Test Summary

Test Results

Expand All Collapse All
All times are UTC
2023-02-14 11:11:13 INFO
TEST-RUNNER
Test instance 0RJXt2YplxEKZ0a created
baseUrl
https://www.certification.openid.net/test/a/Mindgate_Solutions
variant
{
  "client_auth_type": "client_secret_basic",
  "response_type": "code",
  "server_metadata": "discovery",
  "response_mode": "default",
  "client_registration": "static_client"
}
alias
Mindgate_Solutions
description
OpenID Core Basic Certification Test Run
planId
zs280wqop79PA
config
{
  "alias": "Mindgate_Solutions",
  "description": "OpenID Core Basic Certification Test Run",
  "server": {
    "discoveryUrl": "https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/discovery"
  },
  "consent": {},
  "client": {
    "client_id": "VT1002",
    "client_secret": "0e857c1d-5f20-4c07-96e3-ba58bce7783b"
  },
  "client_secret_post": {
    "client_id": "VT1002",
    "client_secret": "0e857c1d-5f20-4c07-96e3-ba58bce7783b"
  },
  "client2": {
    "client_id": "VT1004",
    "client_secret": "e1bf3dca-17a7-40c1-885e-0aa51a4363a2"
  }
}
testName
oidcc-refresh-token
2023-02-14 11:11:13 SUCCESS
CreateRedirectUri
Created redirect URI
redirect_uri
https://www.certification.openid.net/test/a/Mindgate_Solutions/callback
2023-02-14 11:11:13
GetDynamicServerConfiguration
HTTP request
request_uri
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/discovery
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2023-02-14 11:11:15 RESPONSE
GetDynamicServerConfiguration
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-type": "application/json",
  "transfer-encoding": "chunked",
  "connection": "keep-alive",
  "date": "Tue, 14 Feb 2023 11:11:15 GMT",
  "x-amzn-requestid": "9b9325df-1a04-46c9-8129-01679ed834b6",
  "x-xss-protection": "1; mode\u003dblock",
  "x-frame-options": "DENY",
  "x-envoy-upstream-service-time": "1104",
  "x-amzn-remapped-connection": "keep-alive",
  "x-amz-apigw-id": "AU3c6Fd3hcwFRXg\u003d",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "x-amzn-remapped-server": "istio-envoy",
  "x-content-type-options": "nosniff",
  "expires": "0",
  "pragma": "no-cache",
  "x-amzn-remapped-date": "Tue, 14 Feb 2023 11:11:15 GMT",
  "vary": "Accept-Encoding",
  "x-cache": "Miss from cloudfront",
  "via": "1.1 ea71b96212c28d5f0611046b8d2932f6.cloudfront.net (CloudFront)",
  "x-amz-cf-pop": "MIA3-C4",
  "x-amz-cf-id": "p9wo4c9UF5W7NMyE8Qm7JKUXD7al_HHSYz66zI9fKSg6X6cR2v8Cdg\u003d\u003d"
}
response_body
{"issuer":"https://d26c3ruhv16ewi.cloudfront.net","authorization_endpoint":"https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/authorize","token_endpoint":"https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/token","userinfo_endpoint":"https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-auth/authorization-service/service/vtiam/api/v5.0/authz/userinfo","jwks_uri":"https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/oauth/jwks","scopes_supported":["openid","profile","email","phone","address","all"],"response_types_supported":["code"],"grant_types_supported":["authorization_code","refresh_token","client_credentials","password"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS512"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"]}
2023-02-14 11:11:15 SUCCESS
GetDynamicServerConfiguration
Successfully parsed server configuration
issuer
https://d26c3ruhv16ewi.cloudfront.net
authorization_endpoint
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/authorize
token_endpoint
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/token
userinfo_endpoint
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-auth/authorization-service/service/vtiam/api/v5.0/authz/userinfo
jwks_uri
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/oauth/jwks
scopes_supported
[
  "openid",
  "profile",
  "email",
  "phone",
  "address",
  "all"
]
response_types_supported
[
  "code"
]
grant_types_supported
[
  "authorization_code",
  "refresh_token",
  "client_credentials",
  "password"
]
subject_types_supported
[
  "public"
]
id_token_signing_alg_values_supported
[
  "RS512"
]
token_endpoint_auth_methods_supported
[
  "client_secret_basic",
  "client_secret_post"
]
2023-02-14 11:11:15 SUCCESS
CheckServerConfiguration
Found required server configuration keys
required
[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]
2023-02-14 11:11:15 SUCCESS
ExtractTLSTestValuesFromServerConfiguration
Extracted TLS information from authorization server configuration
registration_endpoint
authorization_endpoint
{
  "testHost": "d26c3ruhv16ewi.cloudfront.net",
  "testPort": 443
}
token_endpoint
{
  "testHost": "d26c3ruhv16ewi.cloudfront.net",
  "testPort": 443
}
userinfo_endpoint
{
  "testHost": "d26c3ruhv16ewi.cloudfront.net",
  "testPort": 443
}
2023-02-14 11:11:15
FetchServerKeys
Fetching server key
jwks_uri
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/oauth/jwks
2023-02-14 11:11:15
FetchServerKeys
HTTP request
request_uri
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/oauth/jwks
request_method
GET
request_headers
{
  "accept": "text/plain, application/json, application/*+json, */*",
  "content-length": "0"
}
request_body

                                
2023-02-14 11:11:16 RESPONSE
FetchServerKeys
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-type": "application/json",
  "content-length": "426",
  "connection": "keep-alive",
  "date": "Tue, 14 Feb 2023 11:11:16 GMT",
  "x-amzn-requestid": "bbbf8167-c030-4f5f-8287-608aaec75f6b",
  "x-xss-protection": "1; mode\u003dblock",
  "x-frame-options": "DENY",
  "x-envoy-upstream-service-time": "47",
  "x-amzn-remapped-connection": "keep-alive",
  "x-amz-apigw-id": "AU3dNFGSBcwFRPg\u003d",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "x-amzn-remapped-server": "istio-envoy",
  "x-content-type-options": "nosniff",
  "expires": "0",
  "pragma": "no-cache",
  "x-amzn-remapped-date": "Tue, 14 Feb 2023 11:11:16 GMT",
  "x-cache": "Miss from cloudfront",
  "via": "1.1 9df0661694135666b2bd52748cde9006.cloudfront.net (CloudFront)",
  "x-amz-cf-pop": "MIA3-C4",
  "x-amz-cf-id": "FMhJ9CoqBCI7T__By-cT2Ots5Sa8m_UDjOJRnUuDMMdXHCAS2wt2-g\u003d\u003d"
}
response_body
{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS512","n":"sv63ROJCVoe4vlAf9z001KmJj5_FURpy9eKigFrLlWkErHD_5uyugO2-JvqAdZPg8flFdTqZJFLc4bXmzH9gZwktZMKXjQvuPA_kbcM62Kl0AHVndswBh1ZVbgG-RF-JpH7SZXzXv6DsN3GWqIoqOzJTM7smVU6ka04mcQ-7UPrm-o6Rn6s_GRa59Sy7IaCKPFRny11tSU_FHXqjj4TlrzcLzPNqUaPW1n-3GAzsZFo2M82Kta0UG4SLboFFcIIiLYXoQvM1Tmi3BD0bX0WsF1cTg9jXo-EaxHh_YVs5OOWCuEgEi5GZpzXieDpme92zf_XPrrCyHvn8JI8r2QCvJw","kid":"mnbvcxz"}]}
2023-02-14 11:11:16
FetchServerKeys
Found JWK set string
jwk_string
{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","alg":"RS512","n":"sv63ROJCVoe4vlAf9z001KmJj5_FURpy9eKigFrLlWkErHD_5uyugO2-JvqAdZPg8flFdTqZJFLc4bXmzH9gZwktZMKXjQvuPA_kbcM62Kl0AHVndswBh1ZVbgG-RF-JpH7SZXzXv6DsN3GWqIoqOzJTM7smVU6ka04mcQ-7UPrm-o6Rn6s_GRa59Sy7IaCKPFRny11tSU_FHXqjj4TlrzcLzPNqUaPW1n-3GAzsZFo2M82Kta0UG4SLboFFcIIiLYXoQvM1Tmi3BD0bX0WsF1cTg9jXo-EaxHh_YVs5OOWCuEgEi5GZpzXieDpme92zf_XPrrCyHvn8JI8r2QCvJw","kid":"mnbvcxz"}]}
2023-02-14 11:11:16 SUCCESS
FetchServerKeys
Found server JWK set
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS512",
      "n": "sv63ROJCVoe4vlAf9z001KmJj5_FURpy9eKigFrLlWkErHD_5uyugO2-JvqAdZPg8flFdTqZJFLc4bXmzH9gZwktZMKXjQvuPA_kbcM62Kl0AHVndswBh1ZVbgG-RF-JpH7SZXzXv6DsN3GWqIoqOzJTM7smVU6ka04mcQ-7UPrm-o6Rn6s_GRa59Sy7IaCKPFRny11tSU_FHXqjj4TlrzcLzPNqUaPW1n-3GAzsZFo2M82Kta0UG4SLboFFcIIiLYXoQvM1Tmi3BD0bX0WsF1cTg9jXo-EaxHh_YVs5OOWCuEgEi5GZpzXieDpme92zf_XPrrCyHvn8JI8r2QCvJw",
      "kid": "mnbvcxz"
    }
  ]
}
2023-02-14 11:11:16 SUCCESS
CheckServerKeysIsValid
Server JWKs is valid
server_jwks
{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "alg": "RS512",
      "n": "sv63ROJCVoe4vlAf9z001KmJj5_FURpy9eKigFrLlWkErHD_5uyugO2-JvqAdZPg8flFdTqZJFLc4bXmzH9gZwktZMKXjQvuPA_kbcM62Kl0AHVndswBh1ZVbgG-RF-JpH7SZXzXv6DsN3GWqIoqOzJTM7smVU6ka04mcQ-7UPrm-o6Rn6s_GRa59Sy7IaCKPFRny11tSU_FHXqjj4TlrzcLzPNqUaPW1n-3GAzsZFo2M82Kta0UG4SLboFFcIIiLYXoQvM1Tmi3BD0bX0WsF1cTg9jXo-EaxHh_YVs5OOWCuEgEi5GZpzXieDpme92zf_XPrrCyHvn8JI8r2QCvJw",
      "kid": "mnbvcxz"
    }
  ]
}
2023-02-14 11:11:16 SUCCESS
ValidateServerJWKs
Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url
2023-02-14 11:11:16 SUCCESS
CheckForKeyIdInServerJWKs
All keys contain kids
2023-02-14 11:11:16 SUCCESS
CheckDistinctKeyIdValueInServerJWKs
Distinct 'kid' value in all keys of server_jwks
see
https://bitbucket.org/openid/connect/issues/1127
2023-02-14 11:11:16 SUCCESS
EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys
Jwks does not contain any private or symmetric keys
2023-02-14 11:11:16 SUCCESS
GetStaticClientConfiguration
Found a static client object
client_id
VT1002
client_secret
0e857c1d-5f20-4c07-96e3-ba58bce7783b
2023-02-14 11:11:16 INFO
ValidateClientJWKsPrivatePart
Skipped evaluation due to missing required element: client jwks
path
jwks
mapped
object
client
2023-02-14 11:11:16 INFO
ExtractJWKsFromStaticClientConfiguration
Skipped evaluation due to missing required element: client jwks
path
jwks
mapped
object
client
2023-02-14 11:11:16 INFO
CheckDistinctKeyIdValueInClientJWKs
Skipped evaluation due to missing required element: client jwks
path
jwks
mapped
object
client
2023-02-14 11:11:16
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
2023-02-14 11:11:16
SetScopeInClientConfigurationToOpenIdOfflineAccessIfServerSupportsOfflineAccess
scopes supported does not contain 'offline_access' so not adding it to the list of scopes to be requested
scopes_supported
[
  "openid",
  "profile",
  "email",
  "phone",
  "address",
  "all"
]
2023-02-14 11:11:16 SUCCESS
EnsureServerConfigurationSupportsClientSecretBasic
Contents of 'token_endpoint_auth_methods_supported' in discovery document matches expectations.
actual
[
  "client_secret_basic",
  "client_secret_post"
]
expected
[
  "client_secret_basic"
]
minimum_matches_required
1
2023-02-14 11:11:16 SUCCESS
GetStaticClient2Configuration
Found a static second client object
client_id
VT1004
client_secret
e1bf3dca-17a7-40c1-885e-0aa51a4363a2
2023-02-14 11:11:16 INFO
ValidateClientJWKsPrivatePart
Skipped evaluation due to missing required element: client jwks
path
jwks
mapped
object
client
2023-02-14 11:11:16 INFO
ExtractJWKsFromStaticClientConfiguration
Skipped evaluation due to missing required element: client jwks
path
jwks
mapped
object
client
2023-02-14 11:11:16 INFO
CheckDistinctKeyIdValueInClientJWKs
Skipped evaluation due to missing required element: client jwks
path
jwks
mapped
object
client
2023-02-14 11:11:16
SetScopeInClientConfigurationToOpenId
Set scope in client configuration to "openid"
scope
openid
2023-02-14 11:11:16
SetScopeInClientConfigurationToOpenIdOfflineAccessIfServerSupportsOfflineAccess
scopes supported does not contain 'offline_access' so not adding it to the list of scopes to be requested
scopes_supported
[
  "openid",
  "profile",
  "email",
  "phone",
  "address",
  "all"
]
2023-02-14 11:11:16 SUCCESS
EnsureServerConfigurationSupportsClientSecretBasic
Contents of 'token_endpoint_auth_methods_supported' in discovery document matches expectations.
actual
[
  "client_secret_basic",
  "client_secret_post"
]
expected
[
  "client_secret_basic"
]
minimum_matches_required
1
2023-02-14 11:11:16 SUCCESS
SetProtectedResourceUrlToUserInfoEndpoint
userinfo_endpoint will be used to test access token. The user info is not a mandatory to implement feature in the OpenID Connect specification, but is mandatory for certification.
protected_resource_url
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-auth/authorization-service/service/vtiam/api/v5.0/authz/userinfo
2023-02-14 11:11:16
oidcc-refresh-token
Setup Done
Make request to authorization endpoint
2023-02-14 11:11:16 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
VT1002
redirect_uri
https://www.certification.openid.net/test/a/Mindgate_Solutions/callback
scope
openid
2023-02-14 11:11:16
CreateRandomStateValue
Created state value
requested_state_length
10
state
RN5aQtWLEd
2023-02-14 11:11:16 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
VT1002
redirect_uri
https://www.certification.openid.net/test/a/Mindgate_Solutions/callback
scope
openid
state
RN5aQtWLEd
2023-02-14 11:11:16
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
vT9pdIFt9O
2023-02-14 11:11:16 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
VT1002
redirect_uri
https://www.certification.openid.net/test/a/Mindgate_Solutions/callback
scope
openid
state
RN5aQtWLEd
nonce
vT9pdIFt9O
2023-02-14 11:11:16 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
VT1002
redirect_uri
https://www.certification.openid.net/test/a/Mindgate_Solutions/callback
scope
openid
state
RN5aQtWLEd
nonce
vT9pdIFt9O
response_type
code
2023-02-14 11:11:16 SUCCESS
AddPromptConsentToAuthorizationEndpointRequestIfScopeContainsOfflineAccess
Not adding prompt=consent as the scope in the configuration does not contain offline_access
2023-02-14 11:11:16 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
auth_request
{
  "client_id": "VT1002",
  "redirect_uri": "https://www.certification.openid.net/test/a/Mindgate_Solutions/callback",
  "scope": "openid",
  "state": "RN5aQtWLEd",
  "nonce": "vT9pdIFt9O",
  "response_type": "code"
}
redirect_to_authorization_endpoint
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/authorize?client_id=VT1002&redirect_uri=https://www.certification.openid.net/test/a/Mindgate_Solutions/callback&scope=openid&state=RN5aQtWLEd&nonce=vT9pdIFt9O&response_type=code
2023-02-14 11:11:16 REDIRECT
oidcc-refresh-token
Redirecting to authorization endpoint
redirect_to
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/authorize?client_id=VT1002&redirect_uri=https://www.certification.openid.net/test/a/Mindgate_Solutions/callback&scope=openid&state=RN5aQtWLEd&nonce=vT9pdIFt9O&response_type=code
2023-02-14 11:15:16 INCOMING
oidcc-refresh-token
Incoming HTTP request to /test/a/Mindgate_Solutions/callback
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "none",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "sec-ch-ua-mobile": "?0",
  "sec-ch-ua-platform": "\"Windows\"",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9",
  "cookie": "__utmc\u003d201319536; __utma\u003d201319536.1403859992.1675923923.1676019700.1676300592.3; __utmz\u003d201319536.1676300592.3.2.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d917F0DD171FF8F27534568E73C5AF418",
  "connection": "close"
}
incoming_path
/test/a/Mindgate_Solutions/callback
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{
  "code": "d8dc7795-4346-4dfe-877a-a3b650ceb1cd",
  "state": "RN5aQtWLEd"
}
incoming_body
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json
2023-02-14 11:15:16 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/T6PuNd62w4fbGUsD9nYM",
  "fullUrl": "https://www.certification.openid.net/test/a/Mindgate_Solutions/implicit/T6PuNd62w4fbGUsD9nYM"
}
2023-02-14 11:15:16 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance 0RJXt2YplxEKZ0a
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/Mindgate_Solutions/implicit/T6PuNd62w4fbGUsD9nYM, returnUrl=/log-detail.html?log=0RJXt2YplxEKZ0a}]
outgoing_path
callback
2023-02-14 11:15:17 INCOMING
oidcc-refresh-token
Incoming HTTP request to /test/a/Mindgate_Solutions/implicit/T6PuNd62w4fbGUsD9nYM
incoming_headers
{
  "host": "www.certification.openid.net",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "accept": "*/*",
  "content-type": "text/plain",
  "x-requested-with": "XMLHttpRequest",
  "sec-ch-ua-mobile": "?0",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "sec-ch-ua-platform": "\"Windows\"",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/Mindgate_Solutions/callback?code\u003dd8dc7795-4346-4dfe-877a-a3b650ceb1cd\u0026state\u003dRN5aQtWLEd",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9",
  "cookie": "__utmc\u003d201319536; __utma\u003d201319536.1403859992.1675923923.1676019700.1676300592.3; __utmz\u003d201319536.1676300592.3.2.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d917F0DD171FF8F27534568E73C5AF418",
  "connection": "close",
  "content-length": "0"
}
incoming_path
/test/a/Mindgate_Solutions/implicit/T6PuNd62w4fbGUsD9nYM
incoming_body_form_params
incoming_method
POST
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{}
incoming_body
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json
2023-02-14 11:15:17 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance 0RJXt2YplxEKZ0a
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/T6PuNd62w4fbGUsD9nYM
2023-02-14 11:15:17 SUCCESS
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
2023-02-14 11:15:17 REDIRECT-IN
oidcc-refresh-token
Authorization endpoint response captured
url_query
{
  "code": "d8dc7795-4346-4dfe-877a-a3b650ceb1cd",
  "state": "RN5aQtWLEd"
}
headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "none",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "sec-ch-ua-mobile": "?0",
  "sec-ch-ua-platform": "\"Windows\"",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9",
  "cookie": "__utmc\u003d201319536; __utma\u003d201319536.1403859992.1675923923.1676019700.1676300592.3; __utmz\u003d201319536.1676300592.3.2.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d917F0DD171FF8F27534568E73C5AF418",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-proto": "https",
  "x-forwarded-port": "443",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{}
post_body
Verify authorization endpoint response
2023-02-14 11:15:17 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2023-02-14 11:15:17
ValidateIssInAuthorizationResponse
No 'iss' value in authorization response.
2023-02-14 11:15:17 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2023-02-14 11:15:17 SUCCESS
CheckStateInAuthorizationResponse
State in response correctly returned
state
RN5aQtWLEd
2023-02-14 11:15:17 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
d8dc7795-4346-4dfe-877a-a3b650ceb1cd
2023-02-14 11:15:17 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
Created token endpoint request
grant_type
authorization_code
code
d8dc7795-4346-4dfe-877a-a3b650ceb1cd
redirect_uri
https://www.certification.openid.net/test/a/Mindgate_Solutions/callback
2023-02-14 11:15:17 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic VlQxMDAyOjBlODU3YzFkLTVmMjAtNGMwNy05NmUzLWJhNThiY2U3NzgzYg==
2023-02-14 11:15:17
CallTokenEndpoint
HTTP request
request_uri
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/token
request_method
POST
request_headers
{
  "accept": "application/json",
  "authorization": "Basic VlQxMDAyOjBlODU3YzFkLTVmMjAtNGMwNy05NmUzLWJhNThiY2U3NzgzYg\u003d\u003d",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "170"
}
request_body
grant_type=authorization_code&code=d8dc7795-4346-4dfe-877a-a3b650ceb1cd&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2FMindgate_Solutions%2Fcallback
2023-02-14 11:15:44 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-type": "application/json",
  "transfer-encoding": "chunked",
  "connection": "keep-alive",
  "vary": [
    "Accept-Encoding",
    "Origin,Access-Control-Request-Method,Access-Control-Request-Headers"
  ],
  "date": "Tue, 14 Feb 2023 11:15:44 GMT",
  "x-amzn-requestid": "fb20a69c-699f-4547-94e9-fd30a72f14db",
  "x-xss-protection": "1; mode\u003dblock",
  "x-frame-options": "DENY",
  "x-envoy-upstream-service-time": "26264",
  "x-amzn-remapped-connection": "keep-alive",
  "x-amz-apigw-id": "AU4C-HwjhcwFvaA\u003d",
  "cache-control": "no-store",
  "x-amzn-remapped-server": "istio-envoy",
  "x-content-type-options": "nosniff",
  "pragma": "no-cache",
  "x-amzn-remapped-date": "Tue, 14 Feb 2023 11:15:44 GMT",
  "x-cache": "Miss from cloudfront",
  "via": "1.1 bdc3d5363a86ee956925dfa6f20cbd32.cloudfront.net (CloudFront)",
  "x-amz-cf-pop": "MIA3-C4",
  "x-amz-cf-id": "c__Eo2tJVu__e766UzPr4Snmav7eRrf6VxGYSe5tczOM2KraCI5OLA\u003d\u003d"
}
response_body
{"id_token":"eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzMzNiwiZXhwIjoxNjc2NDU5NzM2LCJqdGkiOiI0OWQ3YTkwNi1iYzVkLTQ5ZWMtOTY5NS0yY2ZiOWEyYTIwYjgiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDAsIm5vbmNlIjoidlQ5cGRJRnQ5TyJ9.PJ_KbrM06-tefTIQ2tehy8LQ_nMCJ2ydS0jvAwHVTLIlUAN4mdYKTSEDUdA3ovSz1OvfjGU4J2WK87rPQbxJ8LWTFZLzxGdW_Vb_ZGkMyOEk4BwgZasanIQTcftieoW9IsiRHqPYU6ItWiiAxgbfnaPbVOffTl1M9cpuhEGrWppe3_baVh-QRil6zRwwqT8iIRQB5pXIp4D5Lfcxy462UplvFFHVbV3_P5ZryDEHTI-oyaQQPJlLjovbraAiJ4tVBDwsjIIqaajzEObTrSzxIv9FbnTSJJBAD_Me22_U1sO24vfSdFHdPAHqjCZtYmdx3cpfPp-O0ukrEFFAyeoX3Q","access_token":"eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzMzNSwiZXhwIjoxNjc2NDU5NzM1LCJqdGkiOiJjOTZmZDE3NC1kMmZjLTRiMzYtOGZjNy0xOWM5NGY0MWU4ZDkifQ.nsbPLg2kUA02J2mzkzkpA20imwBf5K_xfoD7eKq6k6ox79YN25dH1ejo4CwBocZoo79aZyH1qKV3tjfiCW9DsGsbjBkohgileJI-IncJUw8rUZk_MwiWkNk43B6aT0mjiHpsvZ94vlfUXUMDSNFLpmO-Vg-gzfik4PC-e16Eu5kxulgz6fY2J5fevhJNgz4BPCgL_wKGJ9f-mpHQojFY0J9LHnn92zsXY7JWlgvJ2p-q2jTwMibqsShl69pPQ0zvoFeTEfbqEVCmC_XTo0B-OF3gDc0pHfp-IeYP1-vtoe44qZvdf0LzPIL6Hu7l0fF2qDJBEkiRaIk08cswmvuWEQ","refresh_token":"47db756d-0621-4b3e-8af2-716da3680e7a","token_type":"Bearer","expires_in":86400}
2023-02-14 11:15:44 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
id_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzMzNiwiZXhwIjoxNjc2NDU5NzM2LCJqdGkiOiI0OWQ3YTkwNi1iYzVkLTQ5ZWMtOTY5NS0yY2ZiOWEyYTIwYjgiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDAsIm5vbmNlIjoidlQ5cGRJRnQ5TyJ9.PJ_KbrM06-tefTIQ2tehy8LQ_nMCJ2ydS0jvAwHVTLIlUAN4mdYKTSEDUdA3ovSz1OvfjGU4J2WK87rPQbxJ8LWTFZLzxGdW_Vb_ZGkMyOEk4BwgZasanIQTcftieoW9IsiRHqPYU6ItWiiAxgbfnaPbVOffTl1M9cpuhEGrWppe3_baVh-QRil6zRwwqT8iIRQB5pXIp4D5Lfcxy462UplvFFHVbV3_P5ZryDEHTI-oyaQQPJlLjovbraAiJ4tVBDwsjIIqaajzEObTrSzxIv9FbnTSJJBAD_Me22_U1sO24vfSdFHdPAHqjCZtYmdx3cpfPp-O0ukrEFFAyeoX3Q
access_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzMzNSwiZXhwIjoxNjc2NDU5NzM1LCJqdGkiOiJjOTZmZDE3NC1kMmZjLTRiMzYtOGZjNy0xOWM5NGY0MWU4ZDkifQ.nsbPLg2kUA02J2mzkzkpA20imwBf5K_xfoD7eKq6k6ox79YN25dH1ejo4CwBocZoo79aZyH1qKV3tjfiCW9DsGsbjBkohgileJI-IncJUw8rUZk_MwiWkNk43B6aT0mjiHpsvZ94vlfUXUMDSNFLpmO-Vg-gzfik4PC-e16Eu5kxulgz6fY2J5fevhJNgz4BPCgL_wKGJ9f-mpHQojFY0J9LHnn92zsXY7JWlgvJ2p-q2jTwMibqsShl69pPQ0zvoFeTEfbqEVCmC_XTo0B-OF3gDc0pHfp-IeYP1-vtoe44qZvdf0LzPIL6Hu7l0fF2qDJBEkiRaIk08cswmvuWEQ
refresh_token
47db756d-0621-4b3e-8af2-716da3680e7a
token_type
Bearer
expires_in
86400
2023-02-14 11:15:44 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2023-02-14 11:15:44 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzMzNSwiZXhwIjoxNjc2NDU5NzM1LCJqdGkiOiJjOTZmZDE3NC1kMmZjLTRiMzYtOGZjNy0xOWM5NGY0MWU4ZDkifQ.nsbPLg2kUA02J2mzkzkpA20imwBf5K_xfoD7eKq6k6ox79YN25dH1ejo4CwBocZoo79aZyH1qKV3tjfiCW9DsGsbjBkohgileJI-IncJUw8rUZk_MwiWkNk43B6aT0mjiHpsvZ94vlfUXUMDSNFLpmO-Vg-gzfik4PC-e16Eu5kxulgz6fY2J5fevhJNgz4BPCgL_wKGJ9f-mpHQojFY0J9LHnn92zsXY7JWlgvJ2p-q2jTwMibqsShl69pPQ0zvoFeTEfbqEVCmC_XTo0B-OF3gDc0pHfp-IeYP1-vtoe44qZvdf0LzPIL6Hu7l0fF2qDJBEkiRaIk08cswmvuWEQ
2023-02-14 11:15:44 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzMzNSwiZXhwIjoxNjc2NDU5NzM1LCJqdGkiOiJjOTZmZDE3NC1kMmZjLTRiMzYtOGZjNy0xOWM5NGY0MWU4ZDkifQ.nsbPLg2kUA02J2mzkzkpA20imwBf5K_xfoD7eKq6k6ox79YN25dH1ejo4CwBocZoo79aZyH1qKV3tjfiCW9DsGsbjBkohgileJI-IncJUw8rUZk_MwiWkNk43B6aT0mjiHpsvZ94vlfUXUMDSNFLpmO-Vg-gzfik4PC-e16Eu5kxulgz6fY2J5fevhJNgz4BPCgL_wKGJ9f-mpHQojFY0J9LHnn92zsXY7JWlgvJ2p-q2jTwMibqsShl69pPQ0zvoFeTEfbqEVCmC_XTo0B-OF3gDc0pHfp-IeYP1-vtoe44qZvdf0LzPIL6Hu7l0fF2qDJBEkiRaIk08cswmvuWEQ
type
Bearer
2023-02-14 11:15:44 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
86400
2023-02-14 11:15:44 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
86400
2023-02-14 11:15:44 SUCCESS
CheckForRefreshTokenValue
Found a refresh token
refresh_token
47db756d-0621-4b3e-8af2-716da3680e7a
2023-02-14 11:15:44 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzMzNiwiZXhwIjoxNjc2NDU5NzM2LCJqdGkiOiI0OWQ3YTkwNi1iYzVkLTQ5ZWMtOTY5NS0yY2ZiOWEyYTIwYjgiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDAsIm5vbmNlIjoidlQ5cGRJRnQ5TyJ9.PJ_KbrM06-tefTIQ2tehy8LQ_nMCJ2ydS0jvAwHVTLIlUAN4mdYKTSEDUdA3ovSz1OvfjGU4J2WK87rPQbxJ8LWTFZLzxGdW_Vb_ZGkMyOEk4BwgZasanIQTcftieoW9IsiRHqPYU6ItWiiAxgbfnaPbVOffTl1M9cpuhEGrWppe3_baVh-QRil6zRwwqT8iIRQB5pXIp4D5Lfcxy462UplvFFHVbV3_P5ZryDEHTI-oyaQQPJlLjovbraAiJ4tVBDwsjIIqaajzEObTrSzxIv9FbnTSJJBAD_Me22_U1sO24vfSdFHdPAHqjCZtYmdx3cpfPp-O0ukrEFFAyeoX3Q
header
{
  "kid": "mnbvcxz",
  "alg": "RS512"
}
claims
{
  "sub": "PORTAL|AUGUSTUSER|TAMILGCIF15|Customer",
  "aud": "VT1002",
  "updated_at": 1659292200,
  "scope": "openid",
  "auth_time": 1676372806,
  "iss": "https://d26c3ruhv16ewi.cloudfront.net",
  "exp": 1676459736,
  "iat": 1676373336,
  "nonce": "vT9pdIFt9O",
  "jti": "49d7a906-bc5d-49ec-9695-2cfb9a2a20b8"
}
2023-02-14 11:15:44 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2023-02-14 11:15:44
ValidateIdTokenStandardClaims
sub is a string with content
2023-02-14 11:15:44
ValidateIdTokenStandardClaims
updated_at is a number
2023-02-14 11:15:44
ValidateIdTokenStandardClaims
Skipping unknown claim: scope
2023-02-14 11:15:44 SUCCESS
ValidateIdTokenStandardClaims
id_token claims are valid
2023-02-14 11:15:44 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
vT9pdIFt9O
2023-02-14 11:15:44 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2023-02-14 11:15:44 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzMzNiwiZXhwIjoxNjc2NDU5NzM2LCJqdGkiOiI0OWQ3YTkwNi1iYzVkLTQ5ZWMtOTY5NS0yY2ZiOWEyYTIwYjgiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDAsIm5vbmNlIjoidlQ5cGRJRnQ5TyJ9.PJ_KbrM06-tefTIQ2tehy8LQ_nMCJ2ydS0jvAwHVTLIlUAN4mdYKTSEDUdA3ovSz1OvfjGU4J2WK87rPQbxJ8LWTFZLzxGdW_Vb_ZGkMyOEk4BwgZasanIQTcftieoW9IsiRHqPYU6ItWiiAxgbfnaPbVOffTl1M9cpuhEGrWppe3_baVh-QRil6zRwwqT8iIRQB5pXIp4D5Lfcxy462UplvFFHVbV3_P5ZryDEHTI-oyaQQPJlLjovbraAiJ4tVBDwsjIIqaajzEObTrSzxIv9FbnTSJJBAD_Me22_U1sO24vfSdFHdPAHqjCZtYmdx3cpfPp-O0ukrEFFAyeoX3Q
2023-02-14 11:15:44 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzMzNiwiZXhwIjoxNjc2NDU5NzM2LCJqdGkiOiI0OWQ3YTkwNi1iYzVkLTQ5ZWMtOTY5NS0yY2ZiOWEyYTIwYjgiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDAsIm5vbmNlIjoidlQ5cGRJRnQ5TyJ9.PJ_KbrM06-tefTIQ2tehy8LQ_nMCJ2ydS0jvAwHVTLIlUAN4mdYKTSEDUdA3ovSz1OvfjGU4J2WK87rPQbxJ8LWTFZLzxGdW_Vb_ZGkMyOEk4BwgZasanIQTcftieoW9IsiRHqPYU6ItWiiAxgbfnaPbVOffTl1M9cpuhEGrWppe3_baVh-QRil6zRwwqT8iIRQB5pXIp4D5Lfcxy462UplvFFHVbV3_P5ZryDEHTI-oyaQQPJlLjovbraAiJ4tVBDwsjIIqaajzEObTrSzxIv9FbnTSJJBAD_Me22_U1sO24vfSdFHdPAHqjCZtYmdx3cpfPp-O0ukrEFFAyeoX3Q
2023-02-14 11:15:44 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
PORTAL|AUGUSTUSER|TAMILGCIF15|Customer
2023-02-14 11:15:44
EnsureIdTokenUpdatedAtValid
id_token response does not contain 'updated_at'
2023-02-14 11:15:44 INFO
ValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2023-02-14 11:15:44 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
47db756d-0621-4b3e-8af2-716da3680e7a
2023-02-14 11:15:44 SUCCESS
EnsureServerConfigurationSupportsRefreshToken
The server configuration indicates support for refresh tokens
supported_grant_types
[
  "authorization_code",
  "refresh_token",
  "client_credentials",
  "password"
]
2023-02-14 11:15:44 SUCCESS
EnsureRefreshTokenContainsAllowedCharactersOnly
Refresh token does not contain any illegal characters
Refresh Token Request
2023-02-14 11:15:44 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
47db756d-0621-4b3e-8af2-716da3680e7a
2023-02-14 11:15:44 SUCCESS
AddScopeToTokenEndpointRequest
Added scope of 'openid' to token endpoint request
grant_type
refresh_token
refresh_token
47db756d-0621-4b3e-8af2-716da3680e7a
scope
openid
2023-02-14 11:15:44 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic VlQxMDAyOjBlODU3YzFkLTVmMjAtNGMwNy05NmUzLWJhNThiY2U3NzgzYg==
2023-02-14 11:15:44 SUCCESS
WaitForOneSecond
Pausing for 1 seconds
2023-02-14 11:15:45 SUCCESS
WaitForOneSecond
Woke up after 1 seconds sleep
2023-02-14 11:15:45
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/token
request_method
POST
request_headers
{
  "accept": "application/json",
  "authorization": "Basic VlQxMDAyOjBlODU3YzFkLTVmMjAtNGMwNy05NmUzLWJhNThiY2U3NzgzYg\u003d\u003d",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "88"
}
request_body
grant_type=refresh_token&refresh_token=47db756d-0621-4b3e-8af2-716da3680e7a&scope=openid
2023-02-14 11:15:45 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-type": "application/json",
  "transfer-encoding": "chunked",
  "connection": "keep-alive",
  "vary": [
    "Accept-Encoding",
    "Origin,Access-Control-Request-Method,Access-Control-Request-Headers"
  ],
  "date": "Tue, 14 Feb 2023 11:15:45 GMT",
  "x-amzn-requestid": "f24d85ce-204f-423d-8f11-6d9447df5031",
  "x-xss-protection": "1; mode\u003dblock",
  "x-frame-options": "DENY",
  "x-envoy-upstream-service-time": "303",
  "x-amzn-remapped-connection": "keep-alive",
  "x-amz-apigw-id": "AU4HSEbSBcwFaFQ\u003d",
  "cache-control": "no-store",
  "x-amzn-remapped-server": "istio-envoy",
  "x-content-type-options": "nosniff",
  "pragma": "no-cache",
  "x-amzn-remapped-date": "Tue, 14 Feb 2023 11:15:45 GMT",
  "x-cache": "Miss from cloudfront",
  "via": "1.1 6fc0aea2429e74e0c91886621936d56a.cloudfront.net (CloudFront)",
  "x-amz-cf-pop": "MIA3-C4",
  "x-amz-cf-id": "YFZQQJDQZjEpCPSJaLanDxAAkChJCHLGXah4j-qK_FpTEqQmLgSLrg\u003d\u003d"
}
response_body
{"id_token":"eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM0NSwiZXhwIjoxNjc2NDU5NzQ1LCJqdGkiOiI2ZGQ2N2Q3Mi05MTA4LTQ1YjAtYWNjZi00OTQ5NWU4MDIwMGIiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDB9.N9FaFg1ej3eapdF-Jds0jFojUTP6q0Hdk5EKbleSdTMbwsMK66fYjmqlYlNCWm7qk1E9fmRwGpxUX5VmB47r1l27wJgmfDM0GplWVFyBLhErRgQTyGNmBUsS4j_6lZJct-DuyMA856dDe1X0sUqyFlmzj783YSLRT9hUb2gRkS86kUZRKmigGpiLtv7oIjjm8sxnFhsgBs1-orzWJNjzChwzeAcekskNJNLFDM2eV4la71qkirtRqE2QG5ROfKldwkncNmaMsbJBSrU-geen4FrWAi5YfCBm0yxC9qIrvw-PkFctCr9lk69vYMaQmyGzytZe_Vzj-_NUrj4OL-mZLg","access_token":"eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM0NSwiZXhwIjoxNjc2NDU5NzQ1LCJqdGkiOiI4NTVjNDY4ZS1jNTg5LTRmMTMtOTI0My1hYjg5NDQ0MjRlNGQifQ.efSSzxoHhEZqYx_v06JbCYk7s58bRgvaO4rLIPeiP4mD-3tJWH1vhfgQmJxZSWNIlm1D2VuBjwRsXmKLV6Wh5i7Bgo5Fvbb5MiL3r6DL9FqB9xaPcXGaPeXOJiWPdBjuHJIGrmrPrJgb3UJV4deEHZG8lLY5_PgvuKn_CvGJFA5PAilmAgyboC6J-HW0FPmxWCqP1gle_dQu-ySmH44V9Tz6j22w0CbJHzEs-2072fecUqprJ_B7zpZ5lf5DvosvvVy7a3YFmON7UUduAZC0Z3GIsz4Pw1p4bNA-CCcpLS7AY2SeGC2Im4I10kCEymR5JL8jWBkqJpmDS-CM18iVkA","refresh_token":"ee550e8f-ac34-4cbf-941d-4c95389e1bf5","token_type":"Bearer","expires_in":86400}
2023-02-14 11:15:45 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
id_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM0NSwiZXhwIjoxNjc2NDU5NzQ1LCJqdGkiOiI2ZGQ2N2Q3Mi05MTA4LTQ1YjAtYWNjZi00OTQ5NWU4MDIwMGIiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDB9.N9FaFg1ej3eapdF-Jds0jFojUTP6q0Hdk5EKbleSdTMbwsMK66fYjmqlYlNCWm7qk1E9fmRwGpxUX5VmB47r1l27wJgmfDM0GplWVFyBLhErRgQTyGNmBUsS4j_6lZJct-DuyMA856dDe1X0sUqyFlmzj783YSLRT9hUb2gRkS86kUZRKmigGpiLtv7oIjjm8sxnFhsgBs1-orzWJNjzChwzeAcekskNJNLFDM2eV4la71qkirtRqE2QG5ROfKldwkncNmaMsbJBSrU-geen4FrWAi5YfCBm0yxC9qIrvw-PkFctCr9lk69vYMaQmyGzytZe_Vzj-_NUrj4OL-mZLg
access_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM0NSwiZXhwIjoxNjc2NDU5NzQ1LCJqdGkiOiI4NTVjNDY4ZS1jNTg5LTRmMTMtOTI0My1hYjg5NDQ0MjRlNGQifQ.efSSzxoHhEZqYx_v06JbCYk7s58bRgvaO4rLIPeiP4mD-3tJWH1vhfgQmJxZSWNIlm1D2VuBjwRsXmKLV6Wh5i7Bgo5Fvbb5MiL3r6DL9FqB9xaPcXGaPeXOJiWPdBjuHJIGrmrPrJgb3UJV4deEHZG8lLY5_PgvuKn_CvGJFA5PAilmAgyboC6J-HW0FPmxWCqP1gle_dQu-ySmH44V9Tz6j22w0CbJHzEs-2072fecUqprJ_B7zpZ5lf5DvosvvVy7a3YFmON7UUduAZC0Z3GIsz4Pw1p4bNA-CCcpLS7AY2SeGC2Im4I10kCEymR5JL8jWBkqJpmDS-CM18iVkA
refresh_token
ee550e8f-ac34-4cbf-941d-4c95389e1bf5
token_type
Bearer
expires_in
86400
2023-02-14 11:15:45 SUCCESS
CheckTokenEndpointHttpStatus200
Token endpoint http status code was 200
2023-02-14 11:15:45 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2023-02-14 11:15:45 SUCCESS
CheckTokenEndpointCacheHeaders
'cache-control' header in token endpoint response contains expected value.
cache_control_header
no-store
2023-02-14 11:15:45 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2023-02-14 11:15:45 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM0NSwiZXhwIjoxNjc2NDU5NzQ1LCJqdGkiOiI4NTVjNDY4ZS1jNTg5LTRmMTMtOTI0My1hYjg5NDQ0MjRlNGQifQ.efSSzxoHhEZqYx_v06JbCYk7s58bRgvaO4rLIPeiP4mD-3tJWH1vhfgQmJxZSWNIlm1D2VuBjwRsXmKLV6Wh5i7Bgo5Fvbb5MiL3r6DL9FqB9xaPcXGaPeXOJiWPdBjuHJIGrmrPrJgb3UJV4deEHZG8lLY5_PgvuKn_CvGJFA5PAilmAgyboC6J-HW0FPmxWCqP1gle_dQu-ySmH44V9Tz6j22w0CbJHzEs-2072fecUqprJ_B7zpZ5lf5DvosvvVy7a3YFmON7UUduAZC0Z3GIsz4Pw1p4bNA-CCcpLS7AY2SeGC2Im4I10kCEymR5JL8jWBkqJpmDS-CM18iVkA
type
Bearer
2023-02-14 11:15:45 SUCCESS
CheckTokenTypeIsBearer
Token type is bearer
2023-02-14 11:15:45 SUCCESS
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
actual
3867.7293204185007
expected
96.0
value
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM0NSwiZXhwIjoxNjc2NDU5NzQ1LCJqdGkiOiI4NTVjNDY4ZS1jNTg5LTRmMTMtOTI0My1hYjg5NDQ0MjRlNGQifQ.efSSzxoHhEZqYx_v06JbCYk7s58bRgvaO4rLIPeiP4mD-3tJWH1vhfgQmJxZSWNIlm1D2VuBjwRsXmKLV6Wh5i7Bgo5Fvbb5MiL3r6DL9FqB9xaPcXGaPeXOJiWPdBjuHJIGrmrPrJgb3UJV4deEHZG8lLY5_PgvuKn_CvGJFA5PAilmAgyboC6J-HW0FPmxWCqP1gle_dQu-ySmH44V9Tz6j22w0CbJHzEs-2072fecUqprJ_B7zpZ5lf5DvosvvVy7a3YFmON7UUduAZC0Z3GIsz4Pw1p4bNA-CCcpLS7AY2SeGC2Im4I10kCEymR5JL8jWBkqJpmDS-CM18iVkA
2023-02-14 11:15:45 SUCCESS
EnsureAccessTokenContainsAllowedCharactersOnly
Access token does not contain any illegal characters
2023-02-14 11:15:45 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
86400
2023-02-14 11:15:45 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
86400
2023-02-14 11:15:45 SUCCESS
EnsureAccessTokenValuesAreDifferent
Access token values are not the same
first_access_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzMzNSwiZXhwIjoxNjc2NDU5NzM1LCJqdGkiOiJjOTZmZDE3NC1kMmZjLTRiMzYtOGZjNy0xOWM5NGY0MWU4ZDkifQ.nsbPLg2kUA02J2mzkzkpA20imwBf5K_xfoD7eKq6k6ox79YN25dH1ejo4CwBocZoo79aZyH1qKV3tjfiCW9DsGsbjBkohgileJI-IncJUw8rUZk_MwiWkNk43B6aT0mjiHpsvZ94vlfUXUMDSNFLpmO-Vg-gzfik4PC-e16Eu5kxulgz6fY2J5fevhJNgz4BPCgL_wKGJ9f-mpHQojFY0J9LHnn92zsXY7JWlgvJ2p-q2jTwMibqsShl69pPQ0zvoFeTEfbqEVCmC_XTo0B-OF3gDc0pHfp-IeYP1-vtoe44qZvdf0LzPIL6Hu7l0fF2qDJBEkiRaIk08cswmvuWEQ
second_access_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM0NSwiZXhwIjoxNjc2NDU5NzQ1LCJqdGkiOiI4NTVjNDY4ZS1jNTg5LTRmMTMtOTI0My1hYjg5NDQ0MjRlNGQifQ.efSSzxoHhEZqYx_v06JbCYk7s58bRgvaO4rLIPeiP4mD-3tJWH1vhfgQmJxZSWNIlm1D2VuBjwRsXmKLV6Wh5i7Bgo5Fvbb5MiL3r6DL9FqB9xaPcXGaPeXOJiWPdBjuHJIGrmrPrJgb3UJV4deEHZG8lLY5_PgvuKn_CvGJFA5PAilmAgyboC6J-HW0FPmxWCqP1gle_dQu-ySmH44V9Tz6j22w0CbJHzEs-2072fecUqprJ_B7zpZ5lf5DvosvvVy7a3YFmON7UUduAZC0Z3GIsz4Pw1p4bNA-CCcpLS7AY2SeGC2Im4I10kCEymR5JL8jWBkqJpmDS-CM18iVkA
2023-02-14 11:15:45 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM0NSwiZXhwIjoxNjc2NDU5NzQ1LCJqdGkiOiI2ZGQ2N2Q3Mi05MTA4LTQ1YjAtYWNjZi00OTQ5NWU4MDIwMGIiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDB9.N9FaFg1ej3eapdF-Jds0jFojUTP6q0Hdk5EKbleSdTMbwsMK66fYjmqlYlNCWm7qk1E9fmRwGpxUX5VmB47r1l27wJgmfDM0GplWVFyBLhErRgQTyGNmBUsS4j_6lZJct-DuyMA856dDe1X0sUqyFlmzj783YSLRT9hUb2gRkS86kUZRKmigGpiLtv7oIjjm8sxnFhsgBs1-orzWJNjzChwzeAcekskNJNLFDM2eV4la71qkirtRqE2QG5ROfKldwkncNmaMsbJBSrU-geen4FrWAi5YfCBm0yxC9qIrvw-PkFctCr9lk69vYMaQmyGzytZe_Vzj-_NUrj4OL-mZLg
header
{
  "kid": "mnbvcxz",
  "alg": "RS512"
}
claims
{
  "sub": "PORTAL|AUGUSTUSER|TAMILGCIF15|Customer",
  "aud": "VT1002",
  "updated_at": 1659292200,
  "scope": "openid",
  "auth_time": 1676372806,
  "iss": "https://d26c3ruhv16ewi.cloudfront.net",
  "exp": 1676459745,
  "iat": 1676373345,
  "jti": "6dd67d72-9108-45b0-accf-49495e80200b"
}
2023-02-14 11:15:45 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
ee550e8f-ac34-4cbf-941d-4c95389e1bf5
2023-02-14 11:15:45 SUCCESS
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
actual
288
required
128
2023-02-14 11:15:45 SUCCESS
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
actual
131.85263754543283
expected
96.0
value
ee550e8f-ac34-4cbf-941d-4c95389e1bf5
2023-02-14 11:15:45 SUCCESS
CompareIdTokenClaims
Validated id token claims successfully
iss
{
  "first": "https://d26c3ruhv16ewi.cloudfront.net",
  "second": "https://d26c3ruhv16ewi.cloudfront.net",
  "note": "Values are expected to be equal"
}
sub
{
  "first": "PORTAL|AUGUSTUSER|TAMILGCIF15|Customer",
  "second": "PORTAL|AUGUSTUSER|TAMILGCIF15|Customer",
  "note": "Values are expected to be equal"
}
iat
{
  "first": 1676373336,
  "second": 1676373345,
  "note": "Values are expected to be different"
}
aud
{
  "first": "VT1002",
  "second": "VT1002",
  "note": "Values are expected to be equal"
}
auth_time
{
  "first": 1676372806,
  "second": 1676372806,
  "note": "Values are expected to be equal"
}
azp
Id tokens do not contain azp claims
Userinfo endpoint tests
2023-02-14 11:15:45
CallProtectedResource
HTTP request
request_uri
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-auth/authorization-service/service/vtiam/api/v5.0/authz/userinfo
request_method
GET
request_headers
{
  "accept": "application/json",
  "authorization": "Bearer eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDAyIiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM0NSwiZXhwIjoxNjc2NDU5NzQ1LCJqdGkiOiI4NTVjNDY4ZS1jNTg5LTRmMTMtOTI0My1hYjg5NDQ0MjRlNGQifQ.efSSzxoHhEZqYx_v06JbCYk7s58bRgvaO4rLIPeiP4mD-3tJWH1vhfgQmJxZSWNIlm1D2VuBjwRsXmKLV6Wh5i7Bgo5Fvbb5MiL3r6DL9FqB9xaPcXGaPeXOJiWPdBjuHJIGrmrPrJgb3UJV4deEHZG8lLY5_PgvuKn_CvGJFA5PAilmAgyboC6J-HW0FPmxWCqP1gle_dQu-ySmH44V9Tz6j22w0CbJHzEs-2072fecUqprJ_B7zpZ5lf5DvosvvVy7a3YFmON7UUduAZC0Z3GIsz4Pw1p4bNA-CCcpLS7AY2SeGC2Im4I10kCEymR5JL8jWBkqJpmDS-CM18iVkA",
  "content-length": "0"
}
request_body

                                
2023-02-14 11:15:49 RESPONSE
CallProtectedResource
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-type": "application/json",
  "content-length": "48",
  "connection": "keep-alive",
  "date": "Tue, 14 Feb 2023 11:15:49 GMT",
  "x-amzn-requestid": "6027d38a-4836-4589-98f6-f2fbdcee4e71",
  "x-xss-protection": "1; mode\u003dblock",
  "x-frame-options": "DENY",
  "x-envoy-upstream-service-time": "2920",
  "x-amzn-remapped-connection": "keep-alive",
  "x-amz-apigw-id": "AU4HdGq1hcwFX_Q\u003d",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "x-amzn-remapped-server": "istio-envoy",
  "x-content-type-options": "nosniff",
  "expires": "0",
  "pragma": "no-cache",
  "x-amzn-remapped-date": "Tue, 14 Feb 2023 11:15:49 GMT",
  "x-cache": "Miss from cloudfront",
  "via": "1.1 2d1483219a2d9cbbd8a595180a2cbaa8.cloudfront.net (CloudFront)",
  "x-amz-cf-pop": "MIA3-C4",
  "x-amz-cf-id": "Mlgb6e77Qtl665rxitMCwqNNcYva7gKDUoaseFSeT3t3CcHFykA6JQ\u003d\u003d"
}
response_body
{"sub":"PORTAL|AUGUSTUSER|TAMILGCIF15|Customer"}
2023-02-14 11:15:49 SUCCESS
CallProtectedResource
Got a response from the resource endpoint
status
200
endpoint_name
resource
headers
{
  "content-type": "application/json",
  "content-length": "48",
  "connection": "keep-alive",
  "date": "Tue, 14 Feb 2023 11:15:49 GMT",
  "x-amzn-requestid": "6027d38a-4836-4589-98f6-f2fbdcee4e71",
  "x-xss-protection": "1; mode\u003dblock",
  "x-frame-options": "DENY",
  "x-envoy-upstream-service-time": "2920",
  "x-amzn-remapped-connection": "keep-alive",
  "x-amz-apigw-id": "AU4HdGq1hcwFX_Q\u003d",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "x-amzn-remapped-server": "istio-envoy",
  "x-content-type-options": "nosniff",
  "expires": "0",
  "pragma": "no-cache",
  "x-amzn-remapped-date": "Tue, 14 Feb 2023 11:15:49 GMT",
  "x-cache": "Miss from cloudfront",
  "via": "1.1 2d1483219a2d9cbbd8a595180a2cbaa8.cloudfront.net (CloudFront)",
  "x-amz-cf-pop": "MIA3-C4",
  "x-amz-cf-id": "Mlgb6e77Qtl665rxitMCwqNNcYva7gKDUoaseFSeT3t3CcHFykA6JQ\u003d\u003d"
}
body
{"sub":"PORTAL|AUGUSTUSER|TAMILGCIF15|Customer"}
2023-02-14 11:15:49 SUCCESS
EnsureHttpStatusCodeIs200
resource endpoint returned the expected http status
expected_status
200
http_status
200
Second client: Make request to authorization endpoint
2023-02-14 11:15:49 SUCCESS
CreateAuthorizationEndpointRequestFromClientInformation
Created authorization endpoint request
client_id
VT1004
redirect_uri
https://www.certification.openid.net/test/a/Mindgate_Solutions/callback
scope
openid
2023-02-14 11:15:49
CreateRandomStateValue
Created state value
requested_state_length
10
state
CDo7e1oITZ
2023-02-14 11:15:49 SUCCESS
AddStateToAuthorizationEndpointRequest
Added state parameter to request
client_id
VT1004
redirect_uri
https://www.certification.openid.net/test/a/Mindgate_Solutions/callback
scope
openid
state
CDo7e1oITZ
2023-02-14 11:15:49
CreateRandomNonceValue
Created nonce value
requested_nonce_length
10
nonce
rHPsLZ3FlC
2023-02-14 11:15:49 SUCCESS
AddNonceToAuthorizationEndpointRequest
Added nonce parameter to request
client_id
VT1004
redirect_uri
https://www.certification.openid.net/test/a/Mindgate_Solutions/callback
scope
openid
state
CDo7e1oITZ
nonce
rHPsLZ3FlC
2023-02-14 11:15:49 SUCCESS
SetAuthorizationEndpointRequestResponseTypeFromEnvironment
Added response_type parameter to request
client_id
VT1004
redirect_uri
https://www.certification.openid.net/test/a/Mindgate_Solutions/callback
scope
openid
state
CDo7e1oITZ
nonce
rHPsLZ3FlC
response_type
code
2023-02-14 11:15:49 SUCCESS
AddPromptConsentToAuthorizationEndpointRequestIfScopeContainsOfflineAccess
Not adding prompt=consent as the scope in the configuration does not contain offline_access
2023-02-14 11:15:49 SUCCESS
BuildPlainRedirectToAuthorizationEndpoint
Sending to authorization endpoint
auth_request
{
  "client_id": "VT1004",
  "redirect_uri": "https://www.certification.openid.net/test/a/Mindgate_Solutions/callback",
  "scope": "openid",
  "state": "CDo7e1oITZ",
  "nonce": "rHPsLZ3FlC",
  "response_type": "code"
}
redirect_to_authorization_endpoint
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/authorize?client_id=VT1004&redirect_uri=https://www.certification.openid.net/test/a/Mindgate_Solutions/callback&scope=openid&state=CDo7e1oITZ&nonce=rHPsLZ3FlC&response_type=code
2023-02-14 11:15:49 REDIRECT
oidcc-refresh-token
Redirecting to authorization endpoint
redirect_to
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/authorize?client_id=VT1004&redirect_uri=https://www.certification.openid.net/test/a/Mindgate_Solutions/callback&scope=openid&state=CDo7e1oITZ&nonce=rHPsLZ3FlC&response_type=code
2023-02-14 11:16:04 INCOMING
oidcc-refresh-token
Incoming HTTP request to /test/a/Mindgate_Solutions/callback
incoming_headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "sec-ch-ua-mobile": "?0",
  "sec-ch-ua-platform": "\"Windows\"",
  "referer": "https://www.certification.openid.net/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9",
  "cookie": "__utmc\u003d201319536; __utma\u003d201319536.1403859992.1675923923.1676019700.1676300592.3; __utmz\u003d201319536.1676300592.3.2.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d917F0DD171FF8F27534568E73C5AF418",
  "connection": "close"
}
incoming_path
/test/a/Mindgate_Solutions/callback
incoming_body_form_params
incoming_method
GET
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{
  "code": "ff15ea79-cde3-4fb1-9f6f-c1c65ee64472",
  "state": "CDo7e1oITZ"
}
incoming_body
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json
2023-02-14 11:16:04 SUCCESS
CreateRandomImplicitSubmitUrl
Created random implicit submission URL
implicit_submit
{
  "path": "implicit/kLWpQPB4mokR4pUnmruj",
  "fullUrl": "https://www.certification.openid.net/test/a/Mindgate_Solutions/implicit/kLWpQPB4mokR4pUnmruj"
}
2023-02-14 11:16:04 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance 0RJXt2YplxEKZ0a
outgoing
ModelAndView [view="implicitCallback"; model={implicitSubmitUrl=https://www.certification.openid.net/test/a/Mindgate_Solutions/implicit/kLWpQPB4mokR4pUnmruj, returnUrl=/log-detail.html?log=0RJXt2YplxEKZ0a}]
outgoing_path
callback
2023-02-14 11:16:06 INCOMING
oidcc-refresh-token
Incoming HTTP request to /test/a/Mindgate_Solutions/implicit/kLWpQPB4mokR4pUnmruj
incoming_headers
{
  "host": "www.certification.openid.net",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "accept": "*/*",
  "content-type": "text/plain",
  "x-requested-with": "XMLHttpRequest",
  "sec-ch-ua-mobile": "?0",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "sec-ch-ua-platform": "\"Windows\"",
  "origin": "https://www.certification.openid.net",
  "sec-fetch-site": "same-origin",
  "sec-fetch-mode": "cors",
  "sec-fetch-dest": "empty",
  "referer": "https://www.certification.openid.net/test/a/Mindgate_Solutions/callback?code\u003dff15ea79-cde3-4fb1-9f6f-c1c65ee64472\u0026state\u003dCDo7e1oITZ",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9",
  "cookie": "__utmc\u003d201319536; __utma\u003d201319536.1403859992.1675923923.1676019700.1676300592.3; __utmz\u003d201319536.1676300592.3.2.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d917F0DD171FF8F27534568E73C5AF418",
  "connection": "close",
  "content-length": "0"
}
incoming_path
/test/a/Mindgate_Solutions/implicit/kLWpQPB4mokR4pUnmruj
incoming_body_form_params
incoming_method
POST
incoming_tls_version
TLSv1.2
incoming_tls_cert
incoming_query_string_params
{}
incoming_body
incoming_tls_chain
[
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL",
  "CONFORMANCE_SUITE_JSON_NULL"
]
incoming_tls_cipher
ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json
2023-02-14 11:16:06 OUTGOING
oidcc-refresh-token
Response to HTTP request to test instance 0RJXt2YplxEKZ0a
outgoing_status_code
204
outgoing_headers
{}
outgoing_body

                                
outgoing_path
implicit/kLWpQPB4mokR4pUnmruj
2023-02-14 11:16:06 SUCCESS
ExtractImplicitHashToCallbackResponse
implicit_hash is empty
2023-02-14 11:16:06 REDIRECT-IN
oidcc-refresh-token
Authorization endpoint response captured
url_query
{
  "code": "ff15ea79-cde3-4fb1-9f6f-c1c65ee64472",
  "state": "CDo7e1oITZ"
}
headers
{
  "host": "www.certification.openid.net",
  "upgrade-insecure-requests": "1",
  "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
  "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,*/*;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.9",
  "sec-fetch-site": "cross-site",
  "sec-fetch-mode": "navigate",
  "sec-fetch-user": "?1",
  "sec-fetch-dest": "document",
  "sec-ch-ua": "\"Google Chrome\";v\u003d\"107\", \"Chromium\";v\u003d\"107\", \"Not\u003dA?Brand\";v\u003d\"24\"",
  "sec-ch-ua-mobile": "?0",
  "sec-ch-ua-platform": "\"Windows\"",
  "referer": "https://www.certification.openid.net/",
  "accept-encoding": "gzip, deflate, br",
  "accept-language": "en-US,en;q\u003d0.9",
  "cookie": "__utmc\u003d201319536; __utma\u003d201319536.1403859992.1675923923.1676019700.1676300592.3; __utmz\u003d201319536.1676300592.3.2.utmcsr\u003dgoogle|utmccn\u003d(organic)|utmcmd\u003dorganic|utmctr\u003d(not%20provided); JSESSIONID\u003d917F0DD171FF8F27534568E73C5AF418",
  "x-ssl-cipher": "ECDHE-RSA-AES128-GCM-SHA256",
  "x-ssl-protocol": "TLSv1.2",
  "x-forwarded-proto": "https",
  "x-forwarded-port": "443",
  "connection": "close",
  "x-forwarded-host": "www.certification.openid.net",
  "x-forwarded-server": "www.certification.openid.net"
}
http_method
GET
url_fragment
{}
post_body
Second client: Verify authorization endpoint response
2023-02-14 11:16:06 SUCCESS
CheckMatchingCallbackParameters
Callback parameters successfully verified
2023-02-14 11:16:06
ValidateIssInAuthorizationResponse
No 'iss' value in authorization response.
2023-02-14 11:16:06 SUCCESS
CheckIfAuthorizationEndpointError
No error from authorization endpoint
2023-02-14 11:16:06 SUCCESS
CheckStateInAuthorizationResponse
State in response correctly returned
state
CDo7e1oITZ
2023-02-14 11:16:06 SUCCESS
ExtractAuthorizationCodeFromAuthorizationResponse
Found authorization code
code
ff15ea79-cde3-4fb1-9f6f-c1c65ee64472
2023-02-14 11:16:06 SUCCESS
CreateTokenEndpointRequestForAuthorizationCodeGrant
Created token endpoint request
grant_type
authorization_code
code
ff15ea79-cde3-4fb1-9f6f-c1c65ee64472
redirect_uri
https://www.certification.openid.net/test/a/Mindgate_Solutions/callback
2023-02-14 11:16:06 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic VlQxMDA0OmUxYmYzZGNhLTE3YTctNDBjMS04ODVlLTBhYTUxYTQzNjNhMg==
2023-02-14 11:16:06
CallTokenEndpoint
HTTP request
request_uri
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/token
request_method
POST
request_headers
{
  "accept": "application/json",
  "authorization": "Basic VlQxMDA0OmUxYmYzZGNhLTE3YTctNDBjMS04ODVlLTBhYTUxYTQzNjNhMg\u003d\u003d",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "170"
}
request_body
grant_type=authorization_code&code=ff15ea79-cde3-4fb1-9f6f-c1c65ee64472&redirect_uri=https%3A%2F%2Fwww.certification.openid.net%2Ftest%2Fa%2FMindgate_Solutions%2Fcallback
2023-02-14 11:16:07 RESPONSE
CallTokenEndpoint
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-type": "application/json",
  "transfer-encoding": "chunked",
  "connection": "keep-alive",
  "vary": [
    "Accept-Encoding",
    "Origin,Access-Control-Request-Method,Access-Control-Request-Headers"
  ],
  "date": "Tue, 14 Feb 2023 11:16:07 GMT",
  "x-amzn-requestid": "2e72caca-c559-4923-8c8e-b03b35ed7e92",
  "x-xss-protection": "1; mode\u003dblock",
  "x-frame-options": "DENY",
  "x-envoy-upstream-service-time": "233",
  "x-amzn-remapped-connection": "keep-alive",
  "x-amz-apigw-id": "AU4KoGEGBcwFoKQ\u003d",
  "cache-control": "no-store",
  "x-amzn-remapped-server": "istio-envoy",
  "x-content-type-options": "nosniff",
  "pragma": "no-cache",
  "x-amzn-remapped-date": "Tue, 14 Feb 2023 11:16:07 GMT",
  "x-cache": "Miss from cloudfront",
  "via": "1.1 b613a3aa337386f7b6ef8d2aac02e3d6.cloudfront.net (CloudFront)",
  "x-amz-cf-pop": "MIA3-C4",
  "x-amz-cf-id": "HqshDSNAf_g_REWGvReGsfXopinoRaMCSxqAgk2eSKOqYaH0S2PXUA\u003d\u003d"
}
response_body
{"id_token":"eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2NywiZXhwIjoxNjc2NDU5NzY3LCJqdGkiOiJhMDgxOWE3Mi04ZjJhLTRjZjgtOTA1ZS00NmZiODcwZTdmZWYiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDAsIm5vbmNlIjoickhQc0xaM0ZsQyJ9.QJj3Sfu_h6zvwJmEFUOAcRnTgtHrcTrR-XpXAAD26hEdpXYiGtLSbQfhkTmxUJCP3VcCSYVV1armNRoGfPZxEg3Tkxx3p8keIG3CphRNXsD9FqF_M-FGNcM99-30ipQCDkI9pCtO916sFNRhAEBtls95mJnBcUaQANu3zg-5dYJ2h-p1bxufMEDCoHuEHgwy72r_Teor5obkf5tP8TAiai64Ve5T5VW_NqpHNTk7IFghklyXNA4eCfJ348RduroJ3VYNECRTFKeKGR-D1qPZerSUQkamUgkqg7NTSzXHgbSfGVQnXLKfSrdw9Y7vXnA8Jpfgh7nj4L8jzbJWaL5VBg","access_token":"eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2NywiZXhwIjoxNjc2NDU5NzY3LCJqdGkiOiJmY2JmZDU1Zi1mZThkLTQyYTYtYjQyNi1mYmFjMzY4ZjhlZWYifQ.i3hyAKBgF_YCSmcvPVQzQAtJIw7gnoMmUVfWQdo2MdhFh8LNwlzOg-I-my_-LqXqUjbBRcXXHWmLxoig5ECl22K5g7UTu9At7-O_zYLLxoclDGI2BPh4bZzJ34KoX7nsOch_0QRhyj5YseQ5jqcHC-PiAt9hW2ONkoA3TAKERmuMs5YdPYlOfVqgVKKDMe7O4n_2ShOGGzSZ8TuKQSv1uCbcirI5ovGiJEF_GsK2QuAMGyYOwp5LxKmMXqN_-ta5LN5oebf5P2IUpg0UQ91MbSuWPIaZfvRLcCKY8Eu-tNzT-3wpqM_EV4CCbVLU27pFhteNgQnO-fXqR6IK9cVWwQ","refresh_token":"8cbbd7c7-cd0c-4661-aa62-2750cc3eb288","token_type":"Bearer","expires_in":86400}
2023-02-14 11:16:07 SUCCESS
CallTokenEndpoint
Parsed token endpoint response
id_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2NywiZXhwIjoxNjc2NDU5NzY3LCJqdGkiOiJhMDgxOWE3Mi04ZjJhLTRjZjgtOTA1ZS00NmZiODcwZTdmZWYiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDAsIm5vbmNlIjoickhQc0xaM0ZsQyJ9.QJj3Sfu_h6zvwJmEFUOAcRnTgtHrcTrR-XpXAAD26hEdpXYiGtLSbQfhkTmxUJCP3VcCSYVV1armNRoGfPZxEg3Tkxx3p8keIG3CphRNXsD9FqF_M-FGNcM99-30ipQCDkI9pCtO916sFNRhAEBtls95mJnBcUaQANu3zg-5dYJ2h-p1bxufMEDCoHuEHgwy72r_Teor5obkf5tP8TAiai64Ve5T5VW_NqpHNTk7IFghklyXNA4eCfJ348RduroJ3VYNECRTFKeKGR-D1qPZerSUQkamUgkqg7NTSzXHgbSfGVQnXLKfSrdw9Y7vXnA8Jpfgh7nj4L8jzbJWaL5VBg
access_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2NywiZXhwIjoxNjc2NDU5NzY3LCJqdGkiOiJmY2JmZDU1Zi1mZThkLTQyYTYtYjQyNi1mYmFjMzY4ZjhlZWYifQ.i3hyAKBgF_YCSmcvPVQzQAtJIw7gnoMmUVfWQdo2MdhFh8LNwlzOg-I-my_-LqXqUjbBRcXXHWmLxoig5ECl22K5g7UTu9At7-O_zYLLxoclDGI2BPh4bZzJ34KoX7nsOch_0QRhyj5YseQ5jqcHC-PiAt9hW2ONkoA3TAKERmuMs5YdPYlOfVqgVKKDMe7O4n_2ShOGGzSZ8TuKQSv1uCbcirI5ovGiJEF_GsK2QuAMGyYOwp5LxKmMXqN_-ta5LN5oebf5P2IUpg0UQ91MbSuWPIaZfvRLcCKY8Eu-tNzT-3wpqM_EV4CCbVLU27pFhteNgQnO-fXqR6IK9cVWwQ
refresh_token
8cbbd7c7-cd0c-4661-aa62-2750cc3eb288
token_type
Bearer
expires_in
86400
2023-02-14 11:16:07 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2023-02-14 11:16:07 SUCCESS
CheckForAccessTokenValue
Found an access token
access_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2NywiZXhwIjoxNjc2NDU5NzY3LCJqdGkiOiJmY2JmZDU1Zi1mZThkLTQyYTYtYjQyNi1mYmFjMzY4ZjhlZWYifQ.i3hyAKBgF_YCSmcvPVQzQAtJIw7gnoMmUVfWQdo2MdhFh8LNwlzOg-I-my_-LqXqUjbBRcXXHWmLxoig5ECl22K5g7UTu9At7-O_zYLLxoclDGI2BPh4bZzJ34KoX7nsOch_0QRhyj5YseQ5jqcHC-PiAt9hW2ONkoA3TAKERmuMs5YdPYlOfVqgVKKDMe7O4n_2ShOGGzSZ8TuKQSv1uCbcirI5ovGiJEF_GsK2QuAMGyYOwp5LxKmMXqN_-ta5LN5oebf5P2IUpg0UQ91MbSuWPIaZfvRLcCKY8Eu-tNzT-3wpqM_EV4CCbVLU27pFhteNgQnO-fXqR6IK9cVWwQ
2023-02-14 11:16:07 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2NywiZXhwIjoxNjc2NDU5NzY3LCJqdGkiOiJmY2JmZDU1Zi1mZThkLTQyYTYtYjQyNi1mYmFjMzY4ZjhlZWYifQ.i3hyAKBgF_YCSmcvPVQzQAtJIw7gnoMmUVfWQdo2MdhFh8LNwlzOg-I-my_-LqXqUjbBRcXXHWmLxoig5ECl22K5g7UTu9At7-O_zYLLxoclDGI2BPh4bZzJ34KoX7nsOch_0QRhyj5YseQ5jqcHC-PiAt9hW2ONkoA3TAKERmuMs5YdPYlOfVqgVKKDMe7O4n_2ShOGGzSZ8TuKQSv1uCbcirI5ovGiJEF_GsK2QuAMGyYOwp5LxKmMXqN_-ta5LN5oebf5P2IUpg0UQ91MbSuWPIaZfvRLcCKY8Eu-tNzT-3wpqM_EV4CCbVLU27pFhteNgQnO-fXqR6IK9cVWwQ
type
Bearer
2023-02-14 11:16:07 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
86400
2023-02-14 11:16:07 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
86400
2023-02-14 11:16:07 SUCCESS
CheckForRefreshTokenValue
Found a refresh token
refresh_token
8cbbd7c7-cd0c-4661-aa62-2750cc3eb288
2023-02-14 11:16:07 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2NywiZXhwIjoxNjc2NDU5NzY3LCJqdGkiOiJhMDgxOWE3Mi04ZjJhLTRjZjgtOTA1ZS00NmZiODcwZTdmZWYiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDAsIm5vbmNlIjoickhQc0xaM0ZsQyJ9.QJj3Sfu_h6zvwJmEFUOAcRnTgtHrcTrR-XpXAAD26hEdpXYiGtLSbQfhkTmxUJCP3VcCSYVV1armNRoGfPZxEg3Tkxx3p8keIG3CphRNXsD9FqF_M-FGNcM99-30ipQCDkI9pCtO916sFNRhAEBtls95mJnBcUaQANu3zg-5dYJ2h-p1bxufMEDCoHuEHgwy72r_Teor5obkf5tP8TAiai64Ve5T5VW_NqpHNTk7IFghklyXNA4eCfJ348RduroJ3VYNECRTFKeKGR-D1qPZerSUQkamUgkqg7NTSzXHgbSfGVQnXLKfSrdw9Y7vXnA8Jpfgh7nj4L8jzbJWaL5VBg
header
{
  "kid": "mnbvcxz",
  "alg": "RS512"
}
claims
{
  "sub": "PORTAL|AUGUSTUSER|TAMILGCIF15|Customer",
  "aud": "VT1004",
  "updated_at": 1659292200,
  "scope": "openid",
  "auth_time": 1676372806,
  "iss": "https://d26c3ruhv16ewi.cloudfront.net",
  "exp": 1676459767,
  "iat": 1676373367,
  "nonce": "rHPsLZ3FlC",
  "jti": "a0819a72-8f2a-4cf8-905e-46fb870e7fef"
}
2023-02-14 11:16:07 SUCCESS
ValidateIdToken
ID token iss, aud, exp, iat, auth_time, acr & nbf claims passed validation checks
2023-02-14 11:16:07
ValidateIdTokenStandardClaims
sub is a string with content
2023-02-14 11:16:07
ValidateIdTokenStandardClaims
updated_at is a number
2023-02-14 11:16:07
ValidateIdTokenStandardClaims
Skipping unknown claim: scope
2023-02-14 11:16:07 SUCCESS
ValidateIdTokenStandardClaims
id_token claims are valid
2023-02-14 11:16:07 SUCCESS
ValidateIdTokenNonce
Nonce values match
nonce
rHPsLZ3FlC
2023-02-14 11:16:07 SUCCESS
ValidateIdTokenACRClaimAgainstRequest
Nothing to check; the conformance suite did not request an acr claim in request object
2023-02-14 11:16:07 SUCCESS
ValidateIdTokenSignature
id_token signature validated
id_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2NywiZXhwIjoxNjc2NDU5NzY3LCJqdGkiOiJhMDgxOWE3Mi04ZjJhLTRjZjgtOTA1ZS00NmZiODcwZTdmZWYiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDAsIm5vbmNlIjoickhQc0xaM0ZsQyJ9.QJj3Sfu_h6zvwJmEFUOAcRnTgtHrcTrR-XpXAAD26hEdpXYiGtLSbQfhkTmxUJCP3VcCSYVV1armNRoGfPZxEg3Tkxx3p8keIG3CphRNXsD9FqF_M-FGNcM99-30ipQCDkI9pCtO916sFNRhAEBtls95mJnBcUaQANu3zg-5dYJ2h-p1bxufMEDCoHuEHgwy72r_Teor5obkf5tP8TAiai64Ve5T5VW_NqpHNTk7IFghklyXNA4eCfJ348RduroJ3VYNECRTFKeKGR-D1qPZerSUQkamUgkqg7NTSzXHgbSfGVQnXLKfSrdw9Y7vXnA8Jpfgh7nj4L8jzbJWaL5VBg
2023-02-14 11:16:07 SUCCESS
ValidateIdTokenSignatureUsingKid
id_token signature validated
id_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2NywiZXhwIjoxNjc2NDU5NzY3LCJqdGkiOiJhMDgxOWE3Mi04ZjJhLTRjZjgtOTA1ZS00NmZiODcwZTdmZWYiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDAsIm5vbmNlIjoickhQc0xaM0ZsQyJ9.QJj3Sfu_h6zvwJmEFUOAcRnTgtHrcTrR-XpXAAD26hEdpXYiGtLSbQfhkTmxUJCP3VcCSYVV1armNRoGfPZxEg3Tkxx3p8keIG3CphRNXsD9FqF_M-FGNcM99-30ipQCDkI9pCtO916sFNRhAEBtls95mJnBcUaQANu3zg-5dYJ2h-p1bxufMEDCoHuEHgwy72r_Teor5obkf5tP8TAiai64Ve5T5VW_NqpHNTk7IFghklyXNA4eCfJ348RduroJ3VYNECRTFKeKGR-D1qPZerSUQkamUgkqg7NTSzXHgbSfGVQnXLKfSrdw9Y7vXnA8Jpfgh7nj4L8jzbJWaL5VBg
2023-02-14 11:16:07 SUCCESS
CheckForSubjectInIdToken
Found 'sub' in id_token
sub
PORTAL|AUGUSTUSER|TAMILGCIF15|Customer
2023-02-14 11:16:07
EnsureIdTokenUpdatedAtValid
id_token response does not contain 'updated_at'
2023-02-14 11:16:07 INFO
ValidateEncryptedIdTokenHasKid
Skipped evaluation due to missing required element: id_token jwe_header
path
jwe_header
mapped
object
id_token
2023-02-14 11:16:07 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
8cbbd7c7-cd0c-4661-aa62-2750cc3eb288
2023-02-14 11:16:07 SUCCESS
EnsureServerConfigurationSupportsRefreshToken
The server configuration indicates support for refresh tokens
supported_grant_types
[
  "authorization_code",
  "refresh_token",
  "client_credentials",
  "password"
]
2023-02-14 11:16:07 SUCCESS
EnsureRefreshTokenContainsAllowedCharactersOnly
Refresh token does not contain any illegal characters
Second client: Refresh Token Request
2023-02-14 11:16:07 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
8cbbd7c7-cd0c-4661-aa62-2750cc3eb288
2023-02-14 11:16:07 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic VlQxMDA0OmUxYmYzZGNhLTE3YTctNDBjMS04ODVlLTBhYTUxYTQzNjNhMg==
2023-02-14 11:16:07 SUCCESS
WaitForOneSecond
Pausing for 1 seconds
2023-02-14 11:16:08 SUCCESS
WaitForOneSecond
Woke up after 1 seconds sleep
2023-02-14 11:16:08
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/token
request_method
POST
request_headers
{
  "accept": "application/json",
  "authorization": "Basic VlQxMDA0OmUxYmYzZGNhLTE3YTctNDBjMS04ODVlLTBhYTUxYTQzNjNhMg\u003d\u003d",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "75"
}
request_body
grant_type=refresh_token&refresh_token=8cbbd7c7-cd0c-4661-aa62-2750cc3eb288
2023-02-14 11:16:09 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-type": "application/json",
  "transfer-encoding": "chunked",
  "connection": "keep-alive",
  "vary": [
    "Accept-Encoding",
    "Origin,Access-Control-Request-Method,Access-Control-Request-Headers"
  ],
  "date": "Tue, 14 Feb 2023 11:16:09 GMT",
  "x-amzn-requestid": "238aaa95-7d87-4f5d-ad69-38622700e067",
  "x-xss-protection": "1; mode\u003dblock",
  "x-frame-options": "DENY",
  "x-envoy-upstream-service-time": "101",
  "x-amzn-remapped-connection": "keep-alive",
  "x-amz-apigw-id": "AU4K8FX6hcwFpGg\u003d",
  "cache-control": "no-store",
  "x-amzn-remapped-server": "istio-envoy",
  "x-content-type-options": "nosniff",
  "pragma": "no-cache",
  "x-amzn-remapped-date": "Tue, 14 Feb 2023 11:16:09 GMT",
  "x-cache": "Miss from cloudfront",
  "via": "1.1 8285570aba5e7b415ddceb68e221bf8a.cloudfront.net (CloudFront)",
  "x-amz-cf-pop": "MIA3-C4",
  "x-amz-cf-id": "P-Ec4KLmhlFYVdaRfhh3PLvqmRivaZ40398P5AJvTZ0qlOsUO9lMBw\u003d\u003d"
}
response_body
{"id_token":"eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2OSwiZXhwIjoxNjc2NDU5NzY5LCJqdGkiOiI5OGYxYTE0ZS1hNjgxLTQ1MDMtYmVhYi0yOTBkNGUxNzIwMDUiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDB9.lMDf84OFwQFpD660JfYP8-l-FX6nxye5mTk9OaI4s-BXCc28ne6mUFm1r03lzmGtV_H6lFtkA07nfrrbdLxAzpyijqziXAPWsuTwNZpIpESXHaI8tjtc7B7anqg8wAbU5FfwNr0Zvcynb7Rs5sIp73TYNVYC_coW4PMqMpLvY6Qra2Lhd5c15V8vCYI81CrJSz5vv9eG58vHhjQzjf8pbdCgYYZv9jT4vEn1REr5dBDdIBlZUHrpYJthRymht8DyqWFA-eMhizM65r7UYIfRUDtBjPzEh_0Cv0VFDEWpQ93REuU6cvVuYGpczLHIF_LLve9ML84wjk5_BymUW2eWgw","access_token":"eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2OSwiZXhwIjoxNjc2NDU5NzY5LCJqdGkiOiI5YmMxOGVkMC02N2NjLTRjMDAtODVkMC1jNTg0MWQ0MjVjMmIifQ.F45vptqyNW-dD9C_fKIgPBDHmUa2My7vO9t7tdjmYZwBKwzJ8_VsaYXzVzMFpIYrJgomasLMvmezWfyWYz9CWoGrIdrphliaZqNOjpvXV7Y_Ajstky0KC8SxFQ2zP1T7vZ3MHZ94U-qHoFShFBMKpRIGc8tBXd5MTFES3_PnNGxskdAGw1_n9s0xmLi_7FmqcGh6G5K-4emLRBsX1Q2IDK_EHpkUU4mQx5kGrG9d8ZfIj3Qz2RNtfor3YTn3GqNMV7dljTzA9_D_fQRus8i1rsvcFXHpSJxG1YSjsTLMd6_YsE-jz256r0hnN6_Ud7-495qZ20oOWsqgG2sFDFiuFw","refresh_token":"41cae752-0296-468c-9153-5b326f68cbf1","token_type":"Bearer","expires_in":86400}
2023-02-14 11:16:09 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
id_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2OSwiZXhwIjoxNjc2NDU5NzY5LCJqdGkiOiI5OGYxYTE0ZS1hNjgxLTQ1MDMtYmVhYi0yOTBkNGUxNzIwMDUiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDB9.lMDf84OFwQFpD660JfYP8-l-FX6nxye5mTk9OaI4s-BXCc28ne6mUFm1r03lzmGtV_H6lFtkA07nfrrbdLxAzpyijqziXAPWsuTwNZpIpESXHaI8tjtc7B7anqg8wAbU5FfwNr0Zvcynb7Rs5sIp73TYNVYC_coW4PMqMpLvY6Qra2Lhd5c15V8vCYI81CrJSz5vv9eG58vHhjQzjf8pbdCgYYZv9jT4vEn1REr5dBDdIBlZUHrpYJthRymht8DyqWFA-eMhizM65r7UYIfRUDtBjPzEh_0Cv0VFDEWpQ93REuU6cvVuYGpczLHIF_LLve9ML84wjk5_BymUW2eWgw
access_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2OSwiZXhwIjoxNjc2NDU5NzY5LCJqdGkiOiI5YmMxOGVkMC02N2NjLTRjMDAtODVkMC1jNTg0MWQ0MjVjMmIifQ.F45vptqyNW-dD9C_fKIgPBDHmUa2My7vO9t7tdjmYZwBKwzJ8_VsaYXzVzMFpIYrJgomasLMvmezWfyWYz9CWoGrIdrphliaZqNOjpvXV7Y_Ajstky0KC8SxFQ2zP1T7vZ3MHZ94U-qHoFShFBMKpRIGc8tBXd5MTFES3_PnNGxskdAGw1_n9s0xmLi_7FmqcGh6G5K-4emLRBsX1Q2IDK_EHpkUU4mQx5kGrG9d8ZfIj3Qz2RNtfor3YTn3GqNMV7dljTzA9_D_fQRus8i1rsvcFXHpSJxG1YSjsTLMd6_YsE-jz256r0hnN6_Ud7-495qZ20oOWsqgG2sFDFiuFw
refresh_token
41cae752-0296-468c-9153-5b326f68cbf1
token_type
Bearer
expires_in
86400
2023-02-14 11:16:09 SUCCESS
CheckTokenEndpointHttpStatus200
Token endpoint http status code was 200
2023-02-14 11:16:09 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2023-02-14 11:16:09 SUCCESS
CheckTokenEndpointCacheHeaders
'cache-control' header in token endpoint response contains expected value.
cache_control_header
no-store
2023-02-14 11:16:09 SUCCESS
CheckIfTokenEndpointResponseError
No error from token endpoint
2023-02-14 11:16:09 SUCCESS
ExtractAccessTokenFromTokenResponse
Extracted the access token
value
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2OSwiZXhwIjoxNjc2NDU5NzY5LCJqdGkiOiI5YmMxOGVkMC02N2NjLTRjMDAtODVkMC1jNTg0MWQ0MjVjMmIifQ.F45vptqyNW-dD9C_fKIgPBDHmUa2My7vO9t7tdjmYZwBKwzJ8_VsaYXzVzMFpIYrJgomasLMvmezWfyWYz9CWoGrIdrphliaZqNOjpvXV7Y_Ajstky0KC8SxFQ2zP1T7vZ3MHZ94U-qHoFShFBMKpRIGc8tBXd5MTFES3_PnNGxskdAGw1_n9s0xmLi_7FmqcGh6G5K-4emLRBsX1Q2IDK_EHpkUU4mQx5kGrG9d8ZfIj3Qz2RNtfor3YTn3GqNMV7dljTzA9_D_fQRus8i1rsvcFXHpSJxG1YSjsTLMd6_YsE-jz256r0hnN6_Ud7-495qZ20oOWsqgG2sFDFiuFw
type
Bearer
2023-02-14 11:16:09 SUCCESS
CheckTokenTypeIsBearer
Token type is bearer
2023-02-14 11:16:09 SUCCESS
EnsureMinimumAccessTokenEntropy
Calculated shannon entropy seems sufficient
actual
3863.0644954781537
expected
96.0
value
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2OSwiZXhwIjoxNjc2NDU5NzY5LCJqdGkiOiI5YmMxOGVkMC02N2NjLTRjMDAtODVkMC1jNTg0MWQ0MjVjMmIifQ.F45vptqyNW-dD9C_fKIgPBDHmUa2My7vO9t7tdjmYZwBKwzJ8_VsaYXzVzMFpIYrJgomasLMvmezWfyWYz9CWoGrIdrphliaZqNOjpvXV7Y_Ajstky0KC8SxFQ2zP1T7vZ3MHZ94U-qHoFShFBMKpRIGc8tBXd5MTFES3_PnNGxskdAGw1_n9s0xmLi_7FmqcGh6G5K-4emLRBsX1Q2IDK_EHpkUU4mQx5kGrG9d8ZfIj3Qz2RNtfor3YTn3GqNMV7dljTzA9_D_fQRus8i1rsvcFXHpSJxG1YSjsTLMd6_YsE-jz256r0hnN6_Ud7-495qZ20oOWsqgG2sFDFiuFw
2023-02-14 11:16:09 SUCCESS
EnsureAccessTokenContainsAllowedCharactersOnly
Access token does not contain any illegal characters
2023-02-14 11:16:09 SUCCESS
ExtractExpiresInFromTokenEndpointResponse
Extracted 'expires_in'
expires_in
86400
2023-02-14 11:16:09 SUCCESS
ValidateExpiresIn
expires_in passed all validation checks
expires_in
86400
2023-02-14 11:16:09 SUCCESS
EnsureAccessTokenValuesAreDifferent
Access token values are not the same
first_access_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2NywiZXhwIjoxNjc2NDU5NzY3LCJqdGkiOiJmY2JmZDU1Zi1mZThkLTQyYTYtYjQyNi1mYmFjMzY4ZjhlZWYifQ.i3hyAKBgF_YCSmcvPVQzQAtJIw7gnoMmUVfWQdo2MdhFh8LNwlzOg-I-my_-LqXqUjbBRcXXHWmLxoig5ECl22K5g7UTu9At7-O_zYLLxoclDGI2BPh4bZzJ34KoX7nsOch_0QRhyj5YseQ5jqcHC-PiAt9hW2ONkoA3TAKERmuMs5YdPYlOfVqgVKKDMe7O4n_2ShOGGzSZ8TuKQSv1uCbcirI5ovGiJEF_GsK2QuAMGyYOwp5LxKmMXqN_-ta5LN5oebf5P2IUpg0UQ91MbSuWPIaZfvRLcCKY8Eu-tNzT-3wpqM_EV4CCbVLU27pFhteNgQnO-fXqR6IK9cVWwQ
second_access_token
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2OSwiZXhwIjoxNjc2NDU5NzY5LCJqdGkiOiI5YmMxOGVkMC02N2NjLTRjMDAtODVkMC1jNTg0MWQ0MjVjMmIifQ.F45vptqyNW-dD9C_fKIgPBDHmUa2My7vO9t7tdjmYZwBKwzJ8_VsaYXzVzMFpIYrJgomasLMvmezWfyWYz9CWoGrIdrphliaZqNOjpvXV7Y_Ajstky0KC8SxFQ2zP1T7vZ3MHZ94U-qHoFShFBMKpRIGc8tBXd5MTFES3_PnNGxskdAGw1_n9s0xmLi_7FmqcGh6G5K-4emLRBsX1Q2IDK_EHpkUU4mQx5kGrG9d8ZfIj3Qz2RNtfor3YTn3GqNMV7dljTzA9_D_fQRus8i1rsvcFXHpSJxG1YSjsTLMd6_YsE-jz256r0hnN6_Ud7-495qZ20oOWsqgG2sFDFiuFw
2023-02-14 11:16:09 SUCCESS
ExtractIdTokenFromTokenResponse
Found and parsed the id_token from token_endpoint_response
value
eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2OSwiZXhwIjoxNjc2NDU5NzY5LCJqdGkiOiI5OGYxYTE0ZS1hNjgxLTQ1MDMtYmVhYi0yOTBkNGUxNzIwMDUiLCJhdXRoX3RpbWUiOjE2NzYzNzI4MDYsInVwZGF0ZWRfYXQiOjE2NTkyOTIyMDB9.lMDf84OFwQFpD660JfYP8-l-FX6nxye5mTk9OaI4s-BXCc28ne6mUFm1r03lzmGtV_H6lFtkA07nfrrbdLxAzpyijqziXAPWsuTwNZpIpESXHaI8tjtc7B7anqg8wAbU5FfwNr0Zvcynb7Rs5sIp73TYNVYC_coW4PMqMpLvY6Qra2Lhd5c15V8vCYI81CrJSz5vv9eG58vHhjQzjf8pbdCgYYZv9jT4vEn1REr5dBDdIBlZUHrpYJthRymht8DyqWFA-eMhizM65r7UYIfRUDtBjPzEh_0Cv0VFDEWpQ93REuU6cvVuYGpczLHIF_LLve9ML84wjk5_BymUW2eWgw
header
{
  "kid": "mnbvcxz",
  "alg": "RS512"
}
claims
{
  "sub": "PORTAL|AUGUSTUSER|TAMILGCIF15|Customer",
  "aud": "VT1004",
  "updated_at": 1659292200,
  "scope": "openid",
  "auth_time": 1676372806,
  "iss": "https://d26c3ruhv16ewi.cloudfront.net",
  "exp": 1676459769,
  "iat": 1676373369,
  "jti": "98f1a14e-a681-4503-beab-290d4e172005"
}
2023-02-14 11:16:09 SUCCESS
ExtractRefreshTokenFromTokenResponse
Extracted refresh token from response
refresh_token
41cae752-0296-468c-9153-5b326f68cbf1
2023-02-14 11:16:09 SUCCESS
EnsureMinimumRefreshTokenLength
Refresh token is of sufficient length
actual
288
required
128
2023-02-14 11:16:09 SUCCESS
EnsureMinimumRefreshTokenEntropy
Calculated shannon entropy seems sufficient
actual
139.09775004326934
expected
96.0
value
41cae752-0296-468c-9153-5b326f68cbf1
2023-02-14 11:16:09 SUCCESS
CompareIdTokenClaims
Validated id token claims successfully
iss
{
  "first": "https://d26c3ruhv16ewi.cloudfront.net",
  "second": "https://d26c3ruhv16ewi.cloudfront.net",
  "note": "Values are expected to be equal"
}
sub
{
  "first": "PORTAL|AUGUSTUSER|TAMILGCIF15|Customer",
  "second": "PORTAL|AUGUSTUSER|TAMILGCIF15|Customer",
  "note": "Values are expected to be equal"
}
iat
{
  "first": 1676373367,
  "second": 1676373369,
  "note": "Values are expected to be different"
}
aud
{
  "first": "VT1004",
  "second": "VT1004",
  "note": "Values are expected to be equal"
}
auth_time
{
  "first": 1676372806,
  "second": 1676372806,
  "note": "Values are expected to be equal"
}
azp
Id tokens do not contain azp claims
Second client: Userinfo endpoint tests
2023-02-14 11:16:09
CallProtectedResource
HTTP request
request_uri
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-auth/authorization-service/service/vtiam/api/v5.0/authz/userinfo
request_method
GET
request_headers
{
  "accept": "application/json",
  "authorization": "Bearer eyJraWQiOiJtbmJ2Y3h6IiwiYWxnIjoiUlM1MTIifQ.eyJzdWIiOiJQT1JUQUx8QVVHVVNUVVNFUnxUQU1JTEdDSUYxNXxDdXN0b21lciIsInNjb3BlIjoib3BlbmlkIiwiYXVkIjoiVlQxMDA0IiwiaXNzIjoiaHR0cHM6Ly9kMjZjM3J1aHYxNmV3aS5jbG91ZGZyb250Lm5ldCIsImlhdCI6MTY3NjM3MzM2OSwiZXhwIjoxNjc2NDU5NzY5LCJqdGkiOiI5YmMxOGVkMC02N2NjLTRjMDAtODVkMC1jNTg0MWQ0MjVjMmIifQ.F45vptqyNW-dD9C_fKIgPBDHmUa2My7vO9t7tdjmYZwBKwzJ8_VsaYXzVzMFpIYrJgomasLMvmezWfyWYz9CWoGrIdrphliaZqNOjpvXV7Y_Ajstky0KC8SxFQ2zP1T7vZ3MHZ94U-qHoFShFBMKpRIGc8tBXd5MTFES3_PnNGxskdAGw1_n9s0xmLi_7FmqcGh6G5K-4emLRBsX1Q2IDK_EHpkUU4mQx5kGrG9d8ZfIj3Qz2RNtfor3YTn3GqNMV7dljTzA9_D_fQRus8i1rsvcFXHpSJxG1YSjsTLMd6_YsE-jz256r0hnN6_Ud7-495qZ20oOWsqgG2sFDFiuFw",
  "content-length": "0"
}
request_body

                                
2023-02-14 11:16:10 RESPONSE
CallProtectedResource
HTTP response
response_status_code
200 OK
response_status_text
OK
response_headers
{
  "content-type": "application/json",
  "content-length": "48",
  "connection": "keep-alive",
  "date": "Tue, 14 Feb 2023 11:16:10 GMT",
  "x-amzn-requestid": "a72bc536-67c2-443c-b2bd-710539cb3e53",
  "x-xss-protection": "1; mode\u003dblock",
  "x-frame-options": "DENY",
  "x-envoy-upstream-service-time": "401",
  "x-amzn-remapped-connection": "keep-alive",
  "x-amz-apigw-id": "AU4LFE7CBcwFjyg\u003d",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "x-amzn-remapped-server": "istio-envoy",
  "x-content-type-options": "nosniff",
  "expires": "0",
  "pragma": "no-cache",
  "x-amzn-remapped-date": "Tue, 14 Feb 2023 11:16:10 GMT",
  "x-cache": "Miss from cloudfront",
  "via": "1.1 3088559317e5c464292d9249b963bdb8.cloudfront.net (CloudFront)",
  "x-amz-cf-pop": "MIA3-C4",
  "x-amz-cf-id": "cKAqnrNXziUImuQA65b0dSPRcF0YZxX2RFhhAeCEktLOz_kn0yZ-fQ\u003d\u003d"
}
response_body
{"sub":"PORTAL|AUGUSTUSER|TAMILGCIF15|Customer"}
2023-02-14 11:16:10 SUCCESS
CallProtectedResource
Got a response from the resource endpoint
status
200
endpoint_name
resource
headers
{
  "content-type": "application/json",
  "content-length": "48",
  "connection": "keep-alive",
  "date": "Tue, 14 Feb 2023 11:16:10 GMT",
  "x-amzn-requestid": "a72bc536-67c2-443c-b2bd-710539cb3e53",
  "x-xss-protection": "1; mode\u003dblock",
  "x-frame-options": "DENY",
  "x-envoy-upstream-service-time": "401",
  "x-amzn-remapped-connection": "keep-alive",
  "x-amz-apigw-id": "AU4LFE7CBcwFjyg\u003d",
  "cache-control": "no-cache, no-store, max-age\u003d0, must-revalidate",
  "x-amzn-remapped-server": "istio-envoy",
  "x-content-type-options": "nosniff",
  "expires": "0",
  "pragma": "no-cache",
  "x-amzn-remapped-date": "Tue, 14 Feb 2023 11:16:10 GMT",
  "x-cache": "Miss from cloudfront",
  "via": "1.1 3088559317e5c464292d9249b963bdb8.cloudfront.net (CloudFront)",
  "x-amz-cf-pop": "MIA3-C4",
  "x-amz-cf-id": "cKAqnrNXziUImuQA65b0dSPRcF0YZxX2RFhhAeCEktLOz_kn0yZ-fQ\u003d\u003d"
}
body
{"sub":"PORTAL|AUGUSTUSER|TAMILGCIF15|Customer"}
2023-02-14 11:16:10 SUCCESS
EnsureHttpStatusCodeIs200
resource endpoint returned the expected http status
expected_status
200
http_status
200
Attempting to use refresh_token issued to client 2 with client 1
2023-02-14 11:16:10 SUCCESS
CreateRefreshTokenRequest
Created token endpoint request parameters
grant_type
refresh_token
refresh_token
41cae752-0296-468c-9153-5b326f68cbf1
2023-02-14 11:16:10 SUCCESS
AddScopeToTokenEndpointRequest
Added scope of 'openid' to token endpoint request
grant_type
refresh_token
refresh_token
41cae752-0296-468c-9153-5b326f68cbf1
scope
openid
2023-02-14 11:16:10 SUCCESS
AddBasicAuthClientSecretAuthenticationParameters
Added basic authorization header
Authorization
Basic VlQxMDAyOjBlODU3YzFkLTVmMjAtNGMwNy05NmUzLWJhNThiY2U3NzgzYg==
2023-02-14 11:16:10
CallTokenEndpointAndReturnFullResponse
HTTP request
request_uri
https://d26c3ruhv16ewi.cloudfront.net/dev/vtransact/vtransact-iam-login/login-service/service/vtiam/v5.0/authen/token
request_method
POST
request_headers
{
  "accept": "application/json",
  "authorization": "Basic VlQxMDAyOjBlODU3YzFkLTVmMjAtNGMwNy05NmUzLWJhNThiY2U3NzgzYg\u003d\u003d",
  "content-type": "application/x-www-form-urlencoded;charset\u003dUTF-8",
  "content-length": "88"
}
request_body
grant_type=refresh_token&refresh_token=41cae752-0296-468c-9153-5b326f68cbf1&scope=openid
2023-02-14 11:16:11 RESPONSE
CallTokenEndpointAndReturnFullResponse
HTTP response
response_status_code
400 BAD_REQUEST
response_status_text
Bad Request
response_headers
{
  "content-type": "application/json",
  "content-length": "72",
  "connection": "keep-alive",
  "date": "Tue, 14 Feb 2023 11:16:11 GMT",
  "x-amzn-requestid": "2f25e5d0-2bc6-46bb-8644-854513a0fe63",
  "x-xss-protection": "1; mode\u003dblock",
  "x-frame-options": "DENY",
  "x-envoy-upstream-service-time": "13",
  "x-amzn-remapped-connection": "keep-alive",
  "x-amz-apigw-id": "AU4LTH91BcwFvpw\u003d",
  "cache-control": "no-store",
  "vary": "Origin,Access-Control-Request-Method,Access-Control-Request-Headers",
  "x-amzn-remapped-server": "istio-envoy",
  "x-content-type-options": "nosniff",
  "pragma": "no-cache",
  "x-amzn-remapped-date": "Tue, 14 Feb 2023 11:16:11 GMT",
  "x-cache": "Error from cloudfront",
  "via": "1.1 d884448b57edd26b9e1728c6eef625b0.cloudfront.net (CloudFront)",
  "x-amz-cf-pop": "MIA3-C4",
  "x-amz-cf-id": "Se93VUcY92KUYGEJPW8nIGYkNSpm7EGHngsXdNo0EmC4NImfj7nTTQ\u003d\u003d"
}
response_body
{"error":"invalid_grant","error_description":"refresh_token is invalid"}
2023-02-14 11:16:11 SUCCESS
CallTokenEndpointAndReturnFullResponse
Parsed token endpoint response
error
invalid_grant
error_description
refresh_token is invalid
2023-02-14 11:16:11 SUCCESS
ValidateErrorFromTokenEndpointResponseError
Token endpoint response error returned valid 'error' field
error
invalid_grant
2023-02-14 11:16:11 SUCCESS
CheckTokenEndpointHttpStatus400
Token endpoint http status code was 400
2023-02-14 11:16:11 SUCCESS
CheckTokenEndpointReturnedJsonContentType
token_endpoint_response_headers Content-Type: header is application/json
2023-02-14 11:16:11 SUCCESS
CheckErrorFromTokenEndpointResponseErrorInvalidGrant
Token Endpoint response error returned expected 'error' of 'invalid_grant'
expected
[
  "invalid_grant"
]
2023-02-14 11:16:11 FINISHED
oidcc-refresh-token
Test has run to completion
testmodule_result
PASSED
Unregister dynamically registered client
2023-02-14 11:16:11
UnregisterDynamicallyRegisteredClient
Couldn't find registration_access_token.
Second client: Unregister dynamically registered client
2023-02-14 11:16:11
UnregisterDynamicallyRegisteredClient
Couldn't find registration_access_token.
2023-02-14 11:16:50
TEST-RUNNER
Alias has now been claimed by another test
alias
Mindgate_Solutions
new_test_id
By9BfdEU68Rk3Az
Test Results