Test Name | fapi1-advanced-final-refresh-token |
---|---|
Variant | client_auth_type=private_key_jwt, fapi_auth_request_method=pushed, fapi_profile=plain_fapi, fapi_response_mode=plain_response |
Test ID | 5Mq9I9F8tC8xztB https://www.certification.openid.net/log-detail.html?public=true&log=5Mq9I9F8tC8xztB |
Created | 2022-11-17T04:16:34.130314Z |
Description | NC7000-3A-OC FAPI Final Conformance Test No2 |
Test Version | 5.0.7 |
Test Owner | 104676522646289729413 https://accounts.google.com |
Plan ID | 7gtbNuvmGhJWn https://www.certification.openid.net/plan-detail.html?public=true&plan=7gtbNuvmGhJWn |
Exported From | https://www.certification.openid.net |
Exported By | 104676522646289729413 https://accounts.google.com |
Suite Version | 5.0.7 |
Exported | 2022-12-02 04:11:46 (UTC) |
Status: FINISHED Result: WARNING |
SUCCESS 252 FAILURE 0 WARNING 2 REVIEW 0 INFO 35 |
2022-11-17 04:16:34 |
INFO
|
TEST-RUNNER
Test instance 5Mq9I9F8tC8xztB created
|
||||||||||||||
|
2022-11-17 04:16:34 |
SUCCESS
|
CreateRedirectUri
Created redirect URI
|
||
|
2022-11-17 04:16:34 |
|
GetDynamicServerConfiguration
HTTP request
|
||||||||
|
2022-11-17 04:16:34 |
RESPONSE
|
GetDynamicServerConfiguration
HTTP response
|
||||||||
|
2022-11-17 04:16:34 |
SUCCESS
|
GetDynamicServerConfiguration
Successfully parsed server configuration
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
2022-11-17 04:16:34 | SUCCESS |
AddMTLSEndpointAliasesToEnvironment
Added mtls_endpoint_aliases to environment
|
|
2022-11-17 04:16:34 |
SUCCESS
|
CheckServerConfiguration
Found required server configuration keys
|
||
|
2022-11-17 04:16:34 |
|
FetchServerKeys
Fetching server key
|
||
|
2022-11-17 04:16:34 |
|
FetchServerKeys
HTTP request
|
||||||||
|
2022-11-17 04:16:35 |
RESPONSE
|
FetchServerKeys
HTTP response
|
||||||||
|
2022-11-17 04:16:35 |
|
FetchServerKeys
Found JWK set string
|
||
|
2022-11-17 04:16:35 |
SUCCESS
|
FetchServerKeys
Found server JWK set
|
||
|
2022-11-17 04:16:35 |
SUCCESS
|
CheckServerKeysIsValid
Server JWKs is valid
|
||
|
2022-11-17 04:16:35 | SUCCESS |
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
|
|
2022-11-17 04:16:35 | SUCCESS |
CheckForKeyIdInServerJWKs
All keys contain kids
|
|
2022-11-17 04:16:35 | SUCCESS |
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
|
|
2022-11-17 04:16:35 | SUCCESS |
FAPIEnsureMinimumServerKeyLength
Validated minimum key lengths for server_jwks
|
||
|
2022-11-17 04:16:35 |
SUCCESS
|
GetStaticClientConfiguration
Found a static client object
|
||||||||||
|
2022-11-17 04:16:35 |
|
ValidateMTLSCertificatesHeader
No certificate authority found for MTLS
|
|
2022-11-17 04:16:35 |
SUCCESS
|
ValidateMTLSCertificatesHeader
MTLS certificates header is valid
|
|
2022-11-17 04:16:35 |
|
ExtractMTLSCertificatesFromConfiguration
No certificate authority found for MTLS
|
|
2022-11-17 04:16:35 |
SUCCESS
|
ExtractMTLSCertificatesFromConfiguration
Mutual TLS authentication credentials loaded
|
||||
|
2022-11-17 04:16:35 | SUCCESS |
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
|
|
2022-11-17 04:16:35 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2022-11-17 04:16:35 | SUCCESS |
CheckForKeyIdInClientJWKs
All keys contain kids
|
|
2022-11-17 04:16:35 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2022-11-17 04:16:35 | SUCCESS |
FAPICheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
|
||
|
2022-11-17 04:16:35 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2022-11-17 04:16:35 |
SUCCESS
|
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
|
|
Verify configuration of second client |
2022-11-17 04:16:35 |
SUCCESS
|
GetStaticClient2Configuration
Found a static second client object
|
||||||||||
|
2022-11-17 04:16:35 |
|
ValidateMTLSCertificates2Header
No certificate authority found for MTLS
|
|
2022-11-17 04:16:35 |
SUCCESS
|
ValidateMTLSCertificates2Header
MTLS certificates header is valid
|
|
2022-11-17 04:16:35 |
|
ExtractMTLSCertificates2FromConfiguration
No certificate authority found for MTLS
|
|
2022-11-17 04:16:35 |
SUCCESS
|
ExtractMTLSCertificates2FromConfiguration
Mutual TLS authentication credentials loaded
|
||||
|
2022-11-17 04:16:35 | SUCCESS |
ValidateClientJWKsPrivatePart
Valid client JWKs: keys are valid JSON, contain the required fields, the private/public exponents match and are correctly encoded using unpadded base64url
|
|
2022-11-17 04:16:35 |
SUCCESS
|
ExtractJWKsFromStaticClientConfiguration
Extracted client JWK
|
||||
|
2022-11-17 04:16:35 | SUCCESS |
CheckForKeyIdInClientJWKs
All keys contain kids
|
|
2022-11-17 04:16:35 | SUCCESS |
CheckDistinctKeyIdValueInClientJWKs
Distinct 'kid' value in all keys of client_jwks
|
||
|
2022-11-17 04:16:35 | SUCCESS |
FAPICheckKeyAlgInClientJWKs
Keys in client JWKS all have permitted 'alg'
|
||
|
2022-11-17 04:16:35 | SUCCESS |
FAPIEnsureMinimumClientKeyLength
Validated minimum key lengths for client_jwks
|
||
|
2022-11-17 04:16:35 |
SUCCESS
|
ValidateMTLSCertificatesAsX509
Mutual TLS authentication cert validated as X.509
|
|
2022-11-17 04:16:35 |
SUCCESS
|
ValidateClientPrivateKeysAreDifferent
Client signing JWKs have different thumbprints
|
||||
|
2022-11-17 04:16:35 |
SUCCESS
|
GetResourceEndpointConfiguration
Found a resource endpoint object
|
||
|
2022-11-17 04:16:35 |
SUCCESS
|
SetProtectedResourceUrlToSingleResourceEndpoint
Set protected resource URL
|
||
|
2022-11-17 04:16:35 |
SUCCESS
|
ExtractTLSTestValuesFromResourceConfiguration
Extracted TLS information from resource endpoint
|
||
|
2022-11-17 04:16:35 |
SUCCESS
|
ExtractTLSTestValuesFromOBResourceConfiguration
Extracted TLS information from resource endpoint
|
||||
|
2022-11-17 04:16:35 |
|
fapi1-advanced-final-refresh-token
Setup Done
|
|
Make request to authorization endpoint |
2022-11-17 04:16:35 |
SUCCESS
|
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
|
||||||
|
2022-11-17 04:16:35 |
SUCCESS
|
AddAcrClaimToAuthorizationEndpointRequest
Added acr claim to authorization_endpoint_request
|
||
|
2022-11-17 04:16:35 |
|
CreateRandomStateValue
Created state value
|
||||
|
2022-11-17 04:16:35 |
SUCCESS
|
AddStateToAuthorizationEndpointRequest
Added state parameter to request
|
||||||||||
|
2022-11-17 04:16:35 |
|
CreateRandomNonceValue
Created nonce value
|
||||
|
2022-11-17 04:16:35 |
SUCCESS
|
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
|
||||||||||||
|
2022-11-17 04:16:35 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseTypeToCodeIdtoken
Added response_type parameter to request
|
||||||||||||||
|
2022-11-17 04:16:35 |
|
CreateRandomCodeVerifier
Created code_verifier value
|
||
|
2022-11-17 04:16:35 |
|
CreateS256CodeChallenge
Created code_challenge value
|
||
|
2022-11-17 04:16:35 | SUCCESS |
AddCodeChallengeToAuthorizationEndpointRequest
Added code_challenge and code_challenge_method parameters to request
|
||||||||||||||||||
|
2022-11-17 04:16:35 | SUCCESS |
AddPromptConsentToAuthorizationEndpointRequestIfScopeContainsOfflineAccess
Added prompt=consent to authorization endpoint request
|
||||||||||||||||||||
|
2022-11-17 04:16:35 |
SUCCESS
|
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
|
||
|
2022-11-17 04:16:35 | SUCCESS |
AddNbfToRequestObject
Added nbf to request object claims
|
||
|
2022-11-17 04:16:35 | SUCCESS |
AddExpToRequestObject
Added exp to request object claims
|
||
|
2022-11-17 04:16:35 | SUCCESS |
AddAudToRequestObject
Added aud to request object claims
|
||
|
2022-11-17 04:16:35 | SUCCESS |
AddIssToRequestObject
Added iss to request object claims
|
||
|
2022-11-17 04:16:35 | SUCCESS |
AddClientIdToRequestObject
Added client_id to request object claims
|
||
|
2022-11-17 04:16:35 |
SUCCESS
|
SignRequestObject
Signed the request object
|
||||||||
|
2022-11-17 04:16:35 |
SUCCESS
|
BuildRequestObjectPostToPAREndpoint
|
||
|
2022-11-17 04:16:35 |
SUCCESS
|
CreateClientAuthenticationAssertionClaims
Created client assertion claims
|
||||||||||||
|
2022-11-17 04:16:35 | SUCCESS |
UpdateClientAuthenticationAssertionClaimsWithISSAud
Updated audience in client assertion claims
|
||||||||||||
|
2022-11-17 04:16:35 |
SUCCESS
|
SignClientAuthenticationAssertion
Signed the client assertion
|
||
|
2022-11-17 04:16:35 |
SUCCESS
|
AddClientAssertionToPAREndpointParameters
Added client assertion to request
|
||
|
2022-11-17 04:16:35 |
|
CallPAREndpoint
HTTP request
|
||||||||
|
2022-11-17 04:16:36 |
RESPONSE
|
CallPAREndpoint
HTTP response
|
||||||||
|
2022-11-17 04:16:36 | SUCCESS |
CallPAREndpoint
Parsed pushed authorization request endpoint response
|
||||
|
2022-11-17 04:16:36 | SUCCESS |
CheckPAREndpointResponse201WithNoError
pushed authorization request endpoint correct response.
|
|
2022-11-17 04:16:36 | SUCCESS |
CheckForRequestUriValue
Found valid request_uri
|
||
|
2022-11-17 04:16:36 | SUCCESS |
CheckForPARResponseExpiresIn
Found expires_in
|
||
|
2022-11-17 04:16:36 |
SUCCESS
|
ExtractRequestUriFromPARResponse
Extracted the request_uri: urn:ietf:params:oauth:request_uri:opROZY3Rce3br9i8
|
|
2022-11-17 04:16:36 | SUCCESS |
EnsureMinimumRequestUriEntropy
Calculated shannon entropy seems sufficient
|
||||||
|
2022-11-17 04:16:36 | SUCCESS |
BuildRequestObjectByReferenceRedirectToAuthorizationEndpoint
Sending to authorization endpoint
|
||
|
2022-11-17 04:16:36 |
REDIRECT
|
fapi1-advanced-final-refresh-token
Redirecting to authorization endpoint
|
||
|
2022-11-17 04:16:46 |
INCOMING
|
fapi1-advanced-final-refresh-token
Incoming HTTP request to /test/a/NC7000-3A-OC/callback
|
||||||||||||||||||||||
|
2022-11-17 04:16:46 |
SUCCESS
|
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
|
||
|
2022-11-17 04:16:46 |
OUTGOING
|
fapi1-advanced-final-refresh-token
Response to HTTP request to test instance 5Mq9I9F8tC8xztB
|
||||
|
2022-11-17 04:16:47 |
INCOMING
|
fapi1-advanced-final-refresh-token
Incoming HTTP request to /test/a/NC7000-3A-OC/implicit/tjuntUHy4yvU6QK0H1FD
|
||||||||||||||||||||||
|
2022-11-17 04:16:47 |
OUTGOING
|
fapi1-advanced-final-refresh-token
Response to HTTP request to test instance 5Mq9I9F8tC8xztB
|
||||||||
|
2022-11-17 04:16:47 |
|
ExtractImplicitHashToCallbackResponse
Extracted response from URL fragment
|
||
|
2022-11-17 04:16:47 |
SUCCESS
|
ExtractImplicitHashToCallbackResponse
Extracted the hash values
|
||||||||
|
2022-11-17 04:16:47 |
REDIRECT-IN
|
fapi1-advanced-final-refresh-token
Authorization endpoint response captured
|
||||||||||
|
Verify authorization endpoint response |
2022-11-17 04:16:47 | SUCCESS |
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
|
|
2022-11-17 04:16:47 | SUCCESS |
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
|
|
2022-11-17 04:16:47 |
SUCCESS
|
CheckMatchingCallbackParameters
Callback parameters successfully verified
|
|
2022-11-17 04:16:47 | SUCCESS |
RejectStateInUrlQueryForHybridFlow
state is correctly not present in URL query returned from authorization endpoint (as in the hybrid flow it must be returned in the URL fragment/hash only)
|
|
2022-11-17 04:16:47 |
SUCCESS
|
CheckIfAuthorizationEndpointError
No error from authorization endpoint
|
|
2022-11-17 04:16:47 |
WARNING
|
ValidateSuccessfulHybridResponseFromAuthorizationEndpoint
authorization endpoint response includes unexpected parameters. This may be because the authorization server supports protocol extensions the conformance suite is unaware of, but may also be because the server is implementing the specification incorrectly.
|
||
|
2022-11-17 04:16:47 | SUCCESS |
CheckStateInAuthorizationResponse
State in response correctly returned
|
||
|
2022-11-17 04:16:47 |
|
ValidateIssInAuthorizationResponse
No 'iss' value in authorization response.
|
|
2022-11-17 04:16:47 |
SUCCESS
|
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
|
||
|
2022-11-17 04:16:47 | SUCCESS |
EnsureMinimumAuthorizationCodeLength
Authorization code is of sufficient length
|
||||
|
2022-11-17 04:16:47 | SUCCESS |
EnsureMinimumAuthorizationCodeEntropy
Calculated shannon entropy seems sufficient
|
||||||
|
2022-11-17 04:16:47 | SUCCESS |
ExtractIdTokenFromAuthorizationResponse
Found and parsed the id_token from authorization_endpoint_response
|
||||||
|
2022-11-17 04:16:47 | SUCCESS |
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
|
|
2022-11-17 04:16:47 |
|
ValidateIdTokenStandardClaims
sub is a string with content
|
|
2022-11-17 04:16:47 | SUCCESS |
ValidateIdTokenStandardClaims
id_token claims are valid
|
|
2022-11-17 04:16:47 | SUCCESS |
ValidateIdTokenNonce
Nonce values match
|
||
|
2022-11-17 04:16:47 | SUCCESS |
ValidateIdTokenACRClaimAgainstRequest
acr value in id_token is (one of) the requested values
|
||||
|
2022-11-17 04:16:47 |
SUCCESS
|
ValidateIdTokenSignature
id_token signature validated
|
||
|
2022-11-17 04:16:47 |
SUCCESS
|
ValidateIdTokenSignatureUsingKid
id_token signature validated
|
||
|
2022-11-17 04:16:47 |
|
EnsureIdTokenUpdatedAtValid
id_token response does not contain 'updated_at'
|
|
2022-11-17 04:16:47 | INFO |
ValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2022-11-17 04:16:47 | SUCCESS |
EnsureIdTokenContainsKid
kid was found in the ID token header
|
||
|
2022-11-17 04:16:47 | SUCCESS |
FAPIValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
|
||||
|
2022-11-17 04:16:47 | INFO |
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2022-11-17 04:16:47 | SUCCESS |
ExtractSHash
Extracted s_hash from ID Token
|
||||
|
2022-11-17 04:16:47 | SUCCESS |
ValidateSHash
s_hash validated successfully
|
||||||
|
2022-11-17 04:16:47 | SUCCESS |
ExtractCHash
Extracted c_hash from ID Token
|
||||
|
2022-11-17 04:16:47 | SUCCESS |
ValidateCHash
c_hash validated successfully
|
||||||
|
Call token endpoint |
2022-11-17 04:16:47 |
SUCCESS
|
CreateTokenEndpointRequestForAuthorizationCodeGrant
Created token endpoint request
|
||||||
|
2022-11-17 04:16:47 |
SUCCESS
|
CreateClientAuthenticationAssertionClaims
Created client assertion claims
|
||||||||||||
|
2022-11-17 04:16:47 |
SUCCESS
|
SignClientAuthenticationAssertion
Signed the client assertion
|
||
|
2022-11-17 04:16:47 |
|
AddClientAssertionToTokenEndpointRequest
Added client assertion
|
||||||||||
|
2022-11-17 04:16:47 |
|
AddCodeVerifierToTokenEndpointRequest
|
||||||||||||
|
2022-11-17 04:16:47 |
|
CallTokenEndpoint
HTTP request
|
||||||||||
|
2022-11-17 04:16:48 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2022-11-17 04:16:48 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||||||||
|
Verify token endpoint response |
2022-11-17 04:16:48 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2022-11-17 04:16:48 | SUCCESS |
CheckForAccessTokenValue
Found an access token
|
||
|
2022-11-17 04:16:48 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2022-11-17 04:16:48 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2022-11-17 04:16:48 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2022-11-17 04:16:48 |
SUCCESS
|
CheckForRefreshTokenValue
Found a refresh token
|
||
|
2022-11-17 04:16:48 | SUCCESS |
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
|
||||
|
2022-11-17 04:16:48 | SUCCESS |
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
|
||||||
|
2022-11-17 04:16:48 | SUCCESS |
EnsureMinimumAccessTokenLength
Access token is of sufficient length
|
||||
|
2022-11-17 04:16:48 | SUCCESS |
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
|
||||||
|
2022-11-17 04:16:48 | SUCCESS |
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
|
||||||
|
2022-11-17 04:16:48 | SUCCESS |
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
|
|
2022-11-17 04:16:48 |
|
ValidateIdTokenStandardClaims
sub is a string with content
|
|
2022-11-17 04:16:48 | SUCCESS |
ValidateIdTokenStandardClaims
id_token claims are valid
|
|
2022-11-17 04:16:48 | SUCCESS |
ValidateIdTokenNonce
Nonce values match
|
||
|
2022-11-17 04:16:48 | SUCCESS |
ValidateIdTokenACRClaimAgainstRequest
acr value in id_token is (one of) the requested values
|
||||
|
2022-11-17 04:16:48 |
SUCCESS
|
ValidateIdTokenSignature
id_token signature validated
|
||
|
2022-11-17 04:16:48 |
SUCCESS
|
ValidateIdTokenSignatureUsingKid
id_token signature validated
|
||
|
2022-11-17 04:16:48 |
|
EnsureIdTokenUpdatedAtValid
id_token response does not contain 'updated_at'
|
|
2022-11-17 04:16:48 | INFO |
ValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2022-11-17 04:16:48 | SUCCESS |
EnsureIdTokenContainsKid
kid was found in the ID token header
|
||
|
2022-11-17 04:16:48 | SUCCESS |
FAPIValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
|
||||
|
2022-11-17 04:16:48 | INFO |
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2022-11-17 04:16:48 | INFO |
ExtractCHash
Couldn't find c_hash in ID token
|
|
2022-11-17 04:16:48 | INFO |
ExtractSHash
Couldn't find s_hash in ID token
|
|
2022-11-17 04:16:48 | INFO |
ExtractAtHash
Couldn't find at_hash in ID token
|
|
2022-11-17 04:16:48 | INFO |
ValidateCHash
Skipped evaluation due to missing required object: c_hash
|
||||
|
2022-11-17 04:16:48 | INFO |
ValidateSHash
Skipped evaluation due to missing required object: s_hash
|
||||
|
2022-11-17 04:16:48 | INFO |
ValidateAtHash
Skipped evaluation due to missing required object: at_hash
|
||||
|
Verify at_hash in the authorization endpoint id_token |
2022-11-17 04:16:48 | INFO |
ExtractAtHash
Couldn't find at_hash in ID token
|
|
2022-11-17 04:16:48 | INFO |
ValidateAtHash
Skipped evaluation due to missing required object: at_hash
|
||||
|
Check for refresh token |
2022-11-17 04:16:48 |
SUCCESS
|
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
|
||
|
2022-11-17 04:16:48 | SUCCESS |
EnsureServerConfigurationSupportsRefreshToken
The server configuration indicates support for refresh tokens
|
||
|
2022-11-17 04:16:48 | SUCCESS |
EnsureRefreshTokenContainsAllowedCharactersOnly
Refresh token does not contain any illegal characters
|
|
Refresh Token Request |
2022-11-17 04:16:48 |
SUCCESS
|
CreateRefreshTokenRequest
Created token endpoint request parameters
|
||||
|
2022-11-17 04:16:48 | SUCCESS |
AddScopeToTokenEndpointRequest
Added scope of 'openid SCOPE0002 offline_access' to token endpoint request
|
||||||
|
2022-11-17 04:16:48 |
SUCCESS
|
CreateClientAuthenticationAssertionClaims
Created client assertion claims
|
||||||||||||
|
2022-11-17 04:16:48 |
SUCCESS
|
SignClientAuthenticationAssertion
Signed the client assertion
|
||
|
2022-11-17 04:16:48 |
|
AddClientAssertionToTokenEndpointRequest
Added client assertion
|
||||||||||
|
2022-11-17 04:16:48 |
SUCCESS
|
WaitForOneSecond
Pausing for 1 seconds
|
|
2022-11-17 04:16:49 |
SUCCESS
|
WaitForOneSecond
Woke up after 1 seconds sleep
|
|
2022-11-17 04:16:49 |
|
CallTokenEndpointAndReturnFullResponse
HTTP request
|
||||||||||
|
2022-11-17 04:16:50 |
RESPONSE
|
CallTokenEndpointAndReturnFullResponse
HTTP response
|
||||||||
|
2022-11-17 04:16:50 |
SUCCESS
|
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
|
||||||||
|
2022-11-17 04:16:50 | SUCCESS |
CheckTokenEndpointHttpStatus200
Token endpoint http status code was 200
|
|
2022-11-17 04:16:50 | SUCCESS |
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
|
|
2022-11-17 04:16:50 | SUCCESS |
CheckTokenEndpointCacheHeaders
'cache-control' header in token endpoint response contains expected value.
|
||
|
2022-11-17 04:16:50 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2022-11-17 04:16:50 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2022-11-17 04:16:50 | SUCCESS |
CheckTokenTypeIsBearer
Token type is bearer
|
|
2022-11-17 04:16:50 | SUCCESS |
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
|
||||||
|
2022-11-17 04:16:50 | SUCCESS |
EnsureAccessTokenContainsAllowedCharactersOnly
Access token does not contain any illegal characters
|
|
2022-11-17 04:16:50 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2022-11-17 04:16:50 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2022-11-17 04:16:50 |
SUCCESS
|
EnsureAccessTokenValuesAreDifferent
Access token values are not the same
|
||||
|
2022-11-17 04:16:50 |
INFO
|
ExtractIdTokenFromTokenResponse
Couldn't find id_token in token_endpoint_response
|
|
2022-11-17 04:16:50 |
INFO
|
ExtractRefreshTokenFromTokenResponse
Token endpoint response does not contain a refresh token
|
|
2022-11-17 04:16:50 | INFO |
EnsureMinimumRefreshTokenLength
Skipped evaluation due to missing required element: token_endpoint_response refresh_token
|
||||||
|
2022-11-17 04:16:50 | INFO |
EnsureMinimumRefreshTokenEntropy
Skipped evaluation due to missing required element: token_endpoint_response refresh_token
|
||||||
|
2022-11-17 04:16:50 | INFO |
CompareIdTokenClaims
Skipped evaluation due to missing required object: second_id_token
|
||||
|
Resource server endpoint tests |
2022-11-17 04:16:50 |
|
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
|
||
|
2022-11-17 04:16:50 | SUCCESS |
AddFAPIAuthDateToResourceEndpointRequest
Added x-fapi-auth-date to resource endpoint request headers
|
||
|
2022-11-17 04:16:50 |
|
AddIpV4FapiCustomerIpAddressToResourceEndpointRequest
Added x-fapi-customer-ip-address containing IPv4 address to resource endpoint request headers
|
||
|
2022-11-17 04:16:50 |
|
CreateRandomFAPIInteractionId
Created interaction ID
|
||
|
2022-11-17 04:16:50 | SUCCESS |
AddFAPIInteractionIdToResourceEndpointRequest
Added x-fapi-interaction-id to resource endpoint request headers
|
||
|
2022-11-17 04:16:50 |
|
CallProtectedResource
HTTP request
|
||||||||||
|
2022-11-17 04:16:51 |
RESPONSE
|
CallProtectedResource
HTTP response
|
||||||||
|
2022-11-17 04:16:51 | SUCCESS |
CallProtectedResource
Got a response from the resource endpoint
|
||||||||
|
2022-11-17 04:16:51 |
SUCCESS
|
EnsureHttpStatusCodeIs200or201
resource endpoint http status code was 200
|
|
2022-11-17 04:16:51 | SUCCESS |
CheckForDateHeaderInResourceResponse
Date header present and validated
|
||||
|
2022-11-17 04:16:51 | SUCCESS |
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
|
||
|
2022-11-17 04:16:51 | SUCCESS |
EnsureMatchingFAPIInteractionId
Interaction ID matched
|
||
|
2022-11-17 04:16:51 | SUCCESS |
EnsureResourceResponseReturnedJsonContentType
Response content type is json
|
||
|
Second client: Setup |
2022-11-17 04:16:51 | SUCCESS |
AddRedirectUriQuerySuffix
Created redirect URI query suffix to test that query sections in the registered redirect url are handled correctly. The redirect url, including this suffix, must be registered for the client as per http://openid.net/certification/fapi_op_testing/
|
||
|
2022-11-17 04:16:51 |
|
CreateRedirectUri
Appending suffix to redirect URI
|
||
|
2022-11-17 04:16:51 | SUCCESS |
CreateRedirectUri
Created redirect URI
|
||
|
Second client: Make request to authorization endpoint |
2022-11-17 04:16:51 |
SUCCESS
|
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
|
||||||
|
2022-11-17 04:16:51 |
SUCCESS
|
AddAcrClaimToAuthorizationEndpointRequest
Added acr claim to authorization_endpoint_request
|
||
|
2022-11-17 04:16:51 |
|
CreateRandomStateValue
Created state value
|
||||
|
2022-11-17 04:16:51 |
SUCCESS
|
AddStateToAuthorizationEndpointRequest
Added state parameter to request
|
||||||||||
|
2022-11-17 04:16:51 |
|
CreateRandomNonceValue
Created nonce value
|
||||
|
2022-11-17 04:16:51 |
SUCCESS
|
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
|
||||||||||||
|
2022-11-17 04:16:51 |
SUCCESS
|
SetAuthorizationEndpointRequestResponseTypeToCodeIdtoken
Added response_type parameter to request
|
||||||||||||||
|
2022-11-17 04:16:51 |
|
CreateRandomCodeVerifier
Created code_verifier value
|
||
|
2022-11-17 04:16:51 |
|
CreateS256CodeChallenge
Created code_challenge value
|
||
|
2022-11-17 04:16:51 | SUCCESS |
AddCodeChallengeToAuthorizationEndpointRequest
Added code_challenge and code_challenge_method parameters to request
|
||||||||||||||||||
|
2022-11-17 04:16:51 | SUCCESS |
AddPromptConsentToAuthorizationEndpointRequestIfScopeContainsOfflineAccess
Added prompt=consent to authorization endpoint request
|
||||||||||||||||||||
|
2022-11-17 04:16:51 |
SUCCESS
|
ConvertAuthorizationEndpointRequestToRequestObject
Created request object claims
|
||
|
2022-11-17 04:16:51 |
SUCCESS
|
AddIatToRequestObject
Added iat to request object claims
|
||
|
2022-11-17 04:16:51 | SUCCESS |
AddNbfToRequestObject
Added nbf to request object claims
|
||
|
2022-11-17 04:16:51 | SUCCESS |
AddExpToRequestObject
Added exp to request object claims
|
||
|
2022-11-17 04:16:51 | SUCCESS |
AddAudToRequestObject
Added aud to request object claims
|
||
|
2022-11-17 04:16:51 | SUCCESS |
AddIssToRequestObject
Added iss to request object claims
|
||
|
2022-11-17 04:16:51 | SUCCESS |
AddClientIdToRequestObject
Added client_id to request object claims
|
||
|
2022-11-17 04:16:51 |
SUCCESS
|
SignRequestObject
Signed the request object
|
||||||||
|
2022-11-17 04:16:51 |
SUCCESS
|
BuildRequestObjectPostToPAREndpoint
|
||
|
2022-11-17 04:16:51 |
SUCCESS
|
CreateClientAuthenticationAssertionClaims
Created client assertion claims
|
||||||||||||
|
2022-11-17 04:16:51 | SUCCESS |
UpdateClientAuthenticationAssertionClaimsWithISSAud
Updated audience in client assertion claims
|
||||||||||||
|
2022-11-17 04:16:51 |
SUCCESS
|
SignClientAuthenticationAssertion
Signed the client assertion
|
||
|
2022-11-17 04:16:51 |
SUCCESS
|
AddClientAssertionToPAREndpointParameters
Added client assertion to request
|
||
|
2022-11-17 04:16:51 |
|
CallPAREndpoint
HTTP request
|
||||||||
|
2022-11-17 04:16:51 |
RESPONSE
|
CallPAREndpoint
HTTP response
|
||||||||
|
2022-11-17 04:16:51 | SUCCESS |
CallPAREndpoint
Parsed pushed authorization request endpoint response
|
||||
|
2022-11-17 04:16:51 | SUCCESS |
CheckPAREndpointResponse201WithNoError
pushed authorization request endpoint correct response.
|
|
2022-11-17 04:16:51 | SUCCESS |
CheckForRequestUriValue
Found valid request_uri
|
||
|
2022-11-17 04:16:51 | SUCCESS |
CheckForPARResponseExpiresIn
Found expires_in
|
||
|
2022-11-17 04:16:51 |
SUCCESS
|
ExtractRequestUriFromPARResponse
Extracted the request_uri: urn:ietf:params:oauth:request_uri:tqd5Ndk9RLzSCmaF
|
|
2022-11-17 04:16:51 | SUCCESS |
EnsureMinimumRequestUriEntropy
Calculated shannon entropy seems sufficient
|
||||||
|
2022-11-17 04:16:51 | SUCCESS |
BuildRequestObjectByReferenceRedirectToAuthorizationEndpoint
Sending to authorization endpoint
|
||
|
2022-11-17 04:16:51 |
REDIRECT
|
fapi1-advanced-final-refresh-token
Redirecting to authorization endpoint
|
||
|
2022-11-17 04:17:03 |
INCOMING
|
fapi1-advanced-final-refresh-token
Incoming HTTP request to /test/a/NC7000-3A-OC/callback
|
||||||||||||||||||||||
|
2022-11-17 04:17:03 |
SUCCESS
|
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
|
||
|
2022-11-17 04:17:03 |
OUTGOING
|
fapi1-advanced-final-refresh-token
Response to HTTP request to test instance 5Mq9I9F8tC8xztB
|
||||
|
2022-11-17 04:17:04 |
INCOMING
|
fapi1-advanced-final-refresh-token
Incoming HTTP request to /test/a/NC7000-3A-OC/implicit/11WUgSJ2A6s7FDqC1RS5
|
||||||||||||||||||||||
|
2022-11-17 04:17:04 |
OUTGOING
|
fapi1-advanced-final-refresh-token
Response to HTTP request to test instance 5Mq9I9F8tC8xztB
|
||||||||
|
2022-11-17 04:17:04 |
|
ExtractImplicitHashToCallbackResponse
Extracted response from URL fragment
|
||
|
2022-11-17 04:17:04 |
SUCCESS
|
ExtractImplicitHashToCallbackResponse
Extracted the hash values
|
||||||||
|
2022-11-17 04:17:04 |
REDIRECT-IN
|
fapi1-advanced-final-refresh-token
Authorization endpoint response captured
|
||||||||||
|
Second client: Verify authorization endpoint response |
2022-11-17 04:17:04 | SUCCESS |
RejectErrorInUrlQuery
'error' is not present in URL query returned from authorization endpoint
|
|
2022-11-17 04:17:04 | SUCCESS |
RejectAuthCodeInUrlQuery
Authorization code is not present in URL query returned from authorization endpoint
|
|
2022-11-17 04:17:04 |
SUCCESS
|
CheckMatchingCallbackParameters
Callback parameters successfully verified
|
||||
|
2022-11-17 04:17:04 | SUCCESS |
RejectStateInUrlQueryForHybridFlow
state is correctly not present in URL query returned from authorization endpoint (as in the hybrid flow it must be returned in the URL fragment/hash only)
|
|
2022-11-17 04:17:04 |
SUCCESS
|
CheckIfAuthorizationEndpointError
No error from authorization endpoint
|
|
2022-11-17 04:17:04 |
WARNING
|
ValidateSuccessfulHybridResponseFromAuthorizationEndpoint
authorization endpoint response includes unexpected parameters. This may be because the authorization server supports protocol extensions the conformance suite is unaware of, but may also be because the server is implementing the specification incorrectly.
|
||
|
2022-11-17 04:17:04 | SUCCESS |
CheckStateInAuthorizationResponse
State in response correctly returned
|
||
|
2022-11-17 04:17:04 |
|
ValidateIssInAuthorizationResponse
No 'iss' value in authorization response.
|
|
2022-11-17 04:17:04 |
SUCCESS
|
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
|
||
|
2022-11-17 04:17:04 | SUCCESS |
EnsureMinimumAuthorizationCodeLength
Authorization code is of sufficient length
|
||||
|
2022-11-17 04:17:04 | SUCCESS |
EnsureMinimumAuthorizationCodeEntropy
Calculated shannon entropy seems sufficient
|
||||||
|
2022-11-17 04:17:04 | SUCCESS |
ExtractIdTokenFromAuthorizationResponse
Found and parsed the id_token from authorization_endpoint_response
|
||||||
|
2022-11-17 04:17:04 | SUCCESS |
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
|
|
2022-11-17 04:17:04 |
|
ValidateIdTokenStandardClaims
sub is a string with content
|
|
2022-11-17 04:17:04 | SUCCESS |
ValidateIdTokenStandardClaims
id_token claims are valid
|
|
2022-11-17 04:17:04 | SUCCESS |
ValidateIdTokenNonce
Nonce values match
|
||
|
2022-11-17 04:17:04 | SUCCESS |
ValidateIdTokenACRClaimAgainstRequest
acr value in id_token is (one of) the requested values
|
||||
|
2022-11-17 04:17:04 |
SUCCESS
|
ValidateIdTokenSignature
id_token signature validated
|
||
|
2022-11-17 04:17:04 |
SUCCESS
|
ValidateIdTokenSignatureUsingKid
id_token signature validated
|
||
|
2022-11-17 04:17:04 |
|
EnsureIdTokenUpdatedAtValid
id_token response does not contain 'updated_at'
|
|
2022-11-17 04:17:04 | INFO |
ValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2022-11-17 04:17:04 | SUCCESS |
EnsureIdTokenContainsKid
kid was found in the ID token header
|
||
|
2022-11-17 04:17:04 | SUCCESS |
FAPIValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
|
||||
|
2022-11-17 04:17:04 | INFO |
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2022-11-17 04:17:04 | SUCCESS |
ExtractSHash
Extracted s_hash from ID Token
|
||||
|
2022-11-17 04:17:04 | SUCCESS |
ValidateSHash
s_hash validated successfully
|
||||||
|
2022-11-17 04:17:04 | SUCCESS |
ExtractCHash
Extracted c_hash from ID Token
|
||||
|
2022-11-17 04:17:04 | SUCCESS |
ValidateCHash
c_hash validated successfully
|
||||||
|
Second client: Call token endpoint |
2022-11-17 04:17:04 |
SUCCESS
|
CreateTokenEndpointRequestForAuthorizationCodeGrant
Created token endpoint request
|
||||||
|
2022-11-17 04:17:04 |
SUCCESS
|
CreateClientAuthenticationAssertionClaims
Created client assertion claims
|
||||||||||||
|
2022-11-17 04:17:04 |
SUCCESS
|
SignClientAuthenticationAssertion
Signed the client assertion
|
||
|
2022-11-17 04:17:04 |
|
AddClientAssertionToTokenEndpointRequest
Added client assertion
|
||||||||||
|
2022-11-17 04:17:04 |
|
AddCodeVerifierToTokenEndpointRequest
|
||||||||||||
|
2022-11-17 04:17:04 |
|
CallTokenEndpoint
HTTP request
|
||||||||||
|
2022-11-17 04:17:05 |
RESPONSE
|
CallTokenEndpoint
HTTP response
|
||||||||
|
2022-11-17 04:17:05 |
SUCCESS
|
CallTokenEndpoint
Parsed token endpoint response
|
||||||||||||
|
Second client: Verify token endpoint response |
2022-11-17 04:17:05 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2022-11-17 04:17:05 | SUCCESS |
CheckForAccessTokenValue
Found an access token
|
||
|
2022-11-17 04:17:05 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2022-11-17 04:17:05 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2022-11-17 04:17:05 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2022-11-17 04:17:05 |
SUCCESS
|
CheckForRefreshTokenValue
Found a refresh token
|
||
|
2022-11-17 04:17:05 | SUCCESS |
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
|
||||
|
2022-11-17 04:17:05 | SUCCESS |
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
|
||||||
|
2022-11-17 04:17:05 | SUCCESS |
EnsureMinimumAccessTokenLength
Access token is of sufficient length
|
||||
|
2022-11-17 04:17:05 | SUCCESS |
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
|
||||||
|
2022-11-17 04:17:05 | SUCCESS |
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
|
||||||
|
2022-11-17 04:17:05 | SUCCESS |
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
|
|
2022-11-17 04:17:05 |
|
ValidateIdTokenStandardClaims
sub is a string with content
|
|
2022-11-17 04:17:05 | SUCCESS |
ValidateIdTokenStandardClaims
id_token claims are valid
|
|
2022-11-17 04:17:05 | SUCCESS |
ValidateIdTokenNonce
Nonce values match
|
||
|
2022-11-17 04:17:05 | SUCCESS |
ValidateIdTokenACRClaimAgainstRequest
acr value in id_token is (one of) the requested values
|
||||
|
2022-11-17 04:17:05 |
SUCCESS
|
ValidateIdTokenSignature
id_token signature validated
|
||
|
2022-11-17 04:17:05 |
SUCCESS
|
ValidateIdTokenSignatureUsingKid
id_token signature validated
|
||
|
2022-11-17 04:17:05 |
|
EnsureIdTokenUpdatedAtValid
id_token response does not contain 'updated_at'
|
|
2022-11-17 04:17:05 | INFO |
ValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2022-11-17 04:17:05 | SUCCESS |
EnsureIdTokenContainsKid
kid was found in the ID token header
|
||
|
2022-11-17 04:17:05 | SUCCESS |
FAPIValidateIdTokenSigningAlg
id_token was signed with a permitted algorithm
|
||||
|
2022-11-17 04:17:05 | INFO |
FAPIValidateIdTokenEncryptionAlg
Skipped evaluation due to missing required element: id_token jwe_header
|
||||||
|
2022-11-17 04:17:05 | INFO |
ExtractCHash
Couldn't find c_hash in ID token
|
|
2022-11-17 04:17:05 | INFO |
ExtractSHash
Couldn't find s_hash in ID token
|
|
2022-11-17 04:17:05 | INFO |
ExtractAtHash
Couldn't find at_hash in ID token
|
|
2022-11-17 04:17:05 | INFO |
ValidateCHash
Skipped evaluation due to missing required object: c_hash
|
||||
|
2022-11-17 04:17:05 | INFO |
ValidateSHash
Skipped evaluation due to missing required object: s_hash
|
||||
|
2022-11-17 04:17:05 | INFO |
ValidateAtHash
Skipped evaluation due to missing required object: at_hash
|
||||
|
Second client: Verify at_hash in the authorization endpoint id_token |
2022-11-17 04:17:05 | INFO |
ExtractAtHash
Couldn't find at_hash in ID token
|
|
2022-11-17 04:17:05 | INFO |
ValidateAtHash
Skipped evaluation due to missing required object: at_hash
|
||||
|
Second client: Check for refresh token |
2022-11-17 04:17:05 |
SUCCESS
|
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
|
||
|
2022-11-17 04:17:05 | SUCCESS |
EnsureServerConfigurationSupportsRefreshToken
The server configuration indicates support for refresh tokens
|
||
|
2022-11-17 04:17:05 | SUCCESS |
EnsureRefreshTokenContainsAllowedCharactersOnly
Refresh token does not contain any illegal characters
|
|
Second client: Refresh Token Request |
2022-11-17 04:17:05 |
SUCCESS
|
CreateRefreshTokenRequest
Created token endpoint request parameters
|
||||
|
2022-11-17 04:17:05 |
SUCCESS
|
CreateClientAuthenticationAssertionClaims
Created client assertion claims
|
||||||||||||
|
2022-11-17 04:17:05 |
SUCCESS
|
SignClientAuthenticationAssertion
Signed the client assertion
|
||
|
2022-11-17 04:17:05 |
|
AddClientAssertionToTokenEndpointRequest
Added client assertion
|
||||||||
|
2022-11-17 04:17:05 |
SUCCESS
|
WaitForOneSecond
Pausing for 1 seconds
|
|
2022-11-17 04:17:06 |
SUCCESS
|
WaitForOneSecond
Woke up after 1 seconds sleep
|
|
2022-11-17 04:17:06 |
|
CallTokenEndpointAndReturnFullResponse
HTTP request
|
||||||||||
|
2022-11-17 04:17:07 |
RESPONSE
|
CallTokenEndpointAndReturnFullResponse
HTTP response
|
||||||||
|
2022-11-17 04:17:07 |
SUCCESS
|
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
|
||||||||
|
2022-11-17 04:17:07 | SUCCESS |
CheckTokenEndpointHttpStatus200
Token endpoint http status code was 200
|
|
2022-11-17 04:17:07 | SUCCESS |
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
|
|
2022-11-17 04:17:07 | SUCCESS |
CheckTokenEndpointCacheHeaders
'cache-control' header in token endpoint response contains expected value.
|
||
|
2022-11-17 04:17:07 |
SUCCESS
|
CheckIfTokenEndpointResponseError
No error from token endpoint
|
|
2022-11-17 04:17:07 |
SUCCESS
|
ExtractAccessTokenFromTokenResponse
Extracted the access token
|
||||
|
2022-11-17 04:17:07 | SUCCESS |
CheckTokenTypeIsBearer
Token type is bearer
|
|
2022-11-17 04:17:07 | SUCCESS |
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
|
||||||
|
2022-11-17 04:17:07 | SUCCESS |
EnsureAccessTokenContainsAllowedCharactersOnly
Access token does not contain any illegal characters
|
|
2022-11-17 04:17:07 | SUCCESS |
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
|
||
|
2022-11-17 04:17:07 | SUCCESS |
ValidateExpiresIn
expires_in passed all validation checks
|
||
|
2022-11-17 04:17:07 |
SUCCESS
|
EnsureAccessTokenValuesAreDifferent
Access token values are not the same
|
||||
|
2022-11-17 04:17:07 |
INFO
|
ExtractIdTokenFromTokenResponse
Couldn't find id_token in token_endpoint_response
|
|
2022-11-17 04:17:07 |
INFO
|
ExtractRefreshTokenFromTokenResponse
Token endpoint response does not contain a refresh token
|
|
2022-11-17 04:17:07 | INFO |
EnsureMinimumRefreshTokenLength
Skipped evaluation due to missing required element: token_endpoint_response refresh_token
|
||||||
|
2022-11-17 04:17:07 | INFO |
EnsureMinimumRefreshTokenEntropy
Skipped evaluation due to missing required element: token_endpoint_response refresh_token
|
||||||
|
2022-11-17 04:17:07 | INFO |
CompareIdTokenClaims
Skipped evaluation due to missing required object: second_id_token
|
||||
|
Second client: Resource server endpoint tests |
2022-11-17 04:17:07 |
|
CreateEmptyResourceEndpointRequestHeaders
Created empty headers
|
||
|
2022-11-17 04:17:07 |
|
CallProtectedResource
HTTP request
|
||||||||||
|
2022-11-17 04:17:08 |
RESPONSE
|
CallProtectedResource
HTTP response
|
||||||||
|
2022-11-17 04:17:08 | SUCCESS |
CallProtectedResource
Got a response from the resource endpoint
|
||||||||
|
2022-11-17 04:17:08 |
SUCCESS
|
EnsureHttpStatusCodeIs200or201
resource endpoint http status code was 200
|
|
2022-11-17 04:17:08 | SUCCESS |
CheckForDateHeaderInResourceResponse
Date header present and validated
|
||||
|
2022-11-17 04:17:08 | SUCCESS |
CheckForFAPIInteractionIdInResourceResponse
Found x-fapi-interaction-id
|
||
|
2022-11-17 04:17:08 | SUCCESS |
EnsureResourceResponseReturnedJsonContentType
Response content type is json
|
||
|
Try Client1's MTLS client certificate with Client2's access token |
2022-11-17 04:17:08 |
|
CallProtectedResource
HTTP request
|
||||||||||
|
2022-11-17 04:17:09 |
RESPONSE
|
CallProtectedResource
HTTP response
|
||||||||
|
2022-11-17 04:17:09 | SUCCESS |
CallProtectedResource
Got a response from the resource endpoint
|
||||||||
|
2022-11-17 04:17:09 | SUCCESS |
EnsureHttpStatusCodeIs4xx
resource endpoint http status code was 401
|
|
Attempting to use refresh_token issued to client 2 with client 1 |
2022-11-17 04:17:09 |
SUCCESS
|
CreateRefreshTokenRequest
Created token endpoint request parameters
|
||||
|
2022-11-17 04:17:09 |
SUCCESS
|
CreateClientAuthenticationAssertionClaims
Created client assertion claims
|
||||||||||||
|
2022-11-17 04:17:09 |
SUCCESS
|
SignClientAuthenticationAssertion
Signed the client assertion
|
||
|
2022-11-17 04:17:09 |
|
AddClientAssertionToTokenEndpointRequest
Added client assertion
|
||||||||
|
2022-11-17 04:17:09 |
|
CallTokenEndpointAndReturnFullResponse
HTTP request
|
||||||||||
|
2022-11-17 04:17:09 |
RESPONSE
|
CallTokenEndpointAndReturnFullResponse
HTTP response
|
||||||||
|
2022-11-17 04:17:09 |
SUCCESS
|
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
|
||||||
|
2022-11-17 04:17:09 |
SUCCESS
|
ValidateErrorFromTokenEndpointResponseError
Token endpoint response error returned valid 'error' field
|
||
|
2022-11-17 04:17:09 | SUCCESS |
CheckTokenEndpointHttpStatus400
Token endpoint http status code was 400
|
|
2022-11-17 04:17:09 | SUCCESS |
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
|
|
2022-11-17 04:17:09 | SUCCESS |
CheckErrorFromTokenEndpointResponseErrorInvalidGrant
Token Endpoint response error returned expected 'error' of 'invalid_grant'
|
||
|
2022-11-17 04:17:09 |
FINISHED
|
fapi1-advanced-final-refresh-token
Test has run to completion
|
||
|
2022-11-17 04:18:25 |
|
TEST-RUNNER
Alias has now been claimed by another test
|
||||
|