[Openid-specs-ab] Issue #74: What is OP-Req-id_token_hint doing? (openid/certification)

Brian Campbell issues-reply at bitbucket.org
Thu Mar 5 19:42:57 UTC 2015


New issue 74: What is OP-Req-id_token_hint doing?
https://bitbucket.org/openid/certification/issue/74/what-is-op-req-id_token_hint-doing

Brian Campbell:

What behavior is "Using prompt=none with user hint through id_token_hint (OP-Req-id_token_hint)" supposed to be checking?

The test starts by getting an id token with a normal flow and then presents a page that says:

"OICTEST
This test tests what happens if the authentication request specifies that the user should not be allowed to login and the RP has received an ID Token at a previous login by the user. The RP should send the ID Token to the OpenID provider as a hint to who the user is. Please remove any cookies you may have received from the OpenID provider.
To continue click this link.
To go back click this link."

If I do remove cookies, I get a test failure (info log below). But a login_required error is exactly what should happen when the user doesn't have a session (the test just told me to clear cookies) and the request has prompt=none. It also has nothing to do with id_token_hint.

If I don't remove cookies and continue anyway, the test passes. Which is confusing. 


Removing cookies:
```
#!text


Test info
Profile: {'profile': 'C', 'sub': 'none', 'register': False, 'discover': True, 'extra': False}
Test ID: OP-Req-id_token_hint
Issuer: https://gold.pinglabs.net
Test output


__AuthorizationRequest:pre__
[check-response-type]
	status: OK
	description: Checks that the asked for response type are among the supported
[check-endpoint]
	status: OK
	description: Checks that the necessary endpoint exists at a server
__AuthorizationRequest:pre__
[check-response-type]
	status: OK
	description: Checks that the asked for response type are among the supported
[check-endpoint]
	status: OK
	description: Checks that the necessary endpoint exists at a server
[-]
	status: ERROR
	info: {'state': 'uUutzS7OkiNaOcnq', 'error': 'login_required'}

Trace output


0.000273 ------------ DiscoveryRequest ------------
0.000284 Provider info discover from 'https://gold.pinglabs.net/'
0.000290 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
0.292594 ProviderConfigurationResponse: {
  "authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
  "claim_types_supported": [
    "normal"
  ],
  "claims_parameter_supported": false,
  "claims_supported": [
    "address",
    "birthdate",
    "email",
    "email_verified",
    "family_name",
    "gender",
    "given_name",
    "locale",
    "middle_name",
    "name",
    "nickname",
    "phone_number",
    "picture",
    "preferred_username",
    "profile",
    "sub",
    "website",
    "zoneinfo"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512"
  ],
  "issuer": "https://gold.pinglabs.net",
  "jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
  "ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
  "ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
  "registration_endpoint": "https://gold.pinglabs.net/idp/client-registration.openid",
  "request_parameter_supported": false,
  "request_uri_parameter_supported": false,
  "require_request_uri_registration": true,
  "response_modes_supported": [
    "fragment",
    "query",
    "form_post"
  ],
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "code token",
    "code id_token",
    "token id_token",
    "code token id_token"
  ],
  "revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
  "scopes_supported": [
    "product",
    "phone",
    "pingone-native-application",
    "email",
    "address",
    "admin",
    "edit",
    "openid",
    "profile"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
  "version": "3.0"
}
0.581769 JWKS: {
  "keys": [
    {
      "crv": "P-521",
      "kid": "f80st",
      "kty": "EC",
      "use": "sig",
      "x": "AK2REJpgFwKoWTu-6QYaSQTCRg08UnhgI-vr6mIgNX-enTAcv26sOP4vIXwTdIB7LklAV3h1072QvGHgiPFYJsg5",
      "y": "AEzJoN5JN8fpFu93FpNHPxkqFiEaPn7rhvaMNmGXJzj-3zliFU_g2yFqLppC1lTf1Un1o-mnd0vvQVgrflwZjSI8"
    },
    {
      "crv": "P-384",
      "kid": "f80su",
      "kty": "EC",
      "use": "sig",
      "x": "L5VGrkEWu2RhkDkXtQr5DAfqSxza3COTI8Tca7hb31BFk1c5nYkZdE0F5OP4nw_G",
      "y": "y8aD3F2jJF3qlthuYsANfHwhnUw-9YTbtLsNaHvop4fxGzb9Ra-yhNF0jfHtgYll"
    },
    {
      "crv": "P-256",
      "kid": "f80sv",
      "kty": "EC",
      "use": "sig",
      "x": "BHiXkFQUaUjiX62-OU9UtQpwni5_ef_0eC7FlOzoutY",
      "y": "WfTfWE9Ns31RiiBivWohmSnBKTF1bHndk--gErZDqOY"
    },
    {
      "e": "AQAB",
      "kid": "f80sw",
      "kty": "RSA",
      "n": "grO1Q2_XEaknnQzLCDAVYe4spCQMbolNBbqTtwfRCOhS2w4o2NiIvYM5_PDR7jiEWiFC0blgR_eddopxpQrmUy60zbYelzD6byxRa29-PnQgjeJZO2o8QbSCkRRORidZI9MAGsPwfl80f9UBZT0pmlkbEdhlgGPk7b-v_KKseIDTN-lJL9-Jxgbr9XpNoUNEl8k5zpPLLfcmpy5rwa29Ch9m2OAMcxn3xb7hR9toyw8R_ULL7Rd9JGQlxcmnrsL_ah7jSCF-ObVV-CC53QpLjlpTjGDygok_zi5OpOBKHIIIcEOu5tJFm-jCnMTd-2SymcjmHOQTnedmU27nMz5hPw",
      "use": "sig"
    },
    {
      "crv": "P-521",
      "kid": "f80sx",
      "kty": "EC",
      "use": "sig",
      "x": "Aez5kFxe9_mnG4umHdcgJLLsCW308D0n3P3-8DqiKh1NnFvBjsP04rZpDTTw-_N7j0JJFx0dQNRArTywdmsdsbu9",
      "y": "AYyIXt3ZqZxUvZskSpCwgLjnjqEuQZuyVgd35dayB77-To-14sIEA0fd00rp1yB1yzcoMXcITgawgOy9UWMXByoW"
    },
    {
      "crv": "P-384",
      "kid": "f80sy",
      "kty": "EC",
      "use": "sig",
      "x": "O1mLea6k0ykLm1wWxvIWZUzUzJC91h8Ex6_jPAv5dnI6qoKXFTL90R-u-hl93VJ6",
      "y": "ckBiXpdnnp_CbuCPJuLGPG4G--dyeqV_WHZ6kIBQQJqPVlTD0k_qEmWsI2GxwyKz"
    },
    {
      "crv": "P-256",
      "kid": "f80sz",
      "kty": "EC",
      "use": "sig",
      "x": "NXwMQZJRzPDtSVbDT_I8S7s_Y59UFR6cQw5jWOntTwg",
      "y": "j2FJO6YSshDt8W0jM-WBeKZfwY28LLN0Nlu0KM2wc4Y"
    },
    {
      "e": "AQAB",
      "kid": "f80t0",
      "kty": "RSA",
      "n": "t3W3gGCC1X_7X-wIH8OszWvyGJkjXBBebH2csCPws7IsMqLy1Zez8qhNHrdnRDlsOLnuvOIzM2GTDa_iV29btN3CFd3TSjC74LsP2Z_jO41ajkW5YevV87gRgPB1_mHE4dzbFBqt24v1u90Pxv68ZpXX2EekVvpMEqIZwtZJApWBTWL_ovzp-Cyy0p4OG3SxEIM63Hs_2YT0Vlc5RvpJYwMSrQsRojdHvJUEWa2HLDSHUBSytWQKg2g2SJ97Wc4yLWNQ6gTN2IN0UHq3n_x82xmM4_M-c5yt3pVZwNFnFIPkscnIQtaRBUFbabyFMKMS9idvZTLhVq53pHAL3epDMQ",
      "use": "sig"
    },
    {
      "crv": "P-521",
      "kid": "f80t1",
      "kty": "EC",
      "use": "sig",
      "x": "AKCEcGch57ku9MolqQ1_0RDXi2GCp93SJQiY1gW_p3B-5uS9MpS8_GAwHDIyCH1skS2AI-SVtDzEjPyW9kbomnQ0",
      "y": "AXKxpV0Wr0L-U3_ZIy-y6WzNo1NpAsAotj43NqCQFixIPUaUZxx1yOGLlAOH93AJtRf0h8GJL1vYPIFqxVVZ8vQW"
    },
    {
      "crv": "P-384",
      "kid": "f80t2",
      "kty": "EC",
      "use": "sig",
      "x": "H0HJ3Llc_MtTbNYqrySr6AvlbwZfmezz2_F7ZJcQLil0ihT5yYunKdvkGu67eE0j",
      "y": "kCZmV4Ed-ijHsAQ-cXkfAb6uqXhg2LHJf7mBqRcRj5CtKL9BdJduRX3xhGKWaFyP"
    },
    {
      "crv": "P-256",
      "kid": "f80t3",
      "kty": "EC",
      "use": "sig",
      "x": "dkDYvnKf2NTCOrvsMP3aFnMfKuF2mlMM3jApkiCPO68",
      "y": "5SjBt8pY2kt21hnOHWojXkwEpH5oI57G0_miL0MuS-0"
    },
    {
      "e": "AQAB",
      "kid": "f80t4",
      "kty": "RSA",
      "n": "0NHuJ53xo18FiJVgwlPPKkWoW2rfa3JR7wUsDxmKmk-Blwog_9i0VZe0yYYBEB_G3Kuq1BJ1oEtfx3WTJKhL2D1mFftbOEM_VggmTlZNq-M_7yIhIdoe92L9As___3VHClf_fwysxTj_gTo6JHDHEw0dhExrQH6Jz-GykIDv6MdcoaXGdXJ9-3EwrpsUF1X-9cw1d2rrvr44B2k0v0EBj6fxZ55cF90Ev6-3Q4UMCE6uXnPnzEyNjnMyplHPmaWAfCWHF9wZmlQNmoAX4TrR1dkKITYagjS7B_xKeTli3vNVxkofJ5Ptc2axXoriTv6igGpS75tH7Fzn-PO_A4X7Sw",
      "use": "sig"
    }
  ]
}
0.582558 ------------ AuthorizationRequest ------------
0.582916 --> URL: https://gold.pinglabs.net/as/authorization.oauth2?scope=openid&state=uO7AJXOxJdNWqVGd&response_type=code&client_id=__c
0.582923 --> BODY: None
14.185083 <-- state=uO7AJXOxJdNWqVGd&code=h8q-BnJvdYZUOKAM_Sidsk1UB7xuvM-P5x5SWz6O9Ak
14.185351 AuthorizationResponse: {
  "code": "h8q-BnJvdYZUOKAM_Sidsk1UB7xuvM-P5x5SWz6O9Ak",
  "state": "uO7AJXOxJdNWqVGd"
}
14.185661 ------------ AccessTokenRequest ------------
14.185941 --> URL: https://gold.pinglabs.net/as/token.oauth2
14.185947 --> BODY: code=h8q-BnJvdYZUOKAM_Sidsk1UB7xuvM-P5x5SWz6O9Ak&grant_type=authorization_code
14.185957 --> HEADERS: {'Content-type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic X19jOjhZaDREZmlpaENZNHNhd1ZoY3FhRFFhbG92bU5tVzFjdGZHRG9OZElOS25SbkMwWnRzMklMdU9GYktnZUR3bW0='}
14.466828 <-- STATUS: 200
14.466867 <-- BODY: {"token_type":"Bearer","expires_in":7199,"id_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6ImY4MHQwIn0.eyJzdWIiOiJqYnJhZGxleSIsImF1ZCI6Il9fYyIsImp0aSI6ImZnUFhQdDlzaWJubjd6TEpZaWNGdzIiLCJpc3MiOiJodHRwczpcL1wvZ29sZC5waW5nbGFicy5uZXQiLCJpYXQiOjE0MjU1ODM3OTcsImV4cCI6MTQyNTU4NDA5NywiYXV0aF90aW1lIjoxNDI1NTgzNzk3fQ.FnKROrBwUn7gss9P5XxpXiJ1HBH0VWn-DTo8hDiXUDqB-oLpKLNTXW-ARO4c8dZW59ScrM_lit0hPcgyaf6fuE9qf0O3gEkp7EbdtcNdYs2f8LPg4WfuSsw7P1EBrR3UVF77W2ucS-NA0-81kgjzTM8wSjSl7ju_JFTT9ovKvFTDkjb0uQqLs6Qhqi5YUS4ABwqJVlAuXY-L462WOOIzeA-agnoTa-CY-POFUL5RygTLFbQ1VoMb7BhaL98Swh3Wc7q9RNG2XnwKgY9kp9Rz6QemvVTKvL_ZPshFHdroE32a64M8dCz-Boix_XdWRDHzHnVGJlIhNq-muwtwE4XbRw","access_token":"CnyEZigeA28fXS8BSVdbD1GYXA5C"}

14.766336 AccessTokenResponse: {
  "access_token": "CnyEZigeA28fXS8BSVdbD1GYXA5C",
  "expires_in": 7199,
  "id_token": {
    "aud": [
      "__c"
    ],
    "auth_time": 1425583797,
    "exp": 1425584097,
    "iat": 1425583797,
    "iss": "https://gold.pinglabs.net",
    "jti": "fgPXPt9sibnn7zLJYicFw2",
    "sub": "jbradley"
  },
  "token_type": "Bearer"
}
142.761984 ------------ AuthorizationRequest ------------
142.762392 --> URL: https://gold.pinglabs.net/as/authorization.oauth2?prompt=none&id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6ImY4MHQwIn0.eyJzdWIiOiJqYnJhZGxleSIsImF1ZCI6Il9fYyIsImp0aSI6ImZnUFhQdDlzaWJubjd6TEpZaWNGdzIiLCJpc3MiOiJodHRwczpcL1wvZ29sZC5waW5nbGFicy5uZXQiLCJpYXQiOjE0MjU1ODM3OTcsImV4cCI6MTQyNTU4NDA5NywiYXV0aF90aW1lIjoxNDI1NTgzNzk3fQ.FnKROrBwUn7gss9P5XxpXiJ1HBH0VWn-DTo8hDiXUDqB-oLpKLNTXW-ARO4c8dZW59ScrM_lit0hPcgyaf6fuE9qf0O3gEkp7EbdtcNdYs2f8LPg4WfuSsw7P1EBrR3UVF77W2ucS-NA0-81kgjzTM8wSjSl7ju_JFTT9ovKvFTDkjb0uQqLs6Qhqi5YUS4ABwqJVlAuXY-L462WOOIzeA-agnoTa-CY-POFUL5RygTLFbQ1VoMb7BhaL98Swh3Wc7q9RNG2XnwKgY9kp9Rz6QemvVTKvL_ZPshFHdroE32a64M8dCz-Boix_XdWRDHzHnVGJlIhNq-muwtwE4XbRw&state=uUutzS7OkiNaOcnq&response_type=code&client_id=__c&scope=openid
142.762400 --> BODY: None
143.006712 <-- error=login_required&state=uUutzS7OkiNaOcnq
143.006942 AuthorizationErrorResponse: {
  "error": "login_required",
  "state": "uUutzS7OkiNaOcnq"
}
143.007462 [ERROR] AuthorizationErrorResponse:{'state': 'uUutzS7OkiNaOcnq', 'error': 'login_required'}

Result
FAILED

```


Not removing cookies:

```
#!text


Test info
Profile: {'profile': 'C', 'sub': 'none', 'register': False, 'discover': True, 'extra': False}
Test ID: OP-Req-id_token_hint
Issuer: https://gold.pinglabs.net
Test output


__AuthorizationRequest:pre__
[check-response-type]
	status: OK
	description: Checks that the asked for response type are among the supported
[check-endpoint]
	status: OK
	description: Checks that the necessary endpoint exists at a server
__AuthorizationRequest:pre__
[check-response-type]
	status: OK
	description: Checks that the asked for response type are among the supported
[check-endpoint]
	status: OK
	description: Checks that the necessary endpoint exists at a server
__After completing the test flow:__
[check-http-response]
	status: OK
	description: Checks that the HTTP response status is within the 200 or 300 range
[same-authn]
	status: OK
	description: Verifies that the same authentication was used twice in the flow.

Trace output


0.000268 ------------ DiscoveryRequest ------------
0.000278 Provider info discover from 'https://gold.pinglabs.net/'
0.000284 --> URL: https://gold.pinglabs.net/.well-known/openid-configuration
0.339660 ProviderConfigurationResponse: {
  "authorization_endpoint": "https://gold.pinglabs.net/as/authorization.oauth2",
  "claim_types_supported": [
    "normal"
  ],
  "claims_parameter_supported": false,
  "claims_supported": [
    "address",
    "birthdate",
    "email",
    "email_verified",
    "family_name",
    "gender",
    "given_name",
    "locale",
    "middle_name",
    "name",
    "nickname",
    "phone_number",
    "picture",
    "preferred_username",
    "profile",
    "sub",
    "website",
    "zoneinfo"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512"
  ],
  "issuer": "https://gold.pinglabs.net",
  "jwks_uri": "https://gold.pinglabs.net/pf/JWKS",
  "ping_end_session_endpoint": "https://gold.pinglabs.net/idp/startSLO.ping",
  "ping_revoked_sris_endpoint": "https://gold.pinglabs.net/pf-ws/rest/sessionMgmt/revokedSris",
  "registration_endpoint": "https://gold.pinglabs.net/idp/client-registration.openid",
  "request_parameter_supported": false,
  "request_uri_parameter_supported": false,
  "require_request_uri_registration": true,
  "response_modes_supported": [
    "fragment",
    "query",
    "form_post"
  ],
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "code token",
    "code id_token",
    "token id_token",
    "code token id_token"
  ],
  "revocation_endpoint": "https://gold.pinglabs.net/as/revoke_token.oauth2",
  "scopes_supported": [
    "product",
    "phone",
    "pingone-native-application",
    "email",
    "address",
    "admin",
    "edit",
    "openid",
    "profile"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "https://gold.pinglabs.net/as/token.oauth2",
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "userinfo_endpoint": "https://gold.pinglabs.net/idp/userinfo.openid",
  "version": "3.0"
}
0.609117 JWKS: {
  "keys": [
    {
      "crv": "P-521",
      "kid": "f80st",
      "kty": "EC",
      "use": "sig",
      "x": "AK2REJpgFwKoWTu-6QYaSQTCRg08UnhgI-vr6mIgNX-enTAcv26sOP4vIXwTdIB7LklAV3h1072QvGHgiPFYJsg5",
      "y": "AEzJoN5JN8fpFu93FpNHPxkqFiEaPn7rhvaMNmGXJzj-3zliFU_g2yFqLppC1lTf1Un1o-mnd0vvQVgrflwZjSI8"
    },
    {
      "crv": "P-384",
      "kid": "f80su",
      "kty": "EC",
      "use": "sig",
      "x": "L5VGrkEWu2RhkDkXtQr5DAfqSxza3COTI8Tca7hb31BFk1c5nYkZdE0F5OP4nw_G",
      "y": "y8aD3F2jJF3qlthuYsANfHwhnUw-9YTbtLsNaHvop4fxGzb9Ra-yhNF0jfHtgYll"
    },
    {
      "crv": "P-256",
      "kid": "f80sv",
      "kty": "EC",
      "use": "sig",
      "x": "BHiXkFQUaUjiX62-OU9UtQpwni5_ef_0eC7FlOzoutY",
      "y": "WfTfWE9Ns31RiiBivWohmSnBKTF1bHndk--gErZDqOY"
    },
    {
      "e": "AQAB",
      "kid": "f80sw",
      "kty": "RSA",
      "n": "grO1Q2_XEaknnQzLCDAVYe4spCQMbolNBbqTtwfRCOhS2w4o2NiIvYM5_PDR7jiEWiFC0blgR_eddopxpQrmUy60zbYelzD6byxRa29-PnQgjeJZO2o8QbSCkRRORidZI9MAGsPwfl80f9UBZT0pmlkbEdhlgGPk7b-v_KKseIDTN-lJL9-Jxgbr9XpNoUNEl8k5zpPLLfcmpy5rwa29Ch9m2OAMcxn3xb7hR9toyw8R_ULL7Rd9JGQlxcmnrsL_ah7jSCF-ObVV-CC53QpLjlpTjGDygok_zi5OpOBKHIIIcEOu5tJFm-jCnMTd-2SymcjmHOQTnedmU27nMz5hPw",
      "use": "sig"
    },
    {
      "crv": "P-521",
      "kid": "f80sx",
      "kty": "EC",
      "use": "sig",
      "x": "Aez5kFxe9_mnG4umHdcgJLLsCW308D0n3P3-8DqiKh1NnFvBjsP04rZpDTTw-_N7j0JJFx0dQNRArTywdmsdsbu9",
      "y": "AYyIXt3ZqZxUvZskSpCwgLjnjqEuQZuyVgd35dayB77-To-14sIEA0fd00rp1yB1yzcoMXcITgawgOy9UWMXByoW"
    },
    {
      "crv": "P-384",
      "kid": "f80sy",
      "kty": "EC",
      "use": "sig",
      "x": "O1mLea6k0ykLm1wWxvIWZUzUzJC91h8Ex6_jPAv5dnI6qoKXFTL90R-u-hl93VJ6",
      "y": "ckBiXpdnnp_CbuCPJuLGPG4G--dyeqV_WHZ6kIBQQJqPVlTD0k_qEmWsI2GxwyKz"
    },
    {
      "crv": "P-256",
      "kid": "f80sz",
      "kty": "EC",
      "use": "sig",
      "x": "NXwMQZJRzPDtSVbDT_I8S7s_Y59UFR6cQw5jWOntTwg",
      "y": "j2FJO6YSshDt8W0jM-WBeKZfwY28LLN0Nlu0KM2wc4Y"
    },
    {
      "e": "AQAB",
      "kid": "f80t0",
      "kty": "RSA",
      "n": "t3W3gGCC1X_7X-wIH8OszWvyGJkjXBBebH2csCPws7IsMqLy1Zez8qhNHrdnRDlsOLnuvOIzM2GTDa_iV29btN3CFd3TSjC74LsP2Z_jO41ajkW5YevV87gRgPB1_mHE4dzbFBqt24v1u90Pxv68ZpXX2EekVvpMEqIZwtZJApWBTWL_ovzp-Cyy0p4OG3SxEIM63Hs_2YT0Vlc5RvpJYwMSrQsRojdHvJUEWa2HLDSHUBSytWQKg2g2SJ97Wc4yLWNQ6gTN2IN0UHq3n_x82xmM4_M-c5yt3pVZwNFnFIPkscnIQtaRBUFbabyFMKMS9idvZTLhVq53pHAL3epDMQ",
      "use": "sig"
    },
    {
      "crv": "P-521",
      "kid": "f80t1",
      "kty": "EC",
      "use": "sig",
      "x": "AKCEcGch57ku9MolqQ1_0RDXi2GCp93SJQiY1gW_p3B-5uS9MpS8_GAwHDIyCH1skS2AI-SVtDzEjPyW9kbomnQ0",
      "y": "AXKxpV0Wr0L-U3_ZIy-y6WzNo1NpAsAotj43NqCQFixIPUaUZxx1yOGLlAOH93AJtRf0h8GJL1vYPIFqxVVZ8vQW"
    },
    {
      "crv": "P-384",
      "kid": "f80t2",
      "kty": "EC",
      "use": "sig",
      "x": "H0HJ3Llc_MtTbNYqrySr6AvlbwZfmezz2_F7ZJcQLil0ihT5yYunKdvkGu67eE0j",
      "y": "kCZmV4Ed-ijHsAQ-cXkfAb6uqXhg2LHJf7mBqRcRj5CtKL9BdJduRX3xhGKWaFyP"
    },
    {
      "crv": "P-256",
      "kid": "f80t3",
      "kty": "EC",
      "use": "sig",
      "x": "dkDYvnKf2NTCOrvsMP3aFnMfKuF2mlMM3jApkiCPO68",
      "y": "5SjBt8pY2kt21hnOHWojXkwEpH5oI57G0_miL0MuS-0"
    },
    {
      "e": "AQAB",
      "kid": "f80t4",
      "kty": "RSA",
      "n": "0NHuJ53xo18FiJVgwlPPKkWoW2rfa3JR7wUsDxmKmk-Blwog_9i0VZe0yYYBEB_G3Kuq1BJ1oEtfx3WTJKhL2D1mFftbOEM_VggmTlZNq-M_7yIhIdoe92L9As___3VHClf_fwysxTj_gTo6JHDHEw0dhExrQH6Jz-GykIDv6MdcoaXGdXJ9-3EwrpsUF1X-9cw1d2rrvr44B2k0v0EBj6fxZ55cF90Ev6-3Q4UMCE6uXnPnzEyNjnMyplHPmaWAfCWHF9wZmlQNmoAX4TrR1dkKITYagjS7B_xKeTli3vNVxkofJ5Ptc2axXoriTv6igGpS75tH7Fzn-PO_A4X7Sw",
      "use": "sig"
    }
  ]
}
0.609822 ------------ AuthorizationRequest ------------
0.610156 --> URL: https://gold.pinglabs.net/as/authorization.oauth2?scope=openid&state=QNwYnUkwm4SigjvR&response_type=code&client_id=__c
0.610162 --> BODY: None
10.195218 <-- state=QNwYnUkwm4SigjvR&code=ysAHDPTcappjcTyIef3hIWhTLVuIcUfUDavRn-YzCAo
10.195465 AuthorizationResponse: {
  "code": "ysAHDPTcappjcTyIef3hIWhTLVuIcUfUDavRn-YzCAo",
  "state": "QNwYnUkwm4SigjvR"
}
10.195755 ------------ AccessTokenRequest ------------
10.196019 --> URL: https://gold.pinglabs.net/as/token.oauth2
10.196024 --> BODY: code=ysAHDPTcappjcTyIef3hIWhTLVuIcUfUDavRn-YzCAo&grant_type=authorization_code
10.196034 --> HEADERS: {'Content-type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic X19jOjhZaDREZmlpaENZNHNhd1ZoY3FhRFFhbG92bU5tVzFjdGZHRG9OZElOS25SbkMwWnRzMklMdU9GYktnZUR3bW0='}
10.475239 <-- STATUS: 200
10.475280 <-- BODY: {"token_type":"Bearer","expires_in":7200,"id_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6ImY4MHQwIn0.eyJzdWIiOiJqYnJhZGxleSIsImF1ZCI6Il9fYyIsImp0aSI6ImYyTkxhODJmNjMyRXBkcUlIR0V3TEEiLCJpc3MiOiJodHRwczpcL1wvZ29sZC5waW5nbGFicy5uZXQiLCJpYXQiOjE0MjU1ODQzMTcsImV4cCI6MTQyNTU4NDYxNywiYXV0aF90aW1lIjoxNDI1NTg0MzE3fQ.rL1nOkiDTq69-IoQl9oIknlLs3uS9fAqi8PF7-Lz1cMAUTZJQxy1zpKXxLWGN74To0PDKgJVAYpXz4ayHZoDR0NvJZvjq1188StUHsP8GL2tlXBPRCzNLjAdD_4yT8TGujI79-b1m3FQwKxmfmzpXGWlBo5JHrCwItnWN802qiWWVv1vJgJ2UVPey6OS9_KvFJnpIvXX0MEVGVuGx8K6LP02MvW8kgqv-8j1SO0MjNpZCTZw3v3B-K596GjuLwUtEAsHRXnmWlbLAmA1ecIVDH0COMgTA9YBt5Jtvde-nI6tcBBxVeCdAl9W0PgQRQf6iIS9CUuSUnuCn6i6G17p3g","access_token":"KjBCuFS310dLUTkDl43uLBKtl7St"}

10.759390 AccessTokenResponse: {
  "access_token": "KjBCuFS310dLUTkDl43uLBKtl7St",
  "expires_in": 7200,
  "id_token": {
    "aud": [
      "__c"
    ],
    "auth_time": 1425584317,
    "exp": 1425584617,
    "iat": 1425584317,
    "iss": "https://gold.pinglabs.net",
    "jti": "f2NLa82f632EpdqIHGEwLA",
    "sub": "jbradley"
  },
  "token_type": "Bearer"
}
12.583653 ------------ AuthorizationRequest ------------
12.584062 --> URL: https://gold.pinglabs.net/as/authorization.oauth2?prompt=none&id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6ImY4MHQwIn0.eyJzdWIiOiJqYnJhZGxleSIsImF1ZCI6Il9fYyIsImp0aSI6ImYyTkxhODJmNjMyRXBkcUlIR0V3TEEiLCJpc3MiOiJodHRwczpcL1wvZ29sZC5waW5nbGFicy5uZXQiLCJpYXQiOjE0MjU1ODQzMTcsImV4cCI6MTQyNTU4NDYxNywiYXV0aF90aW1lIjoxNDI1NTg0MzE3fQ.rL1nOkiDTq69-IoQl9oIknlLs3uS9fAqi8PF7-Lz1cMAUTZJQxy1zpKXxLWGN74To0PDKgJVAYpXz4ayHZoDR0NvJZvjq1188StUHsP8GL2tlXBPRCzNLjAdD_4yT8TGujI79-b1m3FQwKxmfmzpXGWlBo5JHrCwItnWN802qiWWVv1vJgJ2UVPey6OS9_KvFJnpIvXX0MEVGVuGx8K6LP02MvW8kgqv-8j1SO0MjNpZCTZw3v3B-K596GjuLwUtEAsHRXnmWlbLAmA1ecIVDH0COMgTA9YBt5Jtvde-nI6tcBBxVeCdAl9W0PgQRQf6iIS9CUuSUnuCn6i6G17p3g&state=CvWY6v7RPBMM5A99&response_type=code&client_id=__c&scope=openid
12.584069 --> BODY: None
12.715667 <-- state=CvWY6v7RPBMM5A99&code=FlFF6hWOyvKkkjPqRlR7xvF1EbCLEkyzMzw7ziTKYjQ
12.720969 AuthorizationResponse: {
  "code": "FlFF6hWOyvKkkjPqRlR7xvF1EbCLEkyzMzw7ziTKYjQ",
  "state": "CvWY6v7RPBMM5A99"
}
12.721308 ------------ AccessTokenRequest ------------
12.721622 --> URL: https://gold.pinglabs.net/as/token.oauth2
12.721628 --> BODY: code=FlFF6hWOyvKkkjPqRlR7xvF1EbCLEkyzMzw7ziTKYjQ&grant_type=authorization_code
12.721638 --> HEADERS: {'Content-type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic X19jOjhZaDREZmlpaENZNHNhd1ZoY3FhRFFhbG92bU5tVzFjdGZHRG9OZElOS25SbkMwWnRzMklMdU9GYktnZUR3bW0='}
13.028858 <-- STATUS: 200
13.028901 <-- BODY: {"token_type":"Bearer","expires_in":7200,"id_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6ImY4MHQwIn0.eyJzdWIiOiJqYnJhZGxleSIsImF1ZCI6Il9fYyIsImp0aSI6InU4dGFhakVkZ2VQWGpidkc3cjA3Mm8iLCJpc3MiOiJodHRwczpcL1wvZ29sZC5waW5nbGFicy5uZXQiLCJpYXQiOjE0MjU1ODQzMTksImV4cCI6MTQyNTU4NDYxOSwiYXV0aF90aW1lIjoxNDI1NTg0MzE3fQ.gyVkQrvT0H3WCBGWLP6nQXqeznBfCtHaZ4pir_irY8CAoLaJP27sPzHudm_2lTrDNAyhMyl81RBW6_jnv7kIKO1egNVpIwd9dZ1qI_8fDmuwpDtkBJc0KcAC05Hcbvdi_ezHL_g2v96dpX9mCzWv0SJmUxpzYI4ExxIXu2sWjLWF-_jjTl-bxB4SYfbQ6zhwOWdoRu5OHgt3YX-nHQBn5sAsFmRaProZBn785JzzwpmtYUktOsgL9-Gs2db0ultovSuSsGCtiS4hyrJ2lciMPk6AyMFsYWw4bAz0bmX0_O96TEL7UeIvjoco2S4teBcHD7qbPTy532ksVDknU-X2wg","access_token":"nEmcGB4auveiPLKYOiWoLvpiWoFd"}

13.032037 AccessTokenResponse: {
  "access_token": "nEmcGB4auveiPLKYOiWoLvpiWoFd",
  "expires_in": 7200,
  "id_token": {
    "aud": [
      "__c"
    ],
    "auth_time": 1425584317,
    "exp": 1425584619,
    "iat": 1425584319,
    "iss": "https://gold.pinglabs.net",
    "jti": "u8taajEdgePXjbvG7r072o",
    "sub": "jbradley"
  },
  "token_type": "Bearer"
}

Result
PASSED

```






More information about the Openid-specs-ab mailing list