNvbmZvcm1hbmNlLnJlbC52ZXJpZnkuaWJtY2xvdWRzZWN1cml0eS5jb20vb2F1dGgyIiwianRpIjoiMWIyODY4ZjctOGM3ZC00OWU3LWI0NmQtODBhZDhiOGUyNzdkIiwibmFtZSI6IklTViBEZXYiLCJub25jZSI6Ikd6WXBMbTZIMlMiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpc3ZkZXZAaWJtLmNvbSIsInJhdCI6MTY2OTU3MzU3NywicmVhbG1OYW1lIjoiY2xvdWRJZGVudGl0eVJlYWxtIiwic19oYXNoIjoiM2x2dFU1RFlWd1pxd012Y1Mwb21aQSIsInN1YiI6IjYxNjAwMTdONjcifQ.LgJYWULlfOxip5gZwtQ-LUlJt378jVsMNk6mp_U03kRybwOwDz6RAqFt107HfKKNISoPjYK5qcI7-XCu2l_pOD97XXa4zf-1QafNGJoWWQthxZgeqYRf5e578k7VjuC8wSEqFklhF4JU3SqzuoVwaubOn8zgtILTmLtVKUa6c6rmVzv15iBJ-fB9YOwFmssctyQHVl11qrBRydnC1kZhX8_cY3FVkKVKlYaIRfK1vzqQ0SpYnJlmhtVTGqksvnd_MoQtFhXW8QsIUvEbefjAm9YV4CwhvtRMMO8cq96QNnTrRRZX46m_ZJ8h_2azXseBfwLTA8-KXeOf_0WghrRWkA
iss
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2
scope
openid
state
SnXWL6NbQ9
token_type
bearer
2022-11-27 18:26:21 REDIRECT-IN
oidcc-max-age-1
Authorization endpoint response captured
url_query
{}
headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "sec-ch-ua-mobile": "?0",
  "sec-ch-ua-platform": "\"Windows\"",
  "referer": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9,zh-CN;q\u003d0.8,zh;q\u003d0.7",
  "cookie": "__utmz\u003d201319536.1668662898.14.3.utmcsr\u003dcertification.openid.net|utmccn\u003d(referral)|utmcmd\u003dreferral|utmcct\u003d/; __utmc\u003d201319536; __utma\u003d201319536.1094656506.1667372526.1669169819.1669192421.17; JSESSIONID\u003dA99EA218D2554846F38BDDE459E8C220",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-proto": "https",
  "x-forwarded-port": "443",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{
  "access_token": "sX0LtnnzZFRxvTDK3WtzKOytaivh1lCsdUdv69-w05g.zSCeS7umYRdivq7K5LYWpX1WzLOvGlhUBMfyGoYEvQMc3XuNAPpb4d__Zeq4luHyYq1ACcsZLYMzApnNR6ntLw.M18xNjY5NTczNTgwXzE4",
  "code": "QZWVxuwcytqKbulGUdFF-zmBE47JETmHed5wQl-qfDk.qowud3FCCR6Pkx-PXWQq6vxV2qqSutsrku-ULaUiRqF6uc0zdPhQIUdt21GhczzGYJ-pkYrFvdFeLzfhHrsAPQ",
  "expires_in": "7199",
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJaNU83SWVSeE5XbGlDVFdOSUlVazBBIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM1MDIsImNfaGFzaCI6IkhaSWpnbklfTVUxYzZwYlVqaUliV3ciLCJleHAiOjE2Njk1ODA3ODAsImlhdCI6MTY2OTU3MzU4MCwiaXNzIjoiaHR0cHM6Ly9vaWRjLWNvbmZvcm1hbmNlLnJlbC52ZXJpZnkuaWJtY2xvdWRzZWN1cml0eS5jb20vb2F1dGgyIiwianRpIjoiMWIyODY4ZjctOGM3ZC00OWU3LWI0NmQtODBhZDhiOGUyNzdkIiwibmFtZSI6IklTViBEZXYiLCJub25jZSI6Ikd6WXBMbTZIMlMiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpc3ZkZXZAaWJtLmNvbSIsInJhdCI6MTY2OTU3MzU3NywicmVhbG1OYW1lIjoiY2xvdWRJZGVudGl0eVJlYWxtIiwic19oYXNoIjoiM2x2dFU1RFlWd1pxd012Y1Mwb21aQSIsInN1YiI6IjYxNjAwMTdONjcifQ.LgJYWULlfOxip5gZwtQ-LUlJt378jVsMNk6mp_U03kRybwOwDz6RAqFt107HfKKNISoPjYK5qcI7-XCu2l_pOD97XXa4zf-1QafNGJoWWQthxZgeqYRf5e578k7VjuC8wSEqFklhF4JU3SqzuoVwaubOn8zgtILTmLtVKUa6c6rmVzv15iBJ-fB9YOwFmssctyQHVl11qrBRydnC1kZhX8_cY3FVkKVKlYaIRfK1vzqQ0SpYnJlmhtVTGqksvnd_MoQtFhXW8QsIUvEbefjAm9YV4CwhvtRMMO8cq96QNnTrRRZX46m_ZJ8h_2azXseBfwLTA8-KXeOf_0WghrRWkA",
  "iss": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2",
  "scope": "openid",
  "state": "SnXWL6NbQ9",
  "token_type": "bearer"
}
post_body
Verify authorization endpoint response
2022-11-27 18:26:21 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2022-11-27 18:26:21 SUCCESS
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
2022-11-27 18:26:21 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2022-11-27 18:26:21 SUCCESS
ValidateIssInAuthorizationResponse
'iss' parameter in authorization response matches server's issuer value.
2022-11-27 18:26:21 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2022-11-27 18:26:21 SUCCESS
CheckStateInAuthorizationResponse
State in response correctly returned
state
SnXWL6NbQ9
2022-11-27 18:26:21 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
QZWVxuwcytqKbulGUdFF-zmBE47JETmHed5wQl-qfDk.qowud3FCCR6Pkx-PXWQq6vxV2qqSutsrku-ULaUiRqF6uc0zdPhQIUdt21GhczzGYJ-pkYrFvdFeLzfhHrsAPQ
2022-11-27 18:26:21 SUCCESS
ExtractAccessTokenFromAuthorizationResponse
Extracted the access token
value
sX0LtnnzZFRxvTDK3WtzKOytaivh1lCsdUdv69-w05g.zSCeS7umYRdivq7K5LYWpX1WzLOvGlhUBMfyGoYEvQMc3XuNAPpb4d__Zeq4luHyYq1ACcsZLYMzApnNR6ntLw.M18xNjY5NTczNTgwXzE4
type
bearer
2022-11-27 18:26:21 SUCCESS
ExtractIdTokenFromAuthorizationResponse
Found and parsed the id_token from authorization_endpoint_response
value
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJaNU83SWVSeE5XbGlDVFdOSUlVazBBIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM1MDIsImNfaGFzaCI6IkhaSWpnbklfTVUxYzZwYlVqaUliV3ciLCJleHAiOjE2Njk1ODA3ODAsImlhdCI6MTY2OTU3MzU4MCwiaXNzIjoiaHR0cHM6Ly9vaWRjLWNvbmZvcm1hbmNlLnJlbC52ZXJpZnkuaWJtY2xvdWRzZWN1cml0eS5jb20vb2F1dGgyIiwianRpIjoiMWIyODY4ZjctOGM3ZC00OWU3LWI0NmQtODBhZDhiOGUyNzdkIiwibmFtZSI6IklTViBEZXYiLCJub25jZSI6Ikd6WXBMbTZIMlMiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpc3ZkZXZAaWJtLmNvbSIsInJhdCI6MTY2OTU3MzU3NywicmVhbG1OYW1lIjoiY2xvdWRJZGVudGl0eVJlYWxtIiwic19oYXNoIjoiM2x2dFU1RFlWd1pxd012Y1Mwb21aQSIsInN1YiI6IjYxNjAwMTdONjcifQ.LgJYWULlfOxip5gZwtQ-LUlJt378jVsMNk6mp_U03kRybwOwDz6RAqFt107HfKKNISoPjYK5qcI7-XCu2l_pOD97XXa4zf-1QafNGJoWWQthxZgeqYRf5e578k7VjuC8wSEqFklhF4JU3SqzuoVwaubOn8zgtILTmLtVKUa6c6rmVzv15iBJ-fB9YOwFmssctyQHVl11qrBRydnC1kZhX8_cY3FVkKVKlYaIRfK1vzqQ0SpYnJlmhtVTGqksvnd_MoQtFhXW8QsIUvEbefjAm9YV4CwhvtRMMO8cq96QNnTrRRZX46m_ZJ8h_2azXseBfwLTA8-KXeOf_0WghrRWkA
header
{
  "kid": "server",
  "alg": "RS256"
}
claims
{
  "at_hash": "Z5O7IeRxNWliCTWNIIUk0A",
  "sub": "6160017N67",
  "rat": 1669573577,
  "realmName": "cloudIdentityRealm",
  "amr": [
    "password"
  ],
  "iss": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2",
  "preferred_username": "isvdev@ibm.com",
  "nonce": "GzYpLm6H2S",
  "acr": "urn:ibm:security:policy:id:1",
  "aud": "8ac2aa19-9b6a-484b-89ab-23235a2e3b09",
  "c_hash": "HZIjgnI_MU1c6pbUjiIbWw",
  "s_hash": "3lvtU5DYVwZqwMvcS0omZA",
  "auth_time": 1669573502,
  "name": "ISV Dev",
  "exp": 1669580780,
  "iat": 1669573580,
  "jti": "1b2868f7-8c7d-49e7-b46d-80ad8b8e277d"
}
2022-11-27 18:26:21 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2022-11-27 18:26:21
ValidateIdTokenStandardClaims
sub is a string with content
2022-11-27 18:26:21
ValidateIdTokenStandardClaims
Skipping unknown claim: rat
2022-11-27 18:26:21
ValidateIdTokenStandardClaims
Skipping unknown claim: realmName
2022-11-27 18:26:21
ValidateIdTokenStandardClaims
preferred_username is a string with content
2022-11-27 18:26:21
ValidateIdTokenStandardClaims
name is a string with content
2022-11-27 18:26:21 SUCCESS
ValidateIdTokenStandardClaims
id_token claims are valid
2022-11-27 18:26:21 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
GzYpLm6H2S
2022-11-27 18:26:21 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2022-11-27 18:26:21 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJaNU83SWVSeE5XbGlDVFdOSUlVazBBIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM1MDIsImNfaGFzaCI6IkhaSWpnbklfTVUxYzZwYlVqaUliV3ciLCJleHAiOjE2Njk1ODA3ODAsImlhdCI6MTY2OTU3MzU4MCwiaXNzIjoiaHR0cHM6Ly9vaWRjLWNvbmZvcm1hbmNlLnJlbC52ZXJpZnkuaWJtY2xvdWRzZWN1cml0eS5jb20vb2F1dGgyIiwianRpIjoiMWIyODY4ZjctOGM3ZC00OWU3LWI0NmQtODBhZDhiOGUyNzdkIiwibmFtZSI6IklTViBEZXYiLCJub25jZSI6Ikd6WXBMbTZIMlMiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpc3ZkZXZAaWJtLmNvbSIsInJhdCI6MTY2OTU3MzU3NywicmVhbG1OYW1lIjoiY2xvdWRJZGVudGl0eVJlYWxtIiwic19oYXNoIjoiM2x2dFU1RFlWd1pxd012Y1Mwb21aQSIsInN1YiI6IjYxNjAwMTdONjcifQ.LgJYWULlfOxip5gZwtQ-LUlJt378jVsMNk6mp_U03kRybwOwDz6RAqFt107HfKKNISoPjYK5qcI7-XCu2l_pOD97XXa4zf-1QafNGJoWWQthxZgeqYRf5e578k7VjuC8wSEqFklhF4JU3SqzuoVwaubOn8zgtILTmLtVKUa6c6rmVzv15iBJ-fB9YOwFmssctyQHVl11qrBRydnC1kZhX8_cY3FVkKVKlYaIRfK1vzqQ0SpYnJlmhtVTGqksvnd_MoQtFhXW8QsIUvEbefjAm9YV4CwhvtRMMO8cq96QNnTrRRZX46m_ZJ8h_2azXseBfwLTA8-KXeOf_0WghrRWkA
2022-11-27 18:26:21 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJaNU83SWVSeE5XbGlDVFdOSUlVazBBIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM1MDIsImNfaGFzaCI6IkhaSWpnbklfTVUxYzZwYlVqaUliV3ciLCJleHAiOjE2Njk1ODA3ODAsImlhdCI6MTY2OTU3MzU4MCwiaXNzIjoiaHR0cHM6Ly9vaWRjLWNvbmZvcm1hbmNlLnJlbC52ZXJpZnkuaWJtY2xvdWRzZWN1cml0eS5jb20vb2F1dGgyIiwianRpIjoiMWIyODY4ZjctOGM3ZC00OWU3LWI0NmQtODBhZDhiOGUyNzdkIiwibmFtZSI6IklTViBEZXYiLCJub25jZSI6Ikd6WXBMbTZIMlMiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpc3ZkZXZAaWJtLmNvbSIsInJhdCI6MTY2OTU3MzU3NywicmVhbG1OYW1lIjoiY2xvdWRJZGVudGl0eVJlYWxtIiwic19oYXNoIjoiM2x2dFU1RFlWd1pxd012Y1Mwb21aQSIsInN1YiI6IjYxNjAwMTdONjcifQ.LgJYWULlfOxip5gZwtQ-LUlJt378jVsMNk6mp_U03kRybwOwDz6RAqFt107HfKKNISoPjYK5qcI7-XCu2l_pOD97XXa4zf-1QafNGJoWWQthxZgeqYRf5e578k7VjuC8wSEqFklhF4JU3SqzuoVwaubOn8zgtILTmLtVKUa6c6rmVzv15iBJ-fB9YOwFmssctyQHVl11qrBRydnC1kZhX8_cY3FVkKVKlYaIRfK1vzqQ0SpYnJlmhtVTGqksvnd_MoQtFhXW8QsIUvEbefjAm9YV4CwhvtRMMO8cq96QNnTrRRZX46m_ZJ8h_2azXseBfwLTA8-KXeOf_0WghrRWkA
2022-11-27 18:26:21 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
6160017N67
2022-11-27 18:26:21
EnsureIdTokenUpdatedAtValid
id_token response does not contain 'updated_at'
2022-11-27 18:26:21 INFO
ValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
Userinfo endpoint tests
2022-11-27 18:26:21
CallProtectedResource
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/userinfo
request_method
GET
request_headers
{
  "accept": "application/json",
  "authorization": "bearer sX0LtnnzZFRxvTDK3WtzKOytaivh1lCsdUdv69-w05g.zSCeS7umYRdivq7K5LYWpX1WzLOvGlhUBMfyGoYEvQMc3XuNAPpb4d__Zeq4luHyYq1ACcsZLYMzApnNR6ntLw.M18xNjY5NTczNTgwXzE4",
  "content-length": "0"
}
request_body

                                
2022-11-27 18:26:21 RESPONSE
CallProtectedResource
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-frame-options": "SAMEORIGIN",
  "x-content-type-options": "nosniff",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "expires": "0",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK0e455189-5819-4d8d-982a-66455f25092b",
  "content-security-policy": "frame-ancestors \u0027self\u0027",
  "x-ua-compatible": "IE\u003dedge",
  "x-global-transaction-id": "efc5c2816383abcd07b2e703",
  "content-length": "324",
  "date": "Sun, 27 Nov 2022 18:26:21 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:qlppZ8QI9dI4pR/MFYGYUyfjJLbV9ru9X9ma1HtWhng\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:57871319; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d98DD9E9F282E70845C1B8350E4A4B838~-1~YAAQXXYGF6K7yISEAQAAgBtXugiEjO0g7GwuDLMJs1pD+JL2MBZtOcH6kZBMoZAYkq45DBhCtd+ZL3u/DtXzWGW4dbHtlFk3AOHK9nQQVH1OZNhGg+7OWWHfPr3QwbfXc+bYOReo3uOxK43LoWS1X37kfsjQTjaUsXWIQBC7MJ03EV6Mq0uRHr91yITKS54zgHidJyglXzVHPDQ6ScEVodUHtAxEgAljcxpIyJ+tSAUzNcYD2N/LMjUlc2L8bu1uPc+na/RvptyMpIXGaD422lG+QK5CqcuJUR/yB6NNa23oUVeca29Pa42/kzn2JwoxqHBKvmpPzaDb660GE0AF28L8uRq+OY4Qywnmt23U2tdFZPwLLugcU+Aeo2nG+SQnMvVvd+E\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 27 Nov 2023 18:26:21 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d2A1C7BE73581032169576189AB2506CC~YAAQXXYGF6O7yISEAQAAgBtXuhFk9OSQxqq+oBpZwXYcuTZImRmrwIYGMJmisoeFA9TQq1drKIXG3Dbw5qtuRypQzwIKc8/VMvAXbVWs4A6J4Lo/6oVCPfEYZrg0EOcDspy8r0A4l+0VB9cgPTtn3KJ0a7xlQXIXcgx/pMxdwHC81YQjRQkIma7Q1wguN9NT7N9/cIVg15XbmsC0KYZ1s1hfN/tJkoocvK3Lv4rUGjN6RCcYnEqq9dya3JILlqF7+xmEvux66Y52Zo0SUuKHxLU2SCF+TllwrQt+GmAcc6I1mRXu7tJVgd17wxMF~3487033~4277556; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dSun, 27 Nov 2022 22:26:21 GMT; Max-Age\u003d14400; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d91",
    "origin; dur\u003d98"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body
{"acr":"urn:ibm:security:policy:id:1","amr":["password"],"aud":["8ac2aa19-9b6a-484b-89ab-23235a2e3b09"],"auth_time":1669573502,"iss":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2","name":"ISV Dev","preferred_username":"isvdev@ibm.com","rat":1669573577,"realmName":"cloudIdentityRealm","sub":"6160017N67"}
2022-11-27 18:26:21 SUCCESS
CallProtectedResource
Got a response from the resource endpoint
status
200
endpoint_name
resource
headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-frame-options": "SAMEORIGIN",
  "x-content-type-options": "nosniff",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "expires": "0",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK0e455189-5819-4d8d-982a-66455f25092b",
  "content-security-policy": "frame-ancestors \u0027self\u0027",
  "x-ua-compatible": "IE\u003dedge",
  "x-global-transaction-id": "efc5c2816383abcd07b2e703",
  "content-length": "324",
  "date": "Sun, 27 Nov 2022 18:26:21 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:qlppZ8QI9dI4pR/MFYGYUyfjJLbV9ru9X9ma1HtWhng\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:57871319; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d98DD9E9F282E70845C1B8350E4A4B838~-1~YAAQXXYGF6K7yISEAQAAgBtXugiEjO0g7GwuDLMJs1pD+JL2MBZtOcH6kZBMoZAYkq45DBhCtd+ZL3u/DtXzWGW4dbHtlFk3AOHK9nQQVH1OZNhGg+7OWWHfPr3QwbfXc+bYOReo3uOxK43LoWS1X37kfsjQTjaUsXWIQBC7MJ03EV6Mq0uRHr91yITKS54zgHidJyglXzVHPDQ6ScEVodUHtAxEgAljcxpIyJ+tSAUzNcYD2N/LMjUlc2L8bu1uPc+na/RvptyMpIXGaD422lG+QK5CqcuJUR/yB6NNa23oUVeca29Pa42/kzn2JwoxqHBKvmpPzaDb660GE0AF28L8uRq+OY4Qywnmt23U2tdFZPwLLugcU+Aeo2nG+SQnMvVvd+E\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 27 Nov 2023 18:26:21 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d2A1C7BE73581032169576189AB2506CC~YAAQXXYGF6O7yISEAQAAgBtXuhFk9OSQxqq+oBpZwXYcuTZImRmrwIYGMJmisoeFA9TQq1drKIXG3Dbw5qtuRypQzwIKc8/VMvAXbVWs4A6J4Lo/6oVCPfEYZrg0EOcDspy8r0A4l+0VB9cgPTtn3KJ0a7xlQXIXcgx/pMxdwHC81YQjRQkIma7Q1wguN9NT7N9/cIVg15XbmsC0KYZ1s1hfN/tJkoocvK3Lv4rUGjN6RCcYnEqq9dya3JILlqF7+xmEvux66Y52Zo0SUuKHxLU2SCF+TllwrQt+GmAcc6I1mRXu7tJVgd17wxMF~3487033~4277556; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dSun, 27 Nov 2022 22:26:21 GMT; Max-Age\u003d14400; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d91",
    "origin; dur\u003d98"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
body
{"acr":"urn:ibm:security:policy:id:1","amr":["password"],"aud":["8ac2aa19-9b6a-484b-89ab-23235a2e3b09"],"auth_time":1669573502,"iss":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2","name":"ISV Dev","preferred_username":"isvdev@ibm.com","rat":1669573577,"realmName":"cloudIdentityRealm","sub":"6160017N67"}
2022-11-27 18:26:21 SUCCESS
EnsureHttpStatusCodeIs200
resource endpoint returned the expected http status
expected_status
200
http_status
200
2022-11-27 18:26:21 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
Created token endpoint request
grant_type
authorization_code
code
QZWVxuwcytqKbulGUdFF-zmBE47JETmHed5wQl-qfDk.qowud3FCCR6Pkx-PXWQq6vxV2qqSutsrku-ULaUiRqF6uc0zdPhQIUdt21GhczzGYJ-pkYrFvdFeLzfhHrsAPQ
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback
2022-11-27 18:26:21 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic OGFjMmFhMTktOWI2YS00ODRiLTg5YWItMjMyMzVhMmUzYjA5Onl5alpZenRSb1c=
2022-11-27 18:26:21
CallTokenEndpoint
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/token
request_method
POST
request_headers
{
  "accept": "application/json",
  "authorization": "Basic OGFjMmFhMTktOWI2YS00ODRiLTg5YWItMjMyMzVhMmUzYjA5Onl5alpZenRSb1c\u003d",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "267"
}
request_body
grant_type=authorization_code&code=QZWVxuwcytqKbulGUdFF-zmBE47JETmHed5wQl-qfDk.qowud3FCCR6Pkx-PXWQq6vxV2qqSutsrku-ULaUiRqF6uc0zdPhQIUdt21GhczzGYJ-pkYrFvdFeLzfhHrsAPQ&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2Fisv_op_oidc_core_test%2Fcallback
2022-11-27 18:26:22 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-content-type-options": "nosniff",
  "cache-control": "no-store",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK04a8233e-a999-4d40-9f81-d33e4c0ff9c5",
  "pragma": "no-cache",
  "x-global-transaction-id": "efc5c2816383abce354bf701",
  "content-length": "1281",
  "date": "Sun, 27 Nov 2022 18:26:22 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:4lUjpEnKZZ+ugTKnipz35DsOAaFR+FerozYwq1komvY\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:61017047; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d67ECEB005EC92790ED1412983F61947A~-1~YAAQXXYGF7C7yISEAQAAWB1XugixsKkqxIjyAG+mCRjTfrRvJ+epeFYGh+77xGSGcU1NJ5hwGQ+7veyl+iqKzuZ71WVEjnL6Cod11zDiV/99H91nJaQMLc79gJkMV0QXG6Zmz90Fb2REvxS63N8hcryOd0r8PwHRiY8KyQ9FB34vgLUyicZr/qSAj3BkepQzQ9PPpfFhjUgPFAFzlopBbQyD56fZdsIUib150F8kmlqNKo7Yx9TMUeZZ7u4U14s07QcwVMBVE0kwnY/VHl24lSSM8zXlMl7nuk3Jz0/4ECQN7Lot124Dgyvk+J2mruJlB9+2ssyuJy+LRfFdBmBHPyd2n+ffY7GM34KeUxoNEW0e6cw/CFSynMVy5udpWn2ipcsUJM4\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 27 Nov 2023 18:26:22 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d9B951F22F2AB6A839564C2D692FAC091~YAAQXXYGF7G7yISEAQAAWB1XuhFLiGK0qJc1dAK0C0VXpEulf/b2+arbJOC6WO8QinF8h7NTTev7mNGzym4rDcvHyYXEGe5uhWTivVwMM5enuJ+nnfE1cYuvF0qhmStwR/5v+16xFn4qprF9OGkCef2WQNX8JObmWzz5OQJTY4IfUmuV8Sb+PLr1Hkjhb/2R4J3bncGrti3dlyQLfvqUutrq9sFgntL2yr8l4PIOjw7BpjQn9im6Z2fnodInsbej1cJ2/pbQAk1nKh+vurcPJBOm4oc97VwAMyiO2HMx9o/OtOTZjkwK3zUY5Ihd~3487033~4277556; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dSun, 27 Nov 2022 22:26:21 GMT; Max-Age\u003d14399; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d243",
    "origin; dur\u003d160"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body
{"access_token":"fLFahTYqIqYF2JoaeaZM8RFh2y0uY7IZIwZFhzXpKGc.VRPoiRtIF6RDE4AQTpgzIRNzu0CW2cYvQPxlwGXyqZj7LHxpCG56tVnGladf5C7F75WEBmx_7pFTdoW6LvlZGg.M18xNjY5NTczNTgyXzE4","expires_in":7199,"id_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJQcnQxeW51RmhvSElORkxjSThVOWxRIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM1MDIsImV4cCI6MTY2OTU4MDc4MiwiaWF0IjoxNjY5NTczNTgyLCJpc3MiOiJodHRwczovL29pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbS9vYXV0aDIiLCJqdGkiOiJiNmZkOGM1NS02OTBlLTRjY2ItYWQ1ZS00ZDYyN2RlZTA5YmYiLCJuYW1lIjoiSVNWIERldiIsIm5vbmNlIjoiR3pZcExtNkgyUyIsInByZWZlcnJlZF91c2VybmFtZSI6ImlzdmRldkBpYm0uY29tIiwicmF0IjoxNjY5NTczNTc3LCJyZWFsbU5hbWUiOiJjbG91ZElkZW50aXR5UmVhbG0iLCJzX2hhc2giOiIzbHZ0VTVEWVZ3WnF3TXZjUzBvbVpBIiwic3ViIjoiNjE2MDAxN042NyJ9.ZQLInUpWGoCgZwr0xI0tXPbpCsEOT_jo_tSBJ1YWizb9-LhPreMppPaHzX8B6-1wuHicDpNzwRS6GvUCahLp4xmbKyxOCYG4l_45TcgFm2TnBBhPh8-B6llqyNCOb3Gzg59dGTTZnrzFA7M7T4NB5kfs8mScBZ8juePvZYdEE0nmx7yk9w8D1y8pl8yECFMr_tpLmHXP69n-CzL-axbnmMNzxMpm9O8ySTLYz-vHGHxQZNs-qkfShbUOQSeQFS-1SFYRIj9DvU2wRPRUjV477wrFFHXnb5YxMf2lSW-E6z50-cXEk_CgEXvKt1pOvee5qaJIif8gG68r3sbCAHV8Sw","scope":"openid","token_type":"bearer"}
2022-11-27 18:26:22 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
access_token
fLFahTYqIqYF2JoaeaZM8RFh2y0uY7IZIwZFhzXpKGc.VRPoiRtIF6RDE4AQTpgzIRNzu0CW2cYvQPxlwGXyqZj7LHxpCG56tVnGladf5C7F75WEBmx_7pFTdoW6LvlZGg.M18xNjY5NTczNTgyXzE4
expires_in
7199
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJQcnQxeW51RmhvSElORkxjSThVOWxRIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM1MDIsImV4cCI6MTY2OTU4MDc4MiwiaWF0IjoxNjY5NTczNTgyLCJpc3MiOiJodHRwczovL29pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbS9vYXV0aDIiLCJqdGkiOiJiNmZkOGM1NS02OTBlLTRjY2ItYWQ1ZS00ZDYyN2RlZTA5YmYiLCJuYW1lIjoiSVNWIERldiIsIm5vbmNlIjoiR3pZcExtNkgyUyIsInByZWZlcnJlZF91c2VybmFtZSI6ImlzdmRldkBpYm0uY29tIiwicmF0IjoxNjY5NTczNTc3LCJyZWFsbU5hbWUiOiJjbG91ZElkZW50aXR5UmVhbG0iLCJzX2hhc2giOiIzbHZ0VTVEWVZ3WnF3TXZjUzBvbVpBIiwic3ViIjoiNjE2MDAxN042NyJ9.ZQLInUpWGoCgZwr0xI0tXPbpCsEOT_jo_tSBJ1YWizb9-LhPreMppPaHzX8B6-1wuHicDpNzwRS6GvUCahLp4xmbKyxOCYG4l_45TcgFm2TnBBhPh8-B6llqyNCOb3Gzg59dGTTZnrzFA7M7T4NB5kfs8mScBZ8juePvZYdEE0nmx7yk9w8D1y8pl8yECFMr_tpLmHXP69n-CzL-axbnmMNzxMpm9O8ySTLYz-vHGHxQZNs-qkfShbUOQSeQFS-1SFYRIj9DvU2wRPRUjV477wrFFHXnb5YxMf2lSW-E6z50-cXEk_CgEXvKt1pOvee5qaJIif8gG68r3sbCAHV8Sw
scope
openid
token_type
bearer
2022-11-27 18:26:22 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2022-11-27 18:26:22 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
fLFahTYqIqYF2JoaeaZM8RFh2y0uY7IZIwZFhzXpKGc.VRPoiRtIF6RDE4AQTpgzIRNzu0CW2cYvQPxlwGXyqZj7LHxpCG56tVnGladf5C7F75WEBmx_7pFTdoW6LvlZGg.M18xNjY5NTczNTgyXzE4
2022-11-27 18:26:22 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
fLFahTYqIqYF2JoaeaZM8RFh2y0uY7IZIwZFhzXpKGc.VRPoiRtIF6RDE4AQTpgzIRNzu0CW2cYvQPxlwGXyqZj7LHxpCG56tVnGladf5C7F75WEBmx_7pFTdoW6LvlZGg.M18xNjY5NTczNTgyXzE4
type
bearer
2022-11-27 18:26:22 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
7199
2022-11-27 18:26:22 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
7199
2022-11-27 18:26:22 INFO
CheckForRefreshTokenValue
Couldn't find refresh token
2022-11-27 18:26:22 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJQcnQxeW51RmhvSElORkxjSThVOWxRIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM1MDIsImV4cCI6MTY2OTU4MDc4MiwiaWF0IjoxNjY5NTczNTgyLCJpc3MiOiJodHRwczovL29pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbS9vYXV0aDIiLCJqdGkiOiJiNmZkOGM1NS02OTBlLTRjY2ItYWQ1ZS00ZDYyN2RlZTA5YmYiLCJuYW1lIjoiSVNWIERldiIsIm5vbmNlIjoiR3pZcExtNkgyUyIsInByZWZlcnJlZF91c2VybmFtZSI6ImlzdmRldkBpYm0uY29tIiwicmF0IjoxNjY5NTczNTc3LCJyZWFsbU5hbWUiOiJjbG91ZElkZW50aXR5UmVhbG0iLCJzX2hhc2giOiIzbHZ0VTVEWVZ3WnF3TXZjUzBvbVpBIiwic3ViIjoiNjE2MDAxN042NyJ9.ZQLInUpWGoCgZwr0xI0tXPbpCsEOT_jo_tSBJ1YWizb9-LhPreMppPaHzX8B6-1wuHicDpNzwRS6GvUCahLp4xmbKyxOCYG4l_45TcgFm2TnBBhPh8-B6llqyNCOb3Gzg59dGTTZnrzFA7M7T4NB5kfs8mScBZ8juePvZYdEE0nmx7yk9w8D1y8pl8yECFMr_tpLmHXP69n-CzL-axbnmMNzxMpm9O8ySTLYz-vHGHxQZNs-qkfShbUOQSeQFS-1SFYRIj9DvU2wRPRUjV477wrFFHXnb5YxMf2lSW-E6z50-cXEk_CgEXvKt1pOvee5qaJIif8gG68r3sbCAHV8Sw
header
{
  "kid": "server",
  "alg": "RS256"
}
claims
{
  "at_hash": "Prt1ynuFhoHINFLcI8U9lQ",
  "sub": "6160017N67",
  "rat": 1669573577,
  "realmName": "cloudIdentityRealm",
  "amr": [
    "password"
  ],
  "iss": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2",
  "preferred_username": "isvdev@ibm.com",
  "nonce": "GzYpLm6H2S",
  "acr": "urn:ibm:security:policy:id:1",
  "aud": "8ac2aa19-9b6a-484b-89ab-23235a2e3b09",
  "s_hash": "3lvtU5DYVwZqwMvcS0omZA",
  "auth_time": 1669573502,
  "name": "ISV Dev",
  "exp": 1669580782,
  "iat": 1669573582,
  "jti": "b6fd8c55-690e-4ccb-ad5e-4d627dee09bf"
}
2022-11-27 18:26:22 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2022-11-27 18:26:22
ValidateIdTokenStandardClaims
sub is a string with content
2022-11-27 18:26:22
ValidateIdTokenStandardClaims
Skipping unknown claim: rat
2022-11-27 18:26:22
ValidateIdTokenStandardClaims
Skipping unknown claim: realmName
2022-11-27 18:26:22
ValidateIdTokenStandardClaims
preferred_username is a string with content
2022-11-27 18:26:22
ValidateIdTokenStandardClaims
name is a string with content
2022-11-27 18:26:22 SUCCESS
ValidateIdTokenStandardClaims
id_token claims are valid
2022-11-27 18:26:22 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
GzYpLm6H2S
2022-11-27 18:26:22 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2022-11-27 18:26:22 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJQcnQxeW51RmhvSElORkxjSThVOWxRIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM1MDIsImV4cCI6MTY2OTU4MDc4MiwiaWF0IjoxNjY5NTczNTgyLCJpc3MiOiJodHRwczovL29pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbS9vYXV0aDIiLCJqdGkiOiJiNmZkOGM1NS02OTBlLTRjY2ItYWQ1ZS00ZDYyN2RlZTA5YmYiLCJuYW1lIjoiSVNWIERldiIsIm5vbmNlIjoiR3pZcExtNkgyUyIsInByZWZlcnJlZF91c2VybmFtZSI6ImlzdmRldkBpYm0uY29tIiwicmF0IjoxNjY5NTczNTc3LCJyZWFsbU5hbWUiOiJjbG91ZElkZW50aXR5UmVhbG0iLCJzX2hhc2giOiIzbHZ0VTVEWVZ3WnF3TXZjUzBvbVpBIiwic3ViIjoiNjE2MDAxN042NyJ9.ZQLInUpWGoCgZwr0xI0tXPbpCsEOT_jo_tSBJ1YWizb9-LhPreMppPaHzX8B6-1wuHicDpNzwRS6GvUCahLp4xmbKyxOCYG4l_45TcgFm2TnBBhPh8-B6llqyNCOb3Gzg59dGTTZnrzFA7M7T4NB5kfs8mScBZ8juePvZYdEE0nmx7yk9w8D1y8pl8yECFMr_tpLmHXP69n-CzL-axbnmMNzxMpm9O8ySTLYz-vHGHxQZNs-qkfShbUOQSeQFS-1SFYRIj9DvU2wRPRUjV477wrFFHXnb5YxMf2lSW-E6z50-cXEk_CgEXvKt1pOvee5qaJIif8gG68r3sbCAHV8Sw
2022-11-27 18:26:22 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJQcnQxeW51RmhvSElORkxjSThVOWxRIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM1MDIsImV4cCI6MTY2OTU4MDc4MiwiaWF0IjoxNjY5NTczNTgyLCJpc3MiOiJodHRwczovL29pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbS9vYXV0aDIiLCJqdGkiOiJiNmZkOGM1NS02OTBlLTRjY2ItYWQ1ZS00ZDYyN2RlZTA5YmYiLCJuYW1lIjoiSVNWIERldiIsIm5vbmNlIjoiR3pZcExtNkgyUyIsInByZWZlcnJlZF91c2VybmFtZSI6ImlzdmRldkBpYm0uY29tIiwicmF0IjoxNjY5NTczNTc3LCJyZWFsbU5hbWUiOiJjbG91ZElkZW50aXR5UmVhbG0iLCJzX2hhc2giOiIzbHZ0VTVEWVZ3WnF3TXZjUzBvbVpBIiwic3ViIjoiNjE2MDAxN042NyJ9.ZQLInUpWGoCgZwr0xI0tXPbpCsEOT_jo_tSBJ1YWizb9-LhPreMppPaHzX8B6-1wuHicDpNzwRS6GvUCahLp4xmbKyxOCYG4l_45TcgFm2TnBBhPh8-B6llqyNCOb3Gzg59dGTTZnrzFA7M7T4NB5kfs8mScBZ8juePvZYdEE0nmx7yk9w8D1y8pl8yECFMr_tpLmHXP69n-CzL-axbnmMNzxMpm9O8ySTLYz-vHGHxQZNs-qkfShbUOQSeQFS-1SFYRIj9DvU2wRPRUjV477wrFFHXnb5YxMf2lSW-E6z50-cXEk_CgEXvKt1pOvee5qaJIif8gG68r3sbCAHV8Sw
2022-11-27 18:26:22 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
6160017N67
2022-11-27 18:26:22
EnsureIdTokenUpdatedAtValid
id_token response does not contain 'updated_at'
2022-11-27 18:26:22 INFO
ValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2022-11-27 18:26:22 SUCCESS
VerifyIdTokenSubConsistentHybridFlow
authorization endpoint and token endpoint id_token have same sub
sub_auth_endpoint
6160017N67
sub_token_endpoint
6160017N67
Userinfo endpoint tests
2022-11-27 18:26:22
CallProtectedResource
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/userinfo
request_method
GET
request_headers
{
  "accept": "application/json",
  "authorization": "bearer fLFahTYqIqYF2JoaeaZM8RFh2y0uY7IZIwZFhzXpKGc.VRPoiRtIF6RDE4AQTpgzIRNzu0CW2cYvQPxlwGXyqZj7LHxpCG56tVnGladf5C7F75WEBmx_7pFTdoW6LvlZGg.M18xNjY5NTczNTgyXzE4",
  "content-length": "0"
}
request_body

                                
2022-11-27 18:26:22 RESPONSE
CallProtectedResource
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-frame-options": "SAMEORIGIN",
  "x-content-type-options": "nosniff",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "expires": "0",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK56b05031-5ad1-4746-834b-cb44849682a2",
  "content-security-policy": "frame-ancestors \u0027self\u0027",
  "x-ua-compatible": "IE\u003dedge",
  "x-global-transaction-id": "efc5c2816383abce07c9057d",
  "content-length": "324",
  "date": "Sun, 27 Nov 2022 18:26:22 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:V/KFnK4B3lUxVbR6u4ZgKEJdILK2Hh6aFy6YrBZ8QGk\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:57871319; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d91414189BA022BE1439EC12A4D117A66~-1~YAAQXXYGF7q7yISEAQAAah5Xuggoys/ADyOeeBYDXkNt2q3rKHEmYpfhmB6NtQk3JuZsuW3IkjxoPkS/ThAioKKINhIa2vwi4Es4pBSLg3/HvKpjMm4p1zo0iH/siVM6yi8negW4behNQgi42B9lWxHr0X2h+V/RoQCqhvexzdKIQKTQf8CWHZgEPB5m/Hg9IAwnVdls7WB8a2N+sc+TCSbe/6YpB34alGRwQbDm7tiYGi39xRD2RnHw4Go8qNFWfYTbo1NZqWYTHemsqJghvwZv7L/20iUOPZ7ZzXiTpIyHoIiW39ENWIz33JI+TDshuW/uUha/0UFPoJjdd3HStr09lpevGEoAfiS5JOxEmziWs0h1Z06D0eDbDt6Do80KgdG78yg\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 27 Nov 2023 18:26:22 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d67B6B67A1FB05701E9D0C3C7328DBDF0~YAAQXXYGF7u7yISEAQAAah5XuhEk0dXY23kmO5fPgm7k0nqxyP9EnhXwnYD8D8QxJrgmY+UovhlkyOMlS63J05S+lPxGkBdK1SNnim2bp1EXuH6TrY7ky/MEzy9FkGNW0tlDESpyV+GTF7TJGVwsS44x2UUZOoGUmBlXKSK7bWllRKjHg+vhy0CFKIGIam5IJjdfWnPGqekRRl+NBxsseIPuW2YbLSEGH2Qso1MQlp1aOVUO87/znBU6EA6VYyg5HOVjQIyLDbOzsFYVeca4E1L8hhL9bGBpwMHUBw67xQGyv/cel7blyYqfnDZn~3748933~3622468; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dSun, 27 Nov 2022 22:26:22 GMT; Max-Age\u003d14400; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d91",
    "origin; dur\u003d102"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body
{"acr":"urn:ibm:security:policy:id:1","amr":["password"],"aud":["8ac2aa19-9b6a-484b-89ab-23235a2e3b09"],"auth_time":1669573502,"iss":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2","name":"ISV Dev","preferred_username":"isvdev@ibm.com","rat":1669573577,"realmName":"cloudIdentityRealm","sub":"6160017N67"}
2022-11-27 18:26:22 SUCCESS
CallProtectedResource
Got a response from the resource endpoint
status
200
endpoint_name
resource
headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-frame-options": "SAMEORIGIN",
  "x-content-type-options": "nosniff",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "expires": "0",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK56b05031-5ad1-4746-834b-cb44849682a2",
  "content-security-policy": "frame-ancestors \u0027self\u0027",
  "x-ua-compatible": "IE\u003dedge",
  "x-global-transaction-id": "efc5c2816383abce07c9057d",
  "content-length": "324",
  "date": "Sun, 27 Nov 2022 18:26:22 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:V/KFnK4B3lUxVbR6u4ZgKEJdILK2Hh6aFy6YrBZ8QGk\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:57871319; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d91414189BA022BE1439EC12A4D117A66~-1~YAAQXXYGF7q7yISEAQAAah5Xuggoys/ADyOeeBYDXkNt2q3rKHEmYpfhmB6NtQk3JuZsuW3IkjxoPkS/ThAioKKINhIa2vwi4Es4pBSLg3/HvKpjMm4p1zo0iH/siVM6yi8negW4behNQgi42B9lWxHr0X2h+V/RoQCqhvexzdKIQKTQf8CWHZgEPB5m/Hg9IAwnVdls7WB8a2N+sc+TCSbe/6YpB34alGRwQbDm7tiYGi39xRD2RnHw4Go8qNFWfYTbo1NZqWYTHemsqJghvwZv7L/20iUOPZ7ZzXiTpIyHoIiW39ENWIz33JI+TDshuW/uUha/0UFPoJjdd3HStr09lpevGEoAfiS5JOxEmziWs0h1Z06D0eDbDt6Do80KgdG78yg\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 27 Nov 2023 18:26:22 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d67B6B67A1FB05701E9D0C3C7328DBDF0~YAAQXXYGF7u7yISEAQAAah5XuhEk0dXY23kmO5fPgm7k0nqxyP9EnhXwnYD8D8QxJrgmY+UovhlkyOMlS63J05S+lPxGkBdK1SNnim2bp1EXuH6TrY7ky/MEzy9FkGNW0tlDESpyV+GTF7TJGVwsS44x2UUZOoGUmBlXKSK7bWllRKjHg+vhy0CFKIGIam5IJjdfWnPGqekRRl+NBxsseIPuW2YbLSEGH2Qso1MQlp1aOVUO87/znBU6EA6VYyg5HOVjQIyLDbOzsFYVeca4E1L8hhL9bGBpwMHUBw67xQGyv/cel7blyYqfnDZn~3748933~3622468; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dSun, 27 Nov 2022 22:26:22 GMT; Max-Age\u003d14400; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d91",
    "origin; dur\u003d102"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
body
{"acr":"urn:ibm:security:policy:id:1","amr":["password"],"aud":["8ac2aa19-9b6a-484b-89ab-23235a2e3b09"],"auth_time":1669573502,"iss":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2","name":"ISV Dev","preferred_username":"isvdev@ibm.com","rat":1669573577,"realmName":"cloudIdentityRealm","sub":"6160017N67"}
2022-11-27 18:26:22 SUCCESS
EnsureHttpStatusCodeIs200
resource endpoint returned the expected http status
expected_status
200
http_status
200
Second authorization: Make request to authorization endpoint
2022-11-27 18:26:22 SUCCESS
WaitFor2Seconds
Pausing for 2 seconds
2022-11-27 18:26:24 SUCCESS
WaitFor2Seconds
Woke up after 2 seconds sleep
2022-11-27 18:26:24 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
8ac2aa19-9b6a-484b-89ab-23235a2e3b09
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback
scope
openid
2022-11-27 18:26:24
CreateRandomStateValue
Created state value
requested_state_length
10
state
3mWerXfuBU
2022-11-27 18:26:24 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
8ac2aa19-9b6a-484b-89ab-23235a2e3b09
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback
scope
openid
state
3mWerXfuBU
2022-11-27 18:26:24
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
3XzbQaXfOx
2022-11-27 18:26:24 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
8ac2aa19-9b6a-484b-89ab-23235a2e3b09
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback
scope
openid
state
3mWerXfuBU
nonce
3XzbQaXfOx
2022-11-27 18:26:24 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
8ac2aa19-9b6a-484b-89ab-23235a2e3b09
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback
scope
openid
state
3mWerXfuBU
nonce
3XzbQaXfOx
response_type
code id_token token
2022-11-27 18:26:24 SUCCESS
AddMaxAge1ToAuthorizationEndpointRequest
Added max_age=1 to authorization endpoint request
client_id
8ac2aa19-9b6a-484b-89ab-23235a2e3b09
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback
scope
openid
state
3mWerXfuBU
nonce
3XzbQaXfOx
response_type
code id_token token
max_age
1
2022-11-27 18:26:24 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
auth_request
{
  "client_id": "8ac2aa19-9b6a-484b-89ab-23235a2e3b09",
  "redirect_uri": "https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback",
  "scope": "openid",
  "state": "3mWerXfuBU",
  "nonce": "3XzbQaXfOx",
  "response_type": "code id_token token",
  "max_age": 1
}
redirect_to_authorization_endpoint
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/authorize?client_id=8ac2aa19-9b6a-484b-89ab-23235a2e3b09&redirect_uri=https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback&scope=openid&state=3mWerXfuBU&nonce=3XzbQaXfOx&response_type=code%20id_token%20token&max_age=1
2022-11-27 18:26:24 REDIRECT
oidcc-max-age-1
Redirecting to authorization endpoint
redirect_to
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/authorize?client_id=8ac2aa19-9b6a-484b-89ab-23235a2e3b09&redirect_uri=https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback&scope=openid&state=3mWerXfuBU&nonce=3XzbQaXfOx&response_type=code%20id_token%20token&max_age=1
2022-11-27 18:26:24 REVIEW IMAGE
ExpectSecondLoginPage
The server must ask the user to login for a second time; a screenshot of this must be uploaded.
img
updatedAt
1669573618373
2022-11-27 18:26:47 INCOMING
oidcc-max-age-1
Incoming HTTP request to /test/a/isv_op_oidc_core_test/callback
incoming_headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "sec-ch-ua-mobile": "?0",
  "sec-ch-ua-platform": "\"Windows\"",
  "referer": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9,zh-CN;q\u003d0.8,zh;q\u003d0.7",
  "cookie": "__utmz\u003d201319536.1668662898.14.3.utmcsr\u003dcertification.openid.net|utmccn\u003d(referral)|utmcmd\u003dreferral|utmcct\u003d/; __utmc\u003d201319536; __utma\u003d201319536.1094656506.1667372526.1669169819.1669192421.17; JSESSIONID\u003dA99EA218D2554846F38BDDE459E8C220",
  "connection": "close"
}
incoming_path
/test/a/isv_op_oidc_core_test/callback
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{}
incoming_body
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json
2022-11-27 18:26:47 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/KYfiYxDVkduWYreotO4d",
  "fullUrl": "https://www.certification.openid.net/test/a/isv_op_oidc_core_test/implicit/KYfiYxDVkduWYreotO4d"
}
2022-11-27 18:26:47 OUTGOING
oidcc-max-age-1
Response to HTTP request to test instance njTuOdQRVqRGfTE
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/isv_op_oidc_core_test/implicit/KYfiYxDVkduWYreotO4d, returnUrl=/log-detail.html?log=njTuOdQRVqRGfTE}]
outgoing_path
callback
2022-11-27 18:26:48 INCOMING
oidcc-max-age-1
Incoming HTTP request to /test/a/isv_op_oidc_core_test/implicit/KYfiYxDVkduWYreotO4d
incoming_headers
{
  "host": "www.certification.openid.net",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "accept": "*/*",
  "content-type": "text/plain",
  "x-requested-with": "XMLHttpRequest",
  "sec-ch-ua-mobile": "?0",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "sec-ch-ua-platform": "\"Windows\"",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9,zh-CN;q\u003d0.8,zh;q\u003d0.7",
  "cookie": "__utmz\u003d201319536.1668662898.14.3.utmcsr\u003dcertification.openid.net|utmccn\u003d(referral)|utmcmd\u003dreferral|utmcct\u003d/; __utmc\u003d201319536; __utma\u003d201319536.1094656506.1667372526.1669169819.1669192421.17; JSESSIONID\u003dA99EA218D2554846F38BDDE459E8C220",
  "connection": "close",
  "content-length": "1537"
}
incoming_path
/test/a/isv_op_oidc_core_test/implicit/KYfiYxDVkduWYreotO4d
incoming_body_form_params
incoming_method
POST
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{}
incoming_body
#access_token=lO9v5-3n8QGqHlB7EtAUbCUOy-d3jIvaOiW58xWU0Fc.uTqcGyCfWKLYCY3x1caFRLUZOY4UutbcFifkxtKK0l7SurbBij1ireDgFK2OZnvFZE2pFxcONUVl7r-_y5806w.M18xNjY5NTczNjA3XzE4&code=6H5ccW1mefGBC7Y3eCvFDNU3-2InKBLx4DhRnhADGHI.s2smvQHKeBfHpp1Vwe76GDINBEz8R9V6jx2j2V9uTiunppZrPymM3xpyS9mRmN2r6tXfFa9lHua9HNH_OcYj9g&expires_in=7199&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJNVE4yaG9fR1hYemxHNEJQcTBQX3VnIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM2MDYsImNfaGFzaCI6IlFoOXhGNi1CdnY1UmUtX2MwbzhYZ2ciLCJleHAiOjE2Njk1ODA4MDcsImlhdCI6MTY2OTU3MzYwNywiaXNzIjoiaHR0cHM6Ly9vaWRjLWNvbmZvcm1hbmNlLnJlbC52ZXJpZnkuaWJtY2xvdWRzZWN1cml0eS5jb20vb2F1dGgyIiwianRpIjoiYTBmYTYyYTktMDk0OC00MTZmLTk3MzMtNDlmYzhkNTIwY2MyIiwibmFtZSI6IklTViBEZXYiLCJub25jZSI6IjNYemJRYVhmT3giLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpc3ZkZXZAaWJtLmNvbSIsInJhdCI6MTY2OTU3MzU4NiwicmVhbG1OYW1lIjoiY2xvdWRJZGVudGl0eVJlYWxtIiwic19oYXNoIjoibUNaaXFLaXU5NWdBbjI4Tm5zdEpGZyIsInN1YiI6IjYxNjAwMTdONjcifQ.q6aF3zfHXRA9KTYnUUawb6ofdpyVh99G5odBCm_fF5JJ6qLpJ3DEeowcRyeocmyeQyD8YEp7-UBH4rw3THWtZEfi7Og6YCrqhN9nOglqD_CFff-NswCAdpkSe3SmxkeCjVDw_tqgO6xaXNfVdAHKsWDT-hLLZDP0VgItEwmmqmW9zjsO6QHSwX17oAOIvqAkzILqt_N3gAY7Jj6rYIqsihp2Hbfk6aRQzHf_-GgsnbbATV6qOKL31pXXHgYWsM0kazjUQn38xZEModv4HTTk2RW3ze0OSPI-ik0UIfEfUp0W7sMBhSlFL6R91QDmVA4TDRcNhFEBvYLXP3R6_jh0CQ&iss=https%3A%2F%2Foidc-conformance.rel.verify.ibmcloudsecurity.com%2Foauth2&scope=openid&state=3mWerXfuBU&token_type=bearer
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json
2022-11-27 18:26:48 OUTGOING
oidcc-max-age-1
Response to HTTP request to test instance njTuOdQRVqRGfTE
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/KYfiYxDVkduWYreotO4d
2022-11-27 18:26:48
ExtractImplicitHashToCallbackResponse
Extracted response from URL fragment
parameters
[
  {
    "name": "access_token",
    "value": "lO9v5-3n8QGqHlB7EtAUbCUOy-d3jIvaOiW58xWU0Fc.uTqcGyCfWKLYCY3x1caFRLUZOY4UutbcFifkxtKK0l7SurbBij1ireDgFK2OZnvFZE2pFxcONUVl7r-_y5806w.M18xNjY5NTczNjA3XzE4"
  },
  {
    "name": "code",
    "value": "6H5ccW1mefGBC7Y3eCvFDNU3-2InKBLx4DhRnhADGHI.s2smvQHKeBfHpp1Vwe76GDINBEz8R9V6jx2j2V9uTiunppZrPymM3xpyS9mRmN2r6tXfFa9lHua9HNH_OcYj9g"
  },
  {
    "name": "expires_in",
    "value": "7199"
  },
  {
    "name": "id_token",
    "value": "eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJNVE4yaG9fR1hYemxHNEJQcTBQX3VnIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM2MDYsImNfaGFzaCI6IlFoOXhGNi1CdnY1UmUtX2MwbzhYZ2ciLCJleHAiOjE2Njk1ODA4MDcsImlhdCI6MTY2OTU3MzYwNywiaXNzIjoiaHR0cHM6Ly9vaWRjLWNvbmZvcm1hbmNlLnJlbC52ZXJpZnkuaWJtY2xvdWRzZWN1cml0eS5jb20vb2F1dGgyIiwianRpIjoiYTBmYTYyYTktMDk0OC00MTZmLTk3MzMtNDlmYzhkNTIwY2MyIiwibmFtZSI6IklTViBEZXYiLCJub25jZSI6IjNYemJRYVhmT3giLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpc3ZkZXZAaWJtLmNvbSIsInJhdCI6MTY2OTU3MzU4NiwicmVhbG1OYW1lIjoiY2xvdWRJZGVudGl0eVJlYWxtIiwic19oYXNoIjoibUNaaXFLaXU5NWdBbjI4Tm5zdEpGZyIsInN1YiI6IjYxNjAwMTdONjcifQ.q6aF3zfHXRA9KTYnUUawb6ofdpyVh99G5odBCm_fF5JJ6qLpJ3DEeowcRyeocmyeQyD8YEp7-UBH4rw3THWtZEfi7Og6YCrqhN9nOglqD_CFff-NswCAdpkSe3SmxkeCjVDw_tqgO6xaXNfVdAHKsWDT-hLLZDP0VgItEwmmqmW9zjsO6QHSwX17oAOIvqAkzILqt_N3gAY7Jj6rYIqsihp2Hbfk6aRQzHf_-GgsnbbATV6qOKL31pXXHgYWsM0kazjUQn38xZEModv4HTTk2RW3ze0OSPI-ik0UIfEfUp0W7sMBhSlFL6R91QDmVA4TDRcNhFEBvYLXP3R6_jh0CQ"
  },
  {
    "name": "iss",
    "value": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2"
  },
  {
    "name": "scope",
    "value": "openid"
  },
  {
    "name": "state",
    "value": "3mWerXfuBU"
  },
  {
    "name": "token_type",
    "value": "bearer"
  }
]
2022-11-27 18:26:48 SUCCESS
ExtractImplicitHashToCallbackResponse
Extracted the hash values
access_token
lO9v5-3n8QGqHlB7EtAUbCUOy-d3jIvaOiW58xWU0Fc.uTqcGyCfWKLYCY3x1caFRLUZOY4UutbcFifkxtKK0l7SurbBij1ireDgFK2OZnvFZE2pFxcONUVl7r-_y5806w.M18xNjY5NTczNjA3XzE4
code
6H5ccW1mefGBC7Y3eCvFDNU3-2InKBLx4DhRnhADGHI.s2smvQHKeBfHpp1Vwe76GDINBEz8R9V6jx2j2V9uTiunppZrPymM3xpyS9mRmN2r6tXfFa9lHua9HNH_OcYj9g
expires_in
7199
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJNVE4yaG9fR1hYemxHNEJQcTBQX3VnIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM2MDYsImNfaGFzaCI6IlFoOXhGNi1CdnY1UmUtX2MwbzhYZ2ciLCJleHAiOjE2Njk1ODA4MDcsImlhdCI6MTY2OTU3MzYwNywiaXNzIjoiaHR0cHM6Ly9vaWRjLWNvbmZvcm1hbmNlLnJlbC52ZXJpZnkuaWJtY2xvdWRzZWN1cml0eS5jb20vb2F1dGgyIiwianRpIjoiYTBmYTYyYTktMDk0OC00MTZmLTk3MzMtNDlmYzhkNTIwY2MyIiwibmFtZSI6IklTViBEZXYiLCJub25jZSI6IjNYemJRYVhmT3giLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpc3ZkZXZAaWJtLmNvbSIsInJhdCI6MTY2OTU3MzU4NiwicmVhbG1OYW1lIjoiY2xvdWRJZGVudGl0eVJlYWxtIiwic19oYXNoIjoibUNaaXFLaXU5NWdBbjI4Tm5zdEpGZyIsInN1YiI6IjYxNjAwMTdONjcifQ.q6aF3zfHXRA9KTYnUUawb6ofdpyVh99G5odBCm_fF5JJ6qLpJ3DEeowcRyeocmyeQyD8YEp7-UBH4rw3THWtZEfi7Og6YCrqhN9nOglqD_CFff-NswCAdpkSe3SmxkeCjVDw_tqgO6xaXNfVdAHKsWDT-hLLZDP0VgItEwmmqmW9zjsO6QHSwX17oAOIvqAkzILqt_N3gAY7Jj6rYIqsihp2Hbfk6aRQzHf_-GgsnbbATV6qOKL31pXXHgYWsM0kazjUQn38xZEModv4HTTk2RW3ze0OSPI-ik0UIfEfUp0W7sMBhSlFL6R91QDmVA4TDRcNhFEBvYLXP3R6_jh0CQ
iss
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2
scope
openid
state
3mWerXfuBU
token_type
bearer
2022-11-27 18:26:48 REDIRECT-IN
oidcc-max-age-1
Authorization endpoint response captured
url_query
{}
headers
{
  "host": "www.certification.openid.net",
  "cache-control": "max-age\u003d0",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "sec-ch-ua-mobile": "?0",
  "sec-ch-ua-platform": "\"Windows\"",
  "referer": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9,zh-CN;q\u003d0.8,zh;q\u003d0.7",
  "cookie": "__utmz\u003d201319536.1668662898.14.3.utmcsr\u003dcertification.openid.net|utmccn\u003d(referral)|utmcmd\u003dreferral|utmcct\u003d/; __utmc\u003d201319536; __utma\u003d201319536.1094656506.1667372526.1669169819.1669192421.17; JSESSIONID\u003dA99EA218D2554846F38BDDE459E8C220",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-proto": "https",
  "x-forwarded-port": "443",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{
  "access_token": "lO9v5-3n8QGqHlB7EtAUbCUOy-d3jIvaOiW58xWU0Fc.uTqcGyCfWKLYCY3x1caFRLUZOY4UutbcFifkxtKK0l7SurbBij1ireDgFK2OZnvFZE2pFxcONUVl7r-_y5806w.M18xNjY5NTczNjA3XzE4",
  "code": "6H5ccW1mefGBC7Y3eCvFDNU3-2InKBLx4DhRnhADGHI.s2smvQHKeBfHpp1Vwe76GDINBEz8R9V6jx2j2V9uTiunppZrPymM3xpyS9mRmN2r6tXfFa9lHua9HNH_OcYj9g",
  "expires_in": "7199",
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJNVE4yaG9fR1hYemxHNEJQcTBQX3VnIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM2MDYsImNfaGFzaCI6IlFoOXhGNi1CdnY1UmUtX2MwbzhYZ2ciLCJleHAiOjE2Njk1ODA4MDcsImlhdCI6MTY2OTU3MzYwNywiaXNzIjoiaHR0cHM6Ly9vaWRjLWNvbmZvcm1hbmNlLnJlbC52ZXJpZnkuaWJtY2xvdWRzZWN1cml0eS5jb20vb2F1dGgyIiwianRpIjoiYTBmYTYyYTktMDk0OC00MTZmLTk3MzMtNDlmYzhkNTIwY2MyIiwibmFtZSI6IklTViBEZXYiLCJub25jZSI6IjNYemJRYVhmT3giLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpc3ZkZXZAaWJtLmNvbSIsInJhdCI6MTY2OTU3MzU4NiwicmVhbG1OYW1lIjoiY2xvdWRJZGVudGl0eVJlYWxtIiwic19oYXNoIjoibUNaaXFLaXU5NWdBbjI4Tm5zdEpGZyIsInN1YiI6IjYxNjAwMTdONjcifQ.q6aF3zfHXRA9KTYnUUawb6ofdpyVh99G5odBCm_fF5JJ6qLpJ3DEeowcRyeocmyeQyD8YEp7-UBH4rw3THWtZEfi7Og6YCrqhN9nOglqD_CFff-NswCAdpkSe3SmxkeCjVDw_tqgO6xaXNfVdAHKsWDT-hLLZDP0VgItEwmmqmW9zjsO6QHSwX17oAOIvqAkzILqt_N3gAY7Jj6rYIqsihp2Hbfk6aRQzHf_-GgsnbbATV6qOKL31pXXHgYWsM0kazjUQn38xZEModv4HTTk2RW3ze0OSPI-ik0UIfEfUp0W7sMBhSlFL6R91QDmVA4TDRcNhFEBvYLXP3R6_jh0CQ",
  "iss": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2",
  "scope": "openid",
  "state": "3mWerXfuBU",
  "token_type": "bearer"
}
post_body
Second authorization: Verify authorization endpoint response
2022-11-27 18:26:48 SUCCESS
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
2022-11-27 18:26:48 SUCCESS
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
2022-11-27 18:26:48 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2022-11-27 18:26:48 SUCCESS
ValidateIssInAuthorizationResponse
'iss' parameter in authorization response matches server's issuer value.
2022-11-27 18:26:48 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2022-11-27 18:26:48 SUCCESS
CheckStateInAuthorizationResponse
State in response correctly returned
state
3mWerXfuBU
2022-11-27 18:26:48 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
6H5ccW1mefGBC7Y3eCvFDNU3-2InKBLx4DhRnhADGHI.s2smvQHKeBfHpp1Vwe76GDINBEz8R9V6jx2j2V9uTiunppZrPymM3xpyS9mRmN2r6tXfFa9lHua9HNH_OcYj9g
2022-11-27 18:26:48 SUCCESS
ExtractAccessTokenFromAuthorizationResponse
Extracted the access token
value
lO9v5-3n8QGqHlB7EtAUbCUOy-d3jIvaOiW58xWU0Fc.uTqcGyCfWKLYCY3x1caFRLUZOY4UutbcFifkxtKK0l7SurbBij1ireDgFK2OZnvFZE2pFxcONUVl7r-_y5806w.M18xNjY5NTczNjA3XzE4
type
bearer
2022-11-27 18:26:48 SUCCESS
ExtractIdTokenFromAuthorizationResponse
Found and parsed the id_token from authorization_endpoint_response
value
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJNVE4yaG9fR1hYemxHNEJQcTBQX3VnIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM2MDYsImNfaGFzaCI6IlFoOXhGNi1CdnY1UmUtX2MwbzhYZ2ciLCJleHAiOjE2Njk1ODA4MDcsImlhdCI6MTY2OTU3MzYwNywiaXNzIjoiaHR0cHM6Ly9vaWRjLWNvbmZvcm1hbmNlLnJlbC52ZXJpZnkuaWJtY2xvdWRzZWN1cml0eS5jb20vb2F1dGgyIiwianRpIjoiYTBmYTYyYTktMDk0OC00MTZmLTk3MzMtNDlmYzhkNTIwY2MyIiwibmFtZSI6IklTViBEZXYiLCJub25jZSI6IjNYemJRYVhmT3giLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpc3ZkZXZAaWJtLmNvbSIsInJhdCI6MTY2OTU3MzU4NiwicmVhbG1OYW1lIjoiY2xvdWRJZGVudGl0eVJlYWxtIiwic19oYXNoIjoibUNaaXFLaXU5NWdBbjI4Tm5zdEpGZyIsInN1YiI6IjYxNjAwMTdONjcifQ.q6aF3zfHXRA9KTYnUUawb6ofdpyVh99G5odBCm_fF5JJ6qLpJ3DEeowcRyeocmyeQyD8YEp7-UBH4rw3THWtZEfi7Og6YCrqhN9nOglqD_CFff-NswCAdpkSe3SmxkeCjVDw_tqgO6xaXNfVdAHKsWDT-hLLZDP0VgItEwmmqmW9zjsO6QHSwX17oAOIvqAkzILqt_N3gAY7Jj6rYIqsihp2Hbfk6aRQzHf_-GgsnbbATV6qOKL31pXXHgYWsM0kazjUQn38xZEModv4HTTk2RW3ze0OSPI-ik0UIfEfUp0W7sMBhSlFL6R91QDmVA4TDRcNhFEBvYLXP3R6_jh0CQ
header
{
  "kid": "server",
  "alg": "RS256"
}
claims
{
  "at_hash": "MTN2ho_GXXzlG4BPq0P_ug",
  "sub": "6160017N67",
  "rat": 1669573586,
  "realmName": "cloudIdentityRealm",
  "amr": [
    "password"
  ],
  "iss": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2",
  "preferred_username": "isvdev@ibm.com",
  "nonce": "3XzbQaXfOx",
  "acr": "urn:ibm:security:policy:id:1",
  "aud": "8ac2aa19-9b6a-484b-89ab-23235a2e3b09",
  "c_hash": "Qh9xF6-Bvv5Re-_c0o8Xgg",
  "s_hash": "mCZiqKiu95gAn28NnstJFg",
  "auth_time": 1669573606,
  "name": "ISV Dev",
  "exp": 1669580807,
  "iat": 1669573607,
  "jti": "a0fa62a9-0948-416f-9733-49fc8d520cc2"
}
2022-11-27 18:26:48 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2022-11-27 18:26:48
ValidateIdTokenStandardClaims
sub is a string with content
2022-11-27 18:26:48
ValidateIdTokenStandardClaims
Skipping unknown claim: rat
2022-11-27 18:26:48
ValidateIdTokenStandardClaims
Skipping unknown claim: realmName
2022-11-27 18:26:48
ValidateIdTokenStandardClaims
preferred_username is a string with content
2022-11-27 18:26:48
ValidateIdTokenStandardClaims
name is a string with content
2022-11-27 18:26:48 SUCCESS
ValidateIdTokenStandardClaims
id_token claims are valid
2022-11-27 18:26:48 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
3XzbQaXfOx
2022-11-27 18:26:48 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2022-11-27 18:26:48 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJNVE4yaG9fR1hYemxHNEJQcTBQX3VnIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM2MDYsImNfaGFzaCI6IlFoOXhGNi1CdnY1UmUtX2MwbzhYZ2ciLCJleHAiOjE2Njk1ODA4MDcsImlhdCI6MTY2OTU3MzYwNywiaXNzIjoiaHR0cHM6Ly9vaWRjLWNvbmZvcm1hbmNlLnJlbC52ZXJpZnkuaWJtY2xvdWRzZWN1cml0eS5jb20vb2F1dGgyIiwianRpIjoiYTBmYTYyYTktMDk0OC00MTZmLTk3MzMtNDlmYzhkNTIwY2MyIiwibmFtZSI6IklTViBEZXYiLCJub25jZSI6IjNYemJRYVhmT3giLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpc3ZkZXZAaWJtLmNvbSIsInJhdCI6MTY2OTU3MzU4NiwicmVhbG1OYW1lIjoiY2xvdWRJZGVudGl0eVJlYWxtIiwic19oYXNoIjoibUNaaXFLaXU5NWdBbjI4Tm5zdEpGZyIsInN1YiI6IjYxNjAwMTdONjcifQ.q6aF3zfHXRA9KTYnUUawb6ofdpyVh99G5odBCm_fF5JJ6qLpJ3DEeowcRyeocmyeQyD8YEp7-UBH4rw3THWtZEfi7Og6YCrqhN9nOglqD_CFff-NswCAdpkSe3SmxkeCjVDw_tqgO6xaXNfVdAHKsWDT-hLLZDP0VgItEwmmqmW9zjsO6QHSwX17oAOIvqAkzILqt_N3gAY7Jj6rYIqsihp2Hbfk6aRQzHf_-GgsnbbATV6qOKL31pXXHgYWsM0kazjUQn38xZEModv4HTTk2RW3ze0OSPI-ik0UIfEfUp0W7sMBhSlFL6R91QDmVA4TDRcNhFEBvYLXP3R6_jh0CQ
2022-11-27 18:26:48 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJNVE4yaG9fR1hYemxHNEJQcTBQX3VnIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM2MDYsImNfaGFzaCI6IlFoOXhGNi1CdnY1UmUtX2MwbzhYZ2ciLCJleHAiOjE2Njk1ODA4MDcsImlhdCI6MTY2OTU3MzYwNywiaXNzIjoiaHR0cHM6Ly9vaWRjLWNvbmZvcm1hbmNlLnJlbC52ZXJpZnkuaWJtY2xvdWRzZWN1cml0eS5jb20vb2F1dGgyIiwianRpIjoiYTBmYTYyYTktMDk0OC00MTZmLTk3MzMtNDlmYzhkNTIwY2MyIiwibmFtZSI6IklTViBEZXYiLCJub25jZSI6IjNYemJRYVhmT3giLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpc3ZkZXZAaWJtLmNvbSIsInJhdCI6MTY2OTU3MzU4NiwicmVhbG1OYW1lIjoiY2xvdWRJZGVudGl0eVJlYWxtIiwic19oYXNoIjoibUNaaXFLaXU5NWdBbjI4Tm5zdEpGZyIsInN1YiI6IjYxNjAwMTdONjcifQ.q6aF3zfHXRA9KTYnUUawb6ofdpyVh99G5odBCm_fF5JJ6qLpJ3DEeowcRyeocmyeQyD8YEp7-UBH4rw3THWtZEfi7Og6YCrqhN9nOglqD_CFff-NswCAdpkSe3SmxkeCjVDw_tqgO6xaXNfVdAHKsWDT-hLLZDP0VgItEwmmqmW9zjsO6QHSwX17oAOIvqAkzILqt_N3gAY7Jj6rYIqsihp2Hbfk6aRQzHf_-GgsnbbATV6qOKL31pXXHgYWsM0kazjUQn38xZEModv4HTTk2RW3ze0OSPI-ik0UIfEfUp0W7sMBhSlFL6R91QDmVA4TDRcNhFEBvYLXP3R6_jh0CQ
2022-11-27 18:26:48 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
6160017N67
2022-11-27 18:26:48
EnsureIdTokenUpdatedAtValid
id_token response does not contain 'updated_at'
2022-11-27 18:26:48 INFO
ValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2022-11-27 18:26:48 SUCCESS
CheckIdTokenAuthTimeClaimPresentDueToMaxAge
auth_time is present in the id_token, as required for a authentication where the max_age parameter was used
id_token
{
  "at_hash": "MTN2ho_GXXzlG4BPq0P_ug",
  "sub": "6160017N67",
  "rat": 1669573586,
  "realmName": "cloudIdentityRealm",
  "amr": [
    "password"
  ],
  "iss": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2",
  "preferred_username": "isvdev@ibm.com",
  "nonce": "3XzbQaXfOx",
  "acr": "urn:ibm:security:policy:id:1",
  "aud": "8ac2aa19-9b6a-484b-89ab-23235a2e3b09",
  "c_hash": "Qh9xF6-Bvv5Re-_c0o8Xgg",
  "s_hash": "mCZiqKiu95gAn28NnstJFg",
  "auth_time": 1669573606,
  "name": "ISV Dev",
  "exp": 1669580807,
  "iat": 1669573607,
  "jti": "a0fa62a9-0948-416f-9733-49fc8d520cc2"
}
2022-11-27 18:26:48 SUCCESS
CheckSecondIdTokenAuthTimeIsLaterIfPresent
auth_time is later in the second id_token
first_id_token
{
  "at_hash": "Prt1ynuFhoHINFLcI8U9lQ",
  "sub": "6160017N67",
  "rat": 1669573577,
  "realmName": "cloudIdentityRealm",
  "amr": [
    "password"
  ],
  "iss": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2",
  "preferred_username": "isvdev@ibm.com",
  "nonce": "GzYpLm6H2S",
  "acr": "urn:ibm:security:policy:id:1",
  "aud": "8ac2aa19-9b6a-484b-89ab-23235a2e3b09",
  "s_hash": "3lvtU5DYVwZqwMvcS0omZA",
  "auth_time": 1669573502,
  "name": "ISV Dev",
  "exp": 1669580782,
  "iat": 1669573582,
  "jti": "b6fd8c55-690e-4ccb-ad5e-4d627dee09bf"
}
second_id_token
{
  "at_hash": "MTN2ho_GXXzlG4BPq0P_ug",
  "sub": "6160017N67",
  "rat": 1669573586,
  "realmName": "cloudIdentityRealm",
  "amr": [
    "password"
  ],
  "iss": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2",
  "preferred_username": "isvdev@ibm.com",
  "nonce": "3XzbQaXfOx",
  "acr": "urn:ibm:security:policy:id:1",
  "aud": "8ac2aa19-9b6a-484b-89ab-23235a2e3b09",
  "c_hash": "Qh9xF6-Bvv5Re-_c0o8Xgg",
  "s_hash": "mCZiqKiu95gAn28NnstJFg",
  "auth_time": 1669573606,
  "name": "ISV Dev",
  "exp": 1669580807,
  "iat": 1669573607,
  "jti": "a0fa62a9-0948-416f-9733-49fc8d520cc2"
}
2022-11-27 18:26:48 SUCCESS
CheckIdTokenAuthTimeIsRecentIfPresent
auth_time in id_token is recent
auth_time
"Nov 27, 2022, 6:26:46 PM"
now
"Nov 27, 2022, 6:26:48 PM"
Second authorization: Userinfo endpoint tests
2022-11-27 18:26:48
CallProtectedResource
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/userinfo
request_method
GET
request_headers
{
  "accept": "application/json",
  "authorization": "bearer lO9v5-3n8QGqHlB7EtAUbCUOy-d3jIvaOiW58xWU0Fc.uTqcGyCfWKLYCY3x1caFRLUZOY4UutbcFifkxtKK0l7SurbBij1ireDgFK2OZnvFZE2pFxcONUVl7r-_y5806w.M18xNjY5NTczNjA3XzE4",
  "content-length": "0"
}
request_body

                                
2022-11-27 18:26:48 RESPONSE
CallProtectedResource
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-frame-options": "SAMEORIGIN",
  "x-content-type-options": "nosniff",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "expires": "0",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK9f068557-8f94-42b8-8159-75ffc192b108",
  "content-security-policy": "frame-ancestors \u0027self\u0027",
  "x-ua-compatible": "IE\u003dedge",
  "x-global-transaction-id": "efc5c2816383abe810e5b5b9",
  "content-length": "324",
  "date": "Sun, 27 Nov 2022 18:26:48 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:w4UYUP5LeKM5VeTUOBTkOF1au6YM5j9GdZhOJXGcV6Y\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:61017047; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d2899DE38FBE529B997120EEAB979EA41~-1~YAAQXXYGFyfAyISEAQAAO4VXugg6tkmQQeanK4HmDMP0+fXIja4OdmuSUSOViYATh2kC55+UAp/Hq8E9c0NcFYS63gLa27vWVEd8+W69f3r8Ed22onU/a9JwnoL+xLUenvX774lo1BbXN80JFYebWrxaOgUbT3Kn0ncQ/k6R9OgiVo7/KId1P8r6b1iCXMAMXQ96pvJ1R0unyYnSjzilaOAtVP0aCNEZ1GxfzCMADkL5xzpNjEaCuTwn6aSAc9m9206TQ1hUQLwBfer0GeTJ7OgWh6nn9FLoGlxhGvfFggmXiyQRantWA8jXIFuovw9LfdSnV+4MY2Kfg7yMF7D2if0o5raKjP3qju95eCgi8USZZ5I+A8w90VsS4bjvubueA3io/OI\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 27 Nov 2023 18:26:48 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d995EBE704C8DC764339ADF93C41CA37D~YAAQXXYGFyjAyISEAQAAO4VXuhGI6S3RX4eOGFNqybB9OOngcAVge2D+YSuS1s+NbAUZcpEaTmy0FmWNolKcJPKDXUIF0nETArXqUS2uX7XqO1UQlTNYphLDwbut9/2pXRan704jzFX4pKi5zOfgNPF6gJ4f1L6jLcn/4QUjKVyBwpc0eE2evL87trsKOX2bWMiiUlJfwmSZ1yXcgZKqkspWJ3XeliHD7NiDlZqyqxv2dEG89gY+62jLYCb1cF5gbroRwz+Z/4mO+RKZ3cgPYAGeRsoksZ6Hssdqa5DJzSOzuQO0ZcND1StiCs/Z~3684678~4602168; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dSun, 27 Nov 2022 22:26:48 GMT; Max-Age\u003d14400; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d93",
    "origin; dur\u003d112"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body
{"acr":"urn:ibm:security:policy:id:1","amr":["password"],"aud":["8ac2aa19-9b6a-484b-89ab-23235a2e3b09"],"auth_time":1669573606,"iss":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2","name":"ISV Dev","preferred_username":"isvdev@ibm.com","rat":1669573586,"realmName":"cloudIdentityRealm","sub":"6160017N67"}
2022-11-27 18:26:48 SUCCESS
CallProtectedResource
Got a response from the resource endpoint
status
200
endpoint_name
resource
headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-frame-options": "SAMEORIGIN",
  "x-content-type-options": "nosniff",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "expires": "0",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK9f068557-8f94-42b8-8159-75ffc192b108",
  "content-security-policy": "frame-ancestors \u0027self\u0027",
  "x-ua-compatible": "IE\u003dedge",
  "x-global-transaction-id": "efc5c2816383abe810e5b5b9",
  "content-length": "324",
  "date": "Sun, 27 Nov 2022 18:26:48 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:w4UYUP5LeKM5VeTUOBTkOF1au6YM5j9GdZhOJXGcV6Y\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:61017047; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d2899DE38FBE529B997120EEAB979EA41~-1~YAAQXXYGFyfAyISEAQAAO4VXugg6tkmQQeanK4HmDMP0+fXIja4OdmuSUSOViYATh2kC55+UAp/Hq8E9c0NcFYS63gLa27vWVEd8+W69f3r8Ed22onU/a9JwnoL+xLUenvX774lo1BbXN80JFYebWrxaOgUbT3Kn0ncQ/k6R9OgiVo7/KId1P8r6b1iCXMAMXQ96pvJ1R0unyYnSjzilaOAtVP0aCNEZ1GxfzCMADkL5xzpNjEaCuTwn6aSAc9m9206TQ1hUQLwBfer0GeTJ7OgWh6nn9FLoGlxhGvfFggmXiyQRantWA8jXIFuovw9LfdSnV+4MY2Kfg7yMF7D2if0o5raKjP3qju95eCgi8USZZ5I+A8w90VsS4bjvubueA3io/OI\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 27 Nov 2023 18:26:48 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d995EBE704C8DC764339ADF93C41CA37D~YAAQXXYGFyjAyISEAQAAO4VXuhGI6S3RX4eOGFNqybB9OOngcAVge2D+YSuS1s+NbAUZcpEaTmy0FmWNolKcJPKDXUIF0nETArXqUS2uX7XqO1UQlTNYphLDwbut9/2pXRan704jzFX4pKi5zOfgNPF6gJ4f1L6jLcn/4QUjKVyBwpc0eE2evL87trsKOX2bWMiiUlJfwmSZ1yXcgZKqkspWJ3XeliHD7NiDlZqyqxv2dEG89gY+62jLYCb1cF5gbroRwz+Z/4mO+RKZ3cgPYAGeRsoksZ6Hssdqa5DJzSOzuQO0ZcND1StiCs/Z~3684678~4602168; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dSun, 27 Nov 2022 22:26:48 GMT; Max-Age\u003d14400; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d93",
    "origin; dur\u003d112"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
body
{"acr":"urn:ibm:security:policy:id:1","amr":["password"],"aud":["8ac2aa19-9b6a-484b-89ab-23235a2e3b09"],"auth_time":1669573606,"iss":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2","name":"ISV Dev","preferred_username":"isvdev@ibm.com","rat":1669573586,"realmName":"cloudIdentityRealm","sub":"6160017N67"}
2022-11-27 18:26:48 SUCCESS
EnsureHttpStatusCodeIs200
resource endpoint returned the expected http status
expected_status
200
http_status
200
2022-11-27 18:26:48 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
Created token endpoint request
grant_type
authorization_code
code
6H5ccW1mefGBC7Y3eCvFDNU3-2InKBLx4DhRnhADGHI.s2smvQHKeBfHpp1Vwe76GDINBEz8R9V6jx2j2V9uTiunppZrPymM3xpyS9mRmN2r6tXfFa9lHua9HNH_OcYj9g
redirect_uri
https://www.certification.openid.net/test/a/isv_op_oidc_core_test/callback
2022-11-27 18:26:48 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic OGFjMmFhMTktOWI2YS00ODRiLTg5YWItMjMyMzVhMmUzYjA5Onl5alpZenRSb1c=
2022-11-27 18:26:48
CallTokenEndpoint
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/token
request_method
POST
request_headers
{
  "accept": "application/json",
  "authorization": "Basic OGFjMmFhMTktOWI2YS00ODRiLTg5YWItMjMyMzVhMmUzYjA5Onl5alpZenRSb1c\u003d",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "267"
}
request_body
grant_type=authorization_code&code=6H5ccW1mefGBC7Y3eCvFDNU3-2InKBLx4DhRnhADGHI.s2smvQHKeBfHpp1Vwe76GDINBEz8R9V6jx2j2V9uTiunppZrPymM3xpyS9mRmN2r6tXfFa9lHua9HNH_OcYj9g&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2Fisv_op_oidc_core_test%2Fcallback
2022-11-27 18:26:49 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-content-type-options": "nosniff",
  "cache-control": "no-store",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AKa4b983f2-6ed8-4724-9fe7-40d494d987ec",
  "pragma": "no-cache",
  "x-global-transaction-id": "efc5c2816383abe8354c3d11",
  "content-length": "1281",
  "date": "Sun, 27 Nov 2022 18:26:49 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:jFvcstI8Fb1bWvUsd0AWsCxxVHXqY0YdUeBbmEOdizU\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:54725591; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003dE4DCCBFD8819CFF98CF4C04F2E76609C~-1~YAAQXXYGFzjAyISEAQAAKIdXuggdRxmPFeyh1sgUB5k4EOptsNfEJkSy6hYHDuXW+pASi8gziEXoR30E0sRdLmXsYZVQm0A2U1MZrnDVpfm4TwXZKpR+b22iFMtycYm+3Q2LOmYtXBYrPT1uceWw55PrGrMkQVDsfBy9rrWMIMBXNjZSUNuySpcx+SjRZn0YBFFecIdYqVwbmYnX7hSa2nIf41lRvKDDAOmKZcqMEdL8Ahj3TKY1EJrEMLfkfxtvPs7qCoP4lKDWKSEsgwg939HvcpS9o4Du/YrHAus60bYtW66aUtwhTFJAq68KsfX54PW/WvU7G3/JFwFKdjE0ahfOEwLs8Aol/7NYTKArJkFPTh+2bx3ckrAiy2lO80J0eX0/Dzg\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 27 Nov 2023 18:26:49 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003dC61377DC75D61CA1C1B92CBC761F6A85~YAAQXXYGFznAyISEAQAAKIdXuhH0OXVZBTX1xwSbVc2Xu1uUcUi1Q7yFj43We4PpYP7Z+v1oGNQ2M115TxrnTcu/H5SWKLjevKNTz8ihwzdzesIu/I9d+aVup5v3DjxX5E3AqQFbZXcgnvdlwFbDenTrM5Z1TMYeH64yMXCmsVInJHoB3MWBS5/paPFmXeyAKkVfeibvcNnrNX+bRWH+z4LwyslL0/1njPMbRhaCiyEepQifZQoU3JMWKaN/JT0kzi4ha5kwTWm2givrvmLp+S/vF4i9M0YTxx5USZyMiKTqsLVkc8DtFzyPVq2n~3684678~4602168; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dSun, 27 Nov 2022 22:26:48 GMT; Max-Age\u003d14399; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d108",
    "origin; dur\u003d314"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body
{"access_token":"r9mxaxJj5yY5W4nzLMAMGFONhnRzccFMg-OKamom3FM.u2zNH71kcExnIPIGVBOuxFoWJ-N8XH9gbfMXAXxcdRrKpaHCpYRZ2tY4AycR14lj3K-ZukyIGfPiWJGfLKRjzA.M18xNjY5NTczNjA5XzE4","expires_in":7199,"id_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJXZFhDcWhjS1lKZ3MxZ3A4UnhjRFVRIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM2MDYsImV4cCI6MTY2OTU4MDgwOSwiaWF0IjoxNjY5NTczNjA5LCJpc3MiOiJodHRwczovL29pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbS9vYXV0aDIiLCJqdGkiOiI4MWE4M2MwMC1iY2Y1LTQ2ZDktOTQ1ZS0zNWFhYzZjODRiZTIiLCJuYW1lIjoiSVNWIERldiIsIm5vbmNlIjoiM1h6YlFhWGZPeCIsInByZWZlcnJlZF91c2VybmFtZSI6ImlzdmRldkBpYm0uY29tIiwicmF0IjoxNjY5NTczNTg2LCJyZWFsbU5hbWUiOiJjbG91ZElkZW50aXR5UmVhbG0iLCJzX2hhc2giOiJtQ1ppcUtpdTk1Z0FuMjhObnN0SkZnIiwic3ViIjoiNjE2MDAxN042NyJ9.dOymrk_wgpxG4JZpwW4dDcEGEi47gmAfx4QzYBgccyl2lkmxY5nxK-3AY8eylRrEqqL0kWzetk0ZBYq0iL36s7EtP_ZwL8_df3nm4FTZ4n1SwaqNcEaWl847YisLQQNZcJVK03W4Tk9dA0voK1-2hQDU1XXd8a3_ycKD2i7VNDWGqJd6-pPiL-ZTuyJkak-cu9VfpEtlMUQe7NMIQ2rXa4Q9IGNa-6kD0Nm_tnZn_9VbMgq2wpEz9DUX9ZRsMHw8j-zgyrrzw_NAY6pODNpLkIfRmYSZPBLtL87oJRExhP2NxIcSgST1xcznSFEzFeQTmsQNl8uTnoRiouEKdCiauw","scope":"openid","token_type":"bearer"}
2022-11-27 18:26:49 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
access_token
r9mxaxJj5yY5W4nzLMAMGFONhnRzccFMg-OKamom3FM.u2zNH71kcExnIPIGVBOuxFoWJ-N8XH9gbfMXAXxcdRrKpaHCpYRZ2tY4AycR14lj3K-ZukyIGfPiWJGfLKRjzA.M18xNjY5NTczNjA5XzE4
expires_in
7199
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJXZFhDcWhjS1lKZ3MxZ3A4UnhjRFVRIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM2MDYsImV4cCI6MTY2OTU4MDgwOSwiaWF0IjoxNjY5NTczNjA5LCJpc3MiOiJodHRwczovL29pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbS9vYXV0aDIiLCJqdGkiOiI4MWE4M2MwMC1iY2Y1LTQ2ZDktOTQ1ZS0zNWFhYzZjODRiZTIiLCJuYW1lIjoiSVNWIERldiIsIm5vbmNlIjoiM1h6YlFhWGZPeCIsInByZWZlcnJlZF91c2VybmFtZSI6ImlzdmRldkBpYm0uY29tIiwicmF0IjoxNjY5NTczNTg2LCJyZWFsbU5hbWUiOiJjbG91ZElkZW50aXR5UmVhbG0iLCJzX2hhc2giOiJtQ1ppcUtpdTk1Z0FuMjhObnN0SkZnIiwic3ViIjoiNjE2MDAxN042NyJ9.dOymrk_wgpxG4JZpwW4dDcEGEi47gmAfx4QzYBgccyl2lkmxY5nxK-3AY8eylRrEqqL0kWzetk0ZBYq0iL36s7EtP_ZwL8_df3nm4FTZ4n1SwaqNcEaWl847YisLQQNZcJVK03W4Tk9dA0voK1-2hQDU1XXd8a3_ycKD2i7VNDWGqJd6-pPiL-ZTuyJkak-cu9VfpEtlMUQe7NMIQ2rXa4Q9IGNa-6kD0Nm_tnZn_9VbMgq2wpEz9DUX9ZRsMHw8j-zgyrrzw_NAY6pODNpLkIfRmYSZPBLtL87oJRExhP2NxIcSgST1xcznSFEzFeQTmsQNl8uTnoRiouEKdCiauw
scope
openid
token_type
bearer
2022-11-27 18:26:49 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2022-11-27 18:26:49 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
r9mxaxJj5yY5W4nzLMAMGFONhnRzccFMg-OKamom3FM.u2zNH71kcExnIPIGVBOuxFoWJ-N8XH9gbfMXAXxcdRrKpaHCpYRZ2tY4AycR14lj3K-ZukyIGfPiWJGfLKRjzA.M18xNjY5NTczNjA5XzE4
2022-11-27 18:26:49 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
r9mxaxJj5yY5W4nzLMAMGFONhnRzccFMg-OKamom3FM.u2zNH71kcExnIPIGVBOuxFoWJ-N8XH9gbfMXAXxcdRrKpaHCpYRZ2tY4AycR14lj3K-ZukyIGfPiWJGfLKRjzA.M18xNjY5NTczNjA5XzE4
type
bearer
2022-11-27 18:26:49 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
7199
2022-11-27 18:26:49 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
7199
2022-11-27 18:26:49 INFO
CheckForRefreshTokenValue
Couldn't find refresh token
2022-11-27 18:26:49 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJXZFhDcWhjS1lKZ3MxZ3A4UnhjRFVRIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM2MDYsImV4cCI6MTY2OTU4MDgwOSwiaWF0IjoxNjY5NTczNjA5LCJpc3MiOiJodHRwczovL29pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbS9vYXV0aDIiLCJqdGkiOiI4MWE4M2MwMC1iY2Y1LTQ2ZDktOTQ1ZS0zNWFhYzZjODRiZTIiLCJuYW1lIjoiSVNWIERldiIsIm5vbmNlIjoiM1h6YlFhWGZPeCIsInByZWZlcnJlZF91c2VybmFtZSI6ImlzdmRldkBpYm0uY29tIiwicmF0IjoxNjY5NTczNTg2LCJyZWFsbU5hbWUiOiJjbG91ZElkZW50aXR5UmVhbG0iLCJzX2hhc2giOiJtQ1ppcUtpdTk1Z0FuMjhObnN0SkZnIiwic3ViIjoiNjE2MDAxN042NyJ9.dOymrk_wgpxG4JZpwW4dDcEGEi47gmAfx4QzYBgccyl2lkmxY5nxK-3AY8eylRrEqqL0kWzetk0ZBYq0iL36s7EtP_ZwL8_df3nm4FTZ4n1SwaqNcEaWl847YisLQQNZcJVK03W4Tk9dA0voK1-2hQDU1XXd8a3_ycKD2i7VNDWGqJd6-pPiL-ZTuyJkak-cu9VfpEtlMUQe7NMIQ2rXa4Q9IGNa-6kD0Nm_tnZn_9VbMgq2wpEz9DUX9ZRsMHw8j-zgyrrzw_NAY6pODNpLkIfRmYSZPBLtL87oJRExhP2NxIcSgST1xcznSFEzFeQTmsQNl8uTnoRiouEKdCiauw
header
{
  "kid": "server",
  "alg": "RS256"
}
claims
{
  "at_hash": "WdXCqhcKYJgs1gp8RxcDUQ",
  "sub": "6160017N67",
  "rat": 1669573586,
  "realmName": "cloudIdentityRealm",
  "amr": [
    "password"
  ],
  "iss": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2",
  "preferred_username": "isvdev@ibm.com",
  "nonce": "3XzbQaXfOx",
  "acr": "urn:ibm:security:policy:id:1",
  "aud": "8ac2aa19-9b6a-484b-89ab-23235a2e3b09",
  "s_hash": "mCZiqKiu95gAn28NnstJFg",
  "auth_time": 1669573606,
  "name": "ISV Dev",
  "exp": 1669580809,
  "iat": 1669573609,
  "jti": "81a83c00-bcf5-46d9-945e-35aac6c84be2"
}
2022-11-27 18:26:49 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2022-11-27 18:26:49
ValidateIdTokenStandardClaims
sub is a string with content
2022-11-27 18:26:49
ValidateIdTokenStandardClaims
Skipping unknown claim: rat
2022-11-27 18:26:49
ValidateIdTokenStandardClaims
Skipping unknown claim: realmName
2022-11-27 18:26:49
ValidateIdTokenStandardClaims
preferred_username is a string with content
2022-11-27 18:26:49
ValidateIdTokenStandardClaims
name is a string with content
2022-11-27 18:26:49 SUCCESS
ValidateIdTokenStandardClaims
id_token claims are valid
2022-11-27 18:26:49 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
3XzbQaXfOx
2022-11-27 18:26:49 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2022-11-27 18:26:49 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJXZFhDcWhjS1lKZ3MxZ3A4UnhjRFVRIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM2MDYsImV4cCI6MTY2OTU4MDgwOSwiaWF0IjoxNjY5NTczNjA5LCJpc3MiOiJodHRwczovL29pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbS9vYXV0aDIiLCJqdGkiOiI4MWE4M2MwMC1iY2Y1LTQ2ZDktOTQ1ZS0zNWFhYzZjODRiZTIiLCJuYW1lIjoiSVNWIERldiIsIm5vbmNlIjoiM1h6YlFhWGZPeCIsInByZWZlcnJlZF91c2VybmFtZSI6ImlzdmRldkBpYm0uY29tIiwicmF0IjoxNjY5NTczNTg2LCJyZWFsbU5hbWUiOiJjbG91ZElkZW50aXR5UmVhbG0iLCJzX2hhc2giOiJtQ1ppcUtpdTk1Z0FuMjhObnN0SkZnIiwic3ViIjoiNjE2MDAxN042NyJ9.dOymrk_wgpxG4JZpwW4dDcEGEi47gmAfx4QzYBgccyl2lkmxY5nxK-3AY8eylRrEqqL0kWzetk0ZBYq0iL36s7EtP_ZwL8_df3nm4FTZ4n1SwaqNcEaWl847YisLQQNZcJVK03W4Tk9dA0voK1-2hQDU1XXd8a3_ycKD2i7VNDWGqJd6-pPiL-ZTuyJkak-cu9VfpEtlMUQe7NMIQ2rXa4Q9IGNa-6kD0Nm_tnZn_9VbMgq2wpEz9DUX9ZRsMHw8j-zgyrrzw_NAY6pODNpLkIfRmYSZPBLtL87oJRExhP2NxIcSgST1xcznSFEzFeQTmsQNl8uTnoRiouEKdCiauw
2022-11-27 18:26:49 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhY3IiOiJ1cm46aWJtOnNlY3VyaXR5OnBvbGljeTppZDoxIiwiYW1yIjpbInBhc3N3b3JkIl0sImF0X2hhc2giOiJXZFhDcWhjS1lKZ3MxZ3A4UnhjRFVRIiwiYXVkIjpbIjhhYzJhYTE5LTliNmEtNDg0Yi04OWFiLTIzMjM1YTJlM2IwOSJdLCJhdXRoX3RpbWUiOjE2Njk1NzM2MDYsImV4cCI6MTY2OTU4MDgwOSwiaWF0IjoxNjY5NTczNjA5LCJpc3MiOiJodHRwczovL29pZGMtY29uZm9ybWFuY2UucmVsLnZlcmlmeS5pYm1jbG91ZHNlY3VyaXR5LmNvbS9vYXV0aDIiLCJqdGkiOiI4MWE4M2MwMC1iY2Y1LTQ2ZDktOTQ1ZS0zNWFhYzZjODRiZTIiLCJuYW1lIjoiSVNWIERldiIsIm5vbmNlIjoiM1h6YlFhWGZPeCIsInByZWZlcnJlZF91c2VybmFtZSI6ImlzdmRldkBpYm0uY29tIiwicmF0IjoxNjY5NTczNTg2LCJyZWFsbU5hbWUiOiJjbG91ZElkZW50aXR5UmVhbG0iLCJzX2hhc2giOiJtQ1ppcUtpdTk1Z0FuMjhObnN0SkZnIiwic3ViIjoiNjE2MDAxN042NyJ9.dOymrk_wgpxG4JZpwW4dDcEGEi47gmAfx4QzYBgccyl2lkmxY5nxK-3AY8eylRrEqqL0kWzetk0ZBYq0iL36s7EtP_ZwL8_df3nm4FTZ4n1SwaqNcEaWl847YisLQQNZcJVK03W4Tk9dA0voK1-2hQDU1XXd8a3_ycKD2i7VNDWGqJd6-pPiL-ZTuyJkak-cu9VfpEtlMUQe7NMIQ2rXa4Q9IGNa-6kD0Nm_tnZn_9VbMgq2wpEz9DUX9ZRsMHw8j-zgyrrzw_NAY6pODNpLkIfRmYSZPBLtL87oJRExhP2NxIcSgST1xcznSFEzFeQTmsQNl8uTnoRiouEKdCiauw
2022-11-27 18:26:49 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
6160017N67
2022-11-27 18:26:49
EnsureIdTokenUpdatedAtValid
id_token response does not contain 'updated_at'
2022-11-27 18:26:49 INFO
ValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2022-11-27 18:26:49 SUCCESS
CheckIdTokenAuthTimeClaimPresentDueToMaxAge
auth_time is present in the id_token, as required for a authentication where the max_age parameter was used
id_token
{
  "at_hash": "WdXCqhcKYJgs1gp8RxcDUQ",
  "sub": "6160017N67",
  "rat": 1669573586,
  "realmName": "cloudIdentityRealm",
  "amr": [
    "password"
  ],
  "iss": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2",
  "preferred_username": "isvdev@ibm.com",
  "nonce": "3XzbQaXfOx",
  "acr": "urn:ibm:security:policy:id:1",
  "aud": "8ac2aa19-9b6a-484b-89ab-23235a2e3b09",
  "s_hash": "mCZiqKiu95gAn28NnstJFg",
  "auth_time": 1669573606,
  "name": "ISV Dev",
  "exp": 1669580809,
  "iat": 1669573609,
  "jti": "81a83c00-bcf5-46d9-945e-35aac6c84be2"
}
2022-11-27 18:26:49 SUCCESS
CheckSecondIdTokenAuthTimeIsLaterIfPresent
auth_time is later in the second id_token
first_id_token
{
  "at_hash": "Prt1ynuFhoHINFLcI8U9lQ",
  "sub": "6160017N67",
  "rat": 1669573577,
  "realmName": "cloudIdentityRealm",
  "amr": [
    "password"
  ],
  "iss": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2",
  "preferred_username": "isvdev@ibm.com",
  "nonce": "GzYpLm6H2S",
  "acr": "urn:ibm:security:policy:id:1",
  "aud": "8ac2aa19-9b6a-484b-89ab-23235a2e3b09",
  "s_hash": "3lvtU5DYVwZqwMvcS0omZA",
  "auth_time": 1669573502,
  "name": "ISV Dev",
  "exp": 1669580782,
  "iat": 1669573582,
  "jti": "b6fd8c55-690e-4ccb-ad5e-4d627dee09bf"
}
second_id_token
{
  "at_hash": "WdXCqhcKYJgs1gp8RxcDUQ",
  "sub": "6160017N67",
  "rat": 1669573586,
  "realmName": "cloudIdentityRealm",
  "amr": [
    "password"
  ],
  "iss": "https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2",
  "preferred_username": "isvdev@ibm.com",
  "nonce": "3XzbQaXfOx",
  "acr": "urn:ibm:security:policy:id:1",
  "aud": "8ac2aa19-9b6a-484b-89ab-23235a2e3b09",
  "s_hash": "mCZiqKiu95gAn28NnstJFg",
  "auth_time": 1669573606,
  "name": "ISV Dev",
  "exp": 1669580809,
  "iat": 1669573609,
  "jti": "81a83c00-bcf5-46d9-945e-35aac6c84be2"
}
2022-11-27 18:26:49 SUCCESS
CheckIdTokenAuthTimeIsRecentIfPresent
auth_time in id_token is recent
auth_time
"Nov 27, 2022, 6:26:46 PM"
now
"Nov 27, 2022, 6:26:49 PM"
2022-11-27 18:26:49 SUCCESS
VerifyIdTokenSubConsistentHybridFlow
authorization endpoint and token endpoint id_token have same sub
sub_auth_endpoint
6160017N67
sub_token_endpoint
6160017N67
Second authorization: Userinfo endpoint tests
2022-11-27 18:26:49
CallProtectedResource
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/userinfo
request_method
GET
request_headers
{
  "accept": "application/json",
  "authorization": "bearer r9mxaxJj5yY5W4nzLMAMGFONhnRzccFMg-OKamom3FM.u2zNH71kcExnIPIGVBOuxFoWJ-N8XH9gbfMXAXxcdRrKpaHCpYRZ2tY4AycR14lj3K-ZukyIGfPiWJGfLKRjzA.M18xNjY5NTczNjA5XzE4",
  "content-length": "0"
}
request_body

                                
2022-11-27 18:26:49 RESPONSE
CallProtectedResource
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-frame-options": "SAMEORIGIN",
  "x-content-type-options": "nosniff",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "expires": "0",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK8a25fcf3-ea85-470a-9fa1-43279b916023",
  "content-security-policy": "frame-ancestors \u0027self\u0027",
  "x-ua-compatible": "IE\u003dedge",
  "x-global-transaction-id": "efc5c2816383abe907b2f083",
  "content-length": "324",
  "date": "Sun, 27 Nov 2022 18:26:49 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:Fi3m+5F3JN1MRUVa3HdBbXzTniHA8JPs+Bs2aH79Pk0\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:54725591; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d0EBFC60E0DCBD58C1949ACF0C2D64C77~-1~YAAQXXYGF0XAyISEAQAAf4hXugi1za5FgEnaNW5Ql8b1KJhqhwqdpHFomuRivH4z+OaeOrynUc/MKtfn2ItzppYnNLEjgEejLFyWMCesXc/FjlH7PEuDM3kJS5Kdbc49ljzxMwoQ6/1iQIdpOkLoZDA3+Bn1GP1gx9HeyDqNxyNMnWh43Jn2rPbSR4HHggfn54Qk26BVidxJR+YJl9yLAAYbf8bZLHi6MyPENw3idh/dHDyEdLJkQcAUne9bb/nQj/o+CzlUwdIY2wzlEMSdAtA7Of9LyDB0CynKIDC5WjEXDElsbiW4A4Je5BV7X7z4dfQleZBeB63Zlyem7zBXLo/Sm35Q2DLAqVBwOouMm4NHhstGdE3u0ZfhfOnxXPP2oXbjVoA\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 27 Nov 2023 18:26:49 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d0981D1C368B47E8A78C962FA6F7AA40A~YAAQXXYGF0bAyISEAQAAf4hXuhFCJpMZcOKg6AGFODzCgq25VTZ88wwHBcU4eNTvNrCTvneWmLLrACVeqM8zKS6s1WTUWVCJuvsFbIwjv0YG3nD70QIX8us4tCn1UW/fxIv/x7nq37aXHIETzgjYhgs/mJo70aIfyXdLeZ0fpH9i/ILwzFL0j64awlOeV4wp2Qpddis0cUjqdVqzXbyBBZIQ8D9AYEwaKh3AULXogqKw1Vl7BnzbzpID2F5zr3DLfmG7IxLT4JvgKwChN+m43FpFfb5zFaqyNdpoYQdPrHCs3ibmIPhtQr98yVXw~3224885~4473909; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dSun, 27 Nov 2022 22:26:49 GMT; Max-Age\u003d14400; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d92",
    "origin; dur\u003d174"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body
{"acr":"urn:ibm:security:policy:id:1","amr":["password"],"aud":["8ac2aa19-9b6a-484b-89ab-23235a2e3b09"],"auth_time":1669573606,"iss":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2","name":"ISV Dev","preferred_username":"isvdev@ibm.com","rat":1669573586,"realmName":"cloudIdentityRealm","sub":"6160017N67"}
2022-11-27 18:26:49 SUCCESS
CallProtectedResource
Got a response from the resource endpoint
status
200
endpoint_name
resource
headers
{
  "x-backside-transport": "OK OK",
  "content-type": "application/json;charset\u003dUTF-8",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-frame-options": "SAMEORIGIN",
  "x-content-type-options": "nosniff",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "expires": "0",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AK8a25fcf3-ea85-470a-9fa1-43279b916023",
  "content-security-policy": "frame-ancestors \u0027self\u0027",
  "x-ua-compatible": "IE\u003dedge",
  "x-global-transaction-id": "efc5c2816383abe907b2f083",
  "content-length": "324",
  "date": "Sun, 27 Nov 2022 18:26:49 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:Fi3m+5F3JN1MRUVa3HdBbXzTniHA8JPs+Bs2aH79Pk0\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:54725591; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003d0EBFC60E0DCBD58C1949ACF0C2D64C77~-1~YAAQXXYGF0XAyISEAQAAf4hXugi1za5FgEnaNW5Ql8b1KJhqhwqdpHFomuRivH4z+OaeOrynUc/MKtfn2ItzppYnNLEjgEejLFyWMCesXc/FjlH7PEuDM3kJS5Kdbc49ljzxMwoQ6/1iQIdpOkLoZDA3+Bn1GP1gx9HeyDqNxyNMnWh43Jn2rPbSR4HHggfn54Qk26BVidxJR+YJl9yLAAYbf8bZLHi6MyPENw3idh/dHDyEdLJkQcAUne9bb/nQj/o+CzlUwdIY2wzlEMSdAtA7Of9LyDB0CynKIDC5WjEXDElsbiW4A4Je5BV7X7z4dfQleZBeB63Zlyem7zBXLo/Sm35Q2DLAqVBwOouMm4NHhstGdE3u0ZfhfOnxXPP2oXbjVoA\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 27 Nov 2023 18:26:49 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d0981D1C368B47E8A78C962FA6F7AA40A~YAAQXXYGF0bAyISEAQAAf4hXuhFCJpMZcOKg6AGFODzCgq25VTZ88wwHBcU4eNTvNrCTvneWmLLrACVeqM8zKS6s1WTUWVCJuvsFbIwjv0YG3nD70QIX8us4tCn1UW/fxIv/x7nq37aXHIETzgjYhgs/mJo70aIfyXdLeZ0fpH9i/ILwzFL0j64awlOeV4wp2Qpddis0cUjqdVqzXbyBBZIQ8D9AYEwaKh3AULXogqKw1Vl7BnzbzpID2F5zr3DLfmG7IxLT4JvgKwChN+m43FpFfb5zFaqyNdpoYQdPrHCs3ibmIPhtQr98yVXw~3224885~4473909; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dSun, 27 Nov 2022 22:26:49 GMT; Max-Age\u003d14400; Secure"
  ],
  "server-timing": [
    "cdn-cache; desc\u003dMISS",
    "edge; dur\u003d92",
    "origin; dur\u003d174"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
body
{"acr":"urn:ibm:security:policy:id:1","amr":["password"],"aud":["8ac2aa19-9b6a-484b-89ab-23235a2e3b09"],"auth_time":1669573606,"iss":"https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2","name":"ISV Dev","preferred_username":"isvdev@ibm.com","rat":1669573586,"realmName":"cloudIdentityRealm","sub":"6160017N67"}
2022-11-27 18:26:49 SUCCESS
EnsureHttpStatusCodeIs200
resource endpoint returned the expected http status
expected_status
200
http_status
200
2022-11-27 18:27:04 FINISHED
oidcc-max-age-1
Test has run to completion
testmodule_result
REVIEW
Unregister dynamically registered client
2022-11-27 18:27:04
UnregisterDynamicallyRegisteredClient
HTTP request
request_uri
https://oidc-conformance.rel.verify.ibmcloudsecurity.com/oauth2/register/8ac2aa19-9b6a-484b-89ab-23235a2e3b09
request_method
DELETE
request_headers
{
  "accept": "application/json",
  "authorization": "Bearer B67ilxckjuOJXJHrKklV6aiX2dAtAelj9BpZOQScdLs.025yzPLwFiNrh1y85Gl7PlMPBMDbkGvFYDNPpM3nixFXwI5GDYC6wrNZV_9SUNBoIrKP730D8UQhSqrWM_lw_w.M18xNjY5NTczNTc1XzE4",
  "content-length": "0"
}
request_body

                                
2022-11-27 18:27:06 RESPONSE
UnregisterDynamicallyRegisteredClient
HTTP response
response_status_code
204 NO_CONTENT
response_status_text
No Content
response_headers
{
  "x-backside-transport": "OK OK",
  "p3p": "CP\u003d\"NON CUR OTPi OUR NOR UNI\"",
  "x-content-type-options": "nosniff",
  "cache-control": "no-store",
  "x-xss-protection": "1; mode\u003dblock",
  "x-correlation-id": "CORR_ID-AKc163fd8d-1b7a-4e63-8626-f70b3b763be2",
  "pragma": "no-cache",
  "x-global-transaction-id": "efc5c2816383abf900c0fd0f",
  "date": "Sun, 27 Nov 2022 18:27:06 GMT",
  "connection": "keep-alive",
  "set-cookie": [
    "CIPD-S-SESSION-ID\u003d0:1:rediscol:K4mKjorbZbj4XTdm07ydml6rYlq2WaXjZJVlae52gZ8\u003d; Path\u003d/; SameSite\u003dNone; Secure; HttpOnly",
    "CISESSIONIDREL02A\u003dPBC5YS:54725591; Path\u003d/; Domain\u003drel.verify.ibmcloudsecurity.com; Secure; HttpOnly",
    "_abck\u003dAE614752B1DFAF4D3F9AE5D8405FEBAC~-1~YAAQJE5OaEEg5n2EAQAAxclXughGlm/f03KbzhXIiKxta+6gPrly1dQ4wuqKlQ3mxcQmMWDLAAnP+zr4Z/Lu71ubr5Q0RRIjTc+QJzDKG0RCSj1UZMJz1QqTwQ9JmMkxOyd7RCv9HNenwSUavzWx9Cn8Fnz8m7dZ5JtshO8RmT/WDMPK92gB5uStioHNZm7k/AH2JsWJH33KopavWGLFeswz0yx3g/NQDZHlZOEo3V0iiqATv3mi7sPJP6Y/l1XHkDIt2pTjooUYX4kY7FQohvvZkh1pjy/tcbkZMOhxQ5KhqstyA09pp4hncWRvZUU9rgWaRNsfR/elAqUKJ78q31NeZxdW2YfLf2YP6G/0DDaWXL7wcCDf98C7/rq3h8+YmsXKFC0\u003d~-1~-1~-1; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dMon, 27 Nov 2023 18:27:06 GMT; Max-Age\u003d31536000; Secure",
    "bm_sz\u003d85C2E6ACE5923DF6FA90652B6196C0F7~YAAQJE5OaEIg5n2EAQAAxclXuhFUfAw12LLWKWLjS6DKHpK76xZDxc9JGRgjBg4+2fqrGxZNpebR5Nnz7jIPT2PRhECeDJVDJgbDOtwrilQWWRi5/8sJztWY2P3uTW4cfPnVKMVDwHSSCw/pnyd4ysSd3TF3fY1sbtJ0FkBb9gggRTrF4pmPNKzzNoqeq2V5gI/+cFPITq2yuCoSdi9AMrl2P4mT/MKUpZGNhouipPPoxgQKgcgrMyCC8cWVyYPTaU0NcFUYOIa3O1NxdubKYDGoLltGLgjF4URd+5lRn030pdNgSLc+yhXiowan~3425333~3682883; Domain\u003d.ibmcloudsecurity.com; Path\u003d/; Expires\u003dSun, 27 Nov 2022 22:27:04 GMT; Max-Age\u003d14398; Secure"
  ],
  "strict-transport-security": "max-age\u003d31536000 ; includeSubDomains"
}
response_body

                                
2022-11-27 18:27:06 SUCCESS
UnregisterDynamicallyRegisteredClient
Client successfully unregistered
2022-11-27 18:27:08
TEST-RUNNER
Alias has now been claimed by another test
alias
isv_op_oidc_core_test
new_test_id
ubbMyX4XvjatwSj
Test Results