[Openid-specs-ab] Issue #108: OP-claims-sub (Support claims request specifying sub value) Invalid JSON in request (openid/certification)
Edmund Jay
issues-reply at bitbucket.org
Wed Mar 18 23:03:51 UTC 2015
New issue 108: OP-claims-sub (Support claims request specifying sub value) Invalid JSON in request
https://bitbucket.org/openid/certification/issue/108/op-claims-sub-support-claims-request
Edmund Jay:
The test has 2 problems :
1) It performs registration twice and requests authentication with these 2 different client_id.
The result is that the "sub" value will never match for different clients when using pairwise subject types.
2) The claims parameter contains invalid JSON. The sub value should be an array with the value element set to the subject value. It is now a string value with the JSON syntax for an array. E.g.
{"id_token": {"sub": "{\\"value\\": \\"c0cf39a3332e0a9ed82c4060d0f470c82138df057a4fcc6513fd751f2b0eeaab\\"}"}}
It should be
{"id_token": {"sub": {"value": "c0cf39a3332e0a9ed82c4060d0f470c82138df057a4fcc6513fd751f2b0eeaab"}}}
```
#!text
Test info
Profile: {'openid-configuration': 'config', 'extras': True, 'response_type': 'code', 'crypto': 'encrypt+sign', 'registration': 'dynamic'}
Test description: Support claims request specifying sub value [Extra]
Test ID: OP-claims-sub
Issuer: https://connect.openid4.us
Test output
__RegistrationRequest:post__
[check]
status: INFORMATION
description: Registration Response
info: {"client_id":"VFkSxoGnFJ8Vzx69ZwmWYQ","client_secret":"t-8M1Ac8LIvqeQ","registration_access_token":"MnEoky8OEeOivQ","registration_client_uri":"https:\/\/connect.openid4.us\/abop\/op.php\/client\/I5iKGQ3GCu4ZMX7GcCJ3eA","client_id_issued_at":1426719365,"client_secret_expires_at":0,"contacts":["roland.hedberg at umu.se"],"application_type":"web","redirect_uris":["https:\/\/op.certification.openid.net:60103\/authz_cb","https:\/\/op.certification.openid.net:60103\/cb"],"post_logout_redirect_uris":["https:\/\/op.certification.openid.net:60103\/logout"],"jwks_uri":"https:\/\/op.certification.openid.net:60103\/export\/jwk_60103.json","subject_type":"pairwise","default_max_age":3600,"require_auth_time":true,"response_types":["code"],"grant_types":["authorization_code"]}
__AuthorizationRequest:pre__
[check-response-type]
status: OK
description: Checks that the asked for response type are among the supported
[check-endpoint]
status: OK
description: Checks that the necessary endpoint exists at a server
__RegistrationRequest:post__
[check]
status: INFORMATION
description: Registration Response
info: {"client_id":"Y2HySPeP559F6wuBrhE_7A","client_secret":"yjyM3nFgtqVYHA","registration_access_token":"XH80f1wH1xGzPg","registration_client_uri":"https:\/\/connect.openid4.us\/abop\/op.php\/client\/gh9YVBO85BFVa9TkqL6xqw","client_id_issued_at":1426719380,"client_secret_expires_at":0,"contacts":["roland.hedberg at umu.se"],"application_type":"web","redirect_uris":["https:\/\/op.certification.openid.net:60103\/authz_cb","https:\/\/op.certification.openid.net:60103\/cb"],"post_logout_redirect_uris":["https:\/\/op.certification.openid.net:60103\/logout"],"jwks_uri":"https:\/\/connect.openid4.us\/connect4us.jwk","subject_type":"pairwise","default_max_age":3600,"require_auth_time":true,"response_types":["code"],"grant_types":["authorization_code"]}
__AuthorizationRequest:pre__
[check-response-type]
status: OK
description: Checks that the asked for response type are among the supported
[check-endpoint]
status: OK
description: Checks that the necessary endpoint exists at a server
__After completing the test flow:__
[verify-response]
status: OK
description: Checks that the last response was one of a possible set of OpenID Connect Responses
[verify-sub-value]
status: ERROR
description: Verifies that the sub claim returned in the id_token matched the asked for.
Trace output
0.000289 ------------ DiscoveryRequest ------------
0.000300 Provider info discover from 'https://connect.openid4.us'
0.000306 --> URL: https://connect.openid4.us/.well-known/openid-configuration
0.408733 ProviderConfigurationResponse: {
"authorization_endpoint": "https://connect.openid4.us/abop/op.php/auth",
"check_session_iframe": "https://connect.openid4.us/abop/opframe.php/1",
"claim_types_supported": [
"normal"
],
"claims_locales_supported": [
"en-US"
],
"claims_parameter_supported": true,
"claims_supported": [
"name",
"given_name",
"family_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"email",
"email_verified",
"gender",
"birthdate",
"zoneinfo",
"locale",
"phone_number",
"phone_number_verified",
"address",
"updated_at"
],
"display_values_supported": [
"page"
],
"end_session_endpoint": "https://connect.openid4.us/abop/op.php/endsession",
"grant_types_supported": [
"authorization_code",
"implicit"
],
"id_token_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP"
],
"id_token_encryption_enc_values_supported": [
"A128CBC-HS256",
"A256CBC-HS512",
"A128GCM",
"A256GCM"
],
"id_token_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"issuer": "https://connect.openid4.us",
"jwks_uri": "https://connect.openid4.us/connect4us.jwk",
"op_policy_uri": "https://connect.openid4.us/abop/op.php/op_policy",
"op_tos_uri": "https://connect.openid4.us/abop/op.php/op_tos",
"registration_endpoint": "https://connect.openid4.us/abop/op.php/registration",
"request_object_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP"
],
"request_object_encryption_enc_values_supported": [
"A128CBC-HS256",
"A256CBC-HS512",
"A128GCM",
"A256GCM"
],
"request_object_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_types_supported": [
"code",
"code token",
"code id_token",
"token",
"token id_token",
"code token id_token",
"id_token"
],
"scopes_supported": [
"openid",
"profile",
"email",
"address",
"phone",
"offline_access"
],
"service_documentation": "https://connect.openid4.us/abop/op.php/servicedocs",
"subject_types_supported": [
"public",
"pairwise"
],
"token_endpoint": "https://connect.openid4.us/abop/op.php/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"client_secret_jwt",
"private_key_jwt"
],
"token_endpoint_auth_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"ui_locales_supported": [
"en-US"
],
"userinfo_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP"
],
"userinfo_encryption_enc_values_supported": [
"A128CBC-HS256",
"A256CBC-HS512",
"A128GCM",
"A256GCM"
],
"userinfo_endpoint": "https://connect.openid4.us/abop/op.php/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"version": "3.0"
}
0.726239 JWKS: {
"keys": [
{
"e": "AQAB",
"kid": "ABOP-00",
"kty": "RSA",
"n": "tf_sB4M0sHearRLzz1q1JRgRdRnwk0lz-IcVDFlpp2dtDVyA-ZM8Tu1swp7upaTNykf7cp3Ne_6uW3JiKvRMDdNdvHWCzDHmbmZWGdnFF9Ve-D1cUxj4ETVpUM7AIXWbGs34fUNYl3Xzc4baSyvYbc3h6iz8AIdb_1bQLxJsHBi-ydg3NMJItgQJqBiwCmQYCOnJlekR-Ga2a5XlIx46Wsj3Pz0t0dzM8gVSU9fU3QrKKzDFCoFHTgig1YZNNW5W2H6QwANL5h-nbgre5sWmDmdnfiU6Pj5GOQDmp__rweinph8OAFNF6jVqrRZ3QJEmMnO42naWOsxV2FAUXafksQ"
}
]
}
0.727140 ------------ RegistrationRequest ------------
0.727520 --> URL: https://connect.openid4.us/abop/op.php/registration
0.727527 --> BODY: {"subject_type": "pairwise", "jwks_uri": "https://op.certification.openid.net:60103/export/jwk_60103.json", "contacts": ["roland.hedberg at umu.se"], "application_type": "web", "grant_types": ["authorization_code"], "post_logout_redirect_uris": ["https://op.certification.openid.net:60103/logout"], "redirect_uris": ["https://op.certification.openid.net:60103/authz_cb", "https://op.certification.openid.net:60103/cb"], "response_types": ["code"], "require_auth_time": true, "default_max_age": 3600}
0.727536 --> HEADERS: {'Content-type': 'application/json'}
1.174447 <-- STATUS: 200
1.174544 <-- BODY: {"client_id":"VFkSxoGnFJ8Vzx69ZwmWYQ","client_secret":"t-8M1Ac8LIvqeQ","registration_access_token":"MnEoky8OEeOivQ","registration_client_uri":"https:\/\/connect.openid4.us\/abop\/op.php\/client\/I5iKGQ3GCu4ZMX7GcCJ3eA","client_id_issued_at":1426719365,"client_secret_expires_at":0,"contacts":["roland.hedberg at umu.se"],"application_type":"web","redirect_uris":["https:\/\/op.certification.openid.net:60103\/authz_cb","https:\/\/op.certification.openid.net:60103\/cb"],"post_logout_redirect_uris":["https:\/\/op.certification.openid.net:60103\/logout"],"jwks_uri":"https:\/\/op.certification.openid.net:60103\/export\/jwk_60103.json","subject_type":"pairwise","default_max_age":3600,"require_auth_time":true,"response_types":["code"],"grant_types":["authorization_code"]}
1.175232 RegistrationResponse: {
"application_type": "web",
"client_id": "VFkSxoGnFJ8Vzx69ZwmWYQ",
"client_id_issued_at": 1426719365,
"client_secret": "t-8M1Ac8LIvqeQ",
"client_secret_expires_at": 0,
"contacts": [
"roland.hedberg at umu.se"
],
"default_max_age": 3600,
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:60103/export/jwk_60103.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:60103/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:60103/authz_cb",
"https://op.certification.openid.net:60103/cb"
],
"registration_access_token": "MnEoky8OEeOivQ",
"registration_client_uri": "https://connect.openid4.us/abop/op.php/client/I5iKGQ3GCu4ZMX7GcCJ3eA",
"require_auth_time": true,
"response_types": [
"code"
],
"subject_type": "pairwise"
}
1.176608 ------------ AuthorizationRequest ------------
1.176965 --> URL: https://connect.openid4.us/abop/op.php/auth?scope=openid&state=daRju35lS25Z3dgy&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60103%2Fauthz_cb&response_type=code&client_id=VFkSxoGnFJ8Vzx69ZwmWYQ
1.176973 --> BODY: None
3.195025 <-- state=daRju35lS25Z3dgy&session_state=3ba5ae031c7a010c61ac71b33752dec5e8ba3e2c256311f84bcaab48139be0bf.ff5ee5315d0871b3ab10509bc8e93496&code=1eiIuqpbOGHTZTHqqzOFMgU2ReXPHZ63z9QuF7zA4wY
3.195326 AuthorizationResponse: {
"code": "1eiIuqpbOGHTZTHqqzOFMgU2ReXPHZ63z9QuF7zA4wY",
"session_state": "3ba5ae031c7a010c61ac71b33752dec5e8ba3e2c256311f84bcaab48139be0bf.ff5ee5315d0871b3ab10509bc8e93496",
"state": "daRju35lS25Z3dgy"
}
3.195647 ------------ AccessTokenRequest ------------
3.195961 --> URL: https://connect.openid4.us/abop/op.php/token
3.195967 --> BODY: code=1eiIuqpbOGHTZTHqqzOFMgU2ReXPHZ63z9QuF7zA4wY&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60103%2Fauthz_cb
3.195976 --> HEADERS: {'Content-type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic VkZrU3hvR25GSjhWeng2OVp3bVdZUTp0LThNMUFjOExJdnFlUQ=='}
3.616023 <-- STATUS: 200
3.616138 <-- BODY: {"access_token":"x9HZkHgkt9W6or4EjSchHRYE7MeahQsuKEFtfiugsk8","token_type":"Bearer","expires_in":3600,"id_token":"eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXNcL2Nvbm5lY3Q0dXMuandrIiwia2lkIjoiQUJPUC0wMCJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzIiwic3ViIjoiYzBjZjM5YTMzMzJlMGE5ZWQ4MmM0MDYwZDBmNDcwYzgyMTM4ZGYwNTdhNGZjYzY1MTNmZDc1MWYyYjBlZWFhYiIsImF1ZCI6WyJWRmtTeG9HbkZKOFZ6eDY5WndtV1lRIl0sImV4cCI6MTQyNjcxOTY2OCwiaWF0IjoxNDI2NzE5MzY4LCJhdXRoX3RpbWUiOjE0MjY3MTg2NzJ9.gfNfHF9lIIDUQFXf37BgguYuGSz5wQfc6QCn55DuMo1W9g1yyD0S7CE46SffTjj8GBCtUC9l1O3uCmPbNqYTzs7_wRphyWHg996HZnjm163vkTwlF7I3VotfixrHiLVruVQSV7ft-pA1pNkN6iqiEn51gjZYHbdRA6dl8yRCSFh2mVkN8JkbJBqotbWDfR77dZGKowfLbkRPEUPSF5sR5aUi-xyxUDy-F9nl8ivqNB_N-W61DT0mJrMaKL2SXkMhb8ySAEgEY69VJTfNhF15zjEiDPtCpVCqkYLjfE-6pz2opebDVILZXNzxbKkBu7HaU5yPhiS2TKZBmMZJh6YahA"}
3.932811 AccessTokenResponse: {
"access_token": "x9HZkHgkt9W6or4EjSchHRYE7MeahQsuKEFtfiugsk8",
"expires_in": 3600,
"id_token": {
"claims": {
"aud": [
"VFkSxoGnFJ8Vzx69ZwmWYQ"
],
"auth_time": 1426718672,
"exp": 1426719668,
"iat": 1426719368,
"iss": "https://connect.openid4.us",
"sub": "c0cf39a3332e0a9ed82c4060d0f470c82138df057a4fcc6513fd751f2b0eeaab"
},
"jws header parameters": {
"alg": "RS256",
"jku": "https://connect.openid4.us/connect4us.jwk",
"kid": "ABOP-00"
}
},
"token_type": "Bearer"
}
14.884051 ------------ DiscoveryRequest ------------
14.884068 Provider info discover from 'https://connect.openid4.us'
14.884076 --> URL: https://connect.openid4.us/.well-known/openid-configuration
15.281320 ProviderConfigurationResponse: {
"authorization_endpoint": "https://connect.openid4.us/abop/op.php/auth",
"check_session_iframe": "https://connect.openid4.us/abop/opframe.php/1",
"claim_types_supported": [
"normal"
],
"claims_locales_supported": [
"en-US"
],
"claims_parameter_supported": true,
"claims_supported": [
"name",
"given_name",
"family_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"email",
"email_verified",
"gender",
"birthdate",
"zoneinfo",
"locale",
"phone_number",
"phone_number_verified",
"address",
"updated_at"
],
"display_values_supported": [
"page"
],
"end_session_endpoint": "https://connect.openid4.us/abop/op.php/endsession",
"grant_types_supported": [
"authorization_code",
"implicit"
],
"id_token_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP"
],
"id_token_encryption_enc_values_supported": [
"A128CBC-HS256",
"A256CBC-HS512",
"A128GCM",
"A256GCM"
],
"id_token_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"issuer": "https://connect.openid4.us",
"jwks_uri": "https://connect.openid4.us/connect4us.jwk",
"op_policy_uri": "https://connect.openid4.us/abop/op.php/op_policy",
"op_tos_uri": "https://connect.openid4.us/abop/op.php/op_tos",
"registration_endpoint": "https://connect.openid4.us/abop/op.php/registration",
"request_object_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP"
],
"request_object_encryption_enc_values_supported": [
"A128CBC-HS256",
"A256CBC-HS512",
"A128GCM",
"A256GCM"
],
"request_object_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_types_supported": [
"code",
"code token",
"code id_token",
"token",
"token id_token",
"code token id_token",
"id_token"
],
"scopes_supported": [
"openid",
"profile",
"email",
"address",
"phone",
"offline_access"
],
"service_documentation": "https://connect.openid4.us/abop/op.php/servicedocs",
"subject_types_supported": [
"public",
"pairwise"
],
"token_endpoint": "https://connect.openid4.us/abop/op.php/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"client_secret_jwt",
"private_key_jwt"
],
"token_endpoint_auth_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"ui_locales_supported": [
"en-US"
],
"userinfo_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP"
],
"userinfo_encryption_enc_values_supported": [
"A128CBC-HS256",
"A256CBC-HS512",
"A128GCM",
"A256GCM"
],
"userinfo_endpoint": "https://connect.openid4.us/abop/op.php/userinfo",
"userinfo_signing_alg_values_supported": [
"none",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"version": "3.0"
}
15.589948 JWKS: {
"keys": [
{
"e": "AQAB",
"kid": "ABOP-00",
"kty": "RSA",
"n": "tf_sB4M0sHearRLzz1q1JRgRdRnwk0lz-IcVDFlpp2dtDVyA-ZM8Tu1swp7upaTNykf7cp3Ne_6uW3JiKvRMDdNdvHWCzDHmbmZWGdnFF9Ve-D1cUxj4ETVpUM7AIXWbGs34fUNYl3Xzc4baSyvYbc3h6iz8AIdb_1bQLxJsHBi-ydg3NMJItgQJqBiwCmQYCOnJlekR-Ga2a5XlIx46Wsj3Pz0t0dzM8gVSU9fU3QrKKzDFCoFHTgig1YZNNW5W2H6QwANL5h-nbgre5sWmDmdnfiU6Pj5GOQDmp__rweinph8OAFNF6jVqrRZ3QJEmMnO42naWOsxV2FAUXafksQ"
}
]
}
15.939387 JWKS: {
"keys": [
{
"e": "AQAB",
"kid": "ABOP-00",
"kty": "RSA",
"n": "tf_sB4M0sHearRLzz1q1JRgRdRnwk0lz-IcVDFlpp2dtDVyA-ZM8Tu1swp7upaTNykf7cp3Ne_6uW3JiKvRMDdNdvHWCzDHmbmZWGdnFF9Ve-D1cUxj4ETVpUM7AIXWbGs34fUNYl3Xzc4baSyvYbc3h6iz8AIdb_1bQLxJsHBi-ydg3NMJItgQJqBiwCmQYCOnJlekR-Ga2a5XlIx46Wsj3Pz0t0dzM8gVSU9fU3QrKKzDFCoFHTgig1YZNNW5W2H6QwANL5h-nbgre5sWmDmdnfiU6Pj5GOQDmp__rweinph8OAFNF6jVqrRZ3QJEmMnO42naWOsxV2FAUXafksQ"
}
]
}
15.940460 ------------ RegistrationRequest ------------
15.940842 --> URL: https://connect.openid4.us/abop/op.php/registration
15.940850 --> BODY: {"subject_type": "pairwise", "jwks_uri": "https://connect.openid4.us/connect4us.jwk", "contacts": ["roland.hedberg at umu.se"], "application_type": "web", "grant_types": ["authorization_code"], "post_logout_redirect_uris": ["https://op.certification.openid.net:60103/logout"], "redirect_uris": ["https://op.certification.openid.net:60103/authz_cb", "https://op.certification.openid.net:60103/cb"], "response_types": ["code"], "require_auth_time": true, "default_max_age": 3600}
15.940860 --> HEADERS: {'Content-type': 'application/json'}
16.342893 <-- STATUS: 200
16.342978 <-- BODY: {"client_id":"Y2HySPeP559F6wuBrhE_7A","client_secret":"yjyM3nFgtqVYHA","registration_access_token":"XH80f1wH1xGzPg","registration_client_uri":"https:\/\/connect.openid4.us\/abop\/op.php\/client\/gh9YVBO85BFVa9TkqL6xqw","client_id_issued_at":1426719380,"client_secret_expires_at":0,"contacts":["roland.hedberg at umu.se"],"application_type":"web","redirect_uris":["https:\/\/op.certification.openid.net:60103\/authz_cb","https:\/\/op.certification.openid.net:60103\/cb"],"post_logout_redirect_uris":["https:\/\/op.certification.openid.net:60103\/logout"],"jwks_uri":"https:\/\/connect.openid4.us\/connect4us.jwk","subject_type":"pairwise","default_max_age":3600,"require_auth_time":true,"response_types":["code"],"grant_types":["authorization_code"]}
16.343657 RegistrationResponse: {
"application_type": "web",
"client_id": "Y2HySPeP559F6wuBrhE_7A",
"client_id_issued_at": 1426719380,
"client_secret": "yjyM3nFgtqVYHA",
"client_secret_expires_at": 0,
"contacts": [
"roland.hedberg at umu.se"
],
"default_max_age": 3600,
"grant_types": [
"authorization_code"
],
"jwks_uri": "https://connect.openid4.us/connect4us.jwk",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:60103/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:60103/authz_cb",
"https://op.certification.openid.net:60103/cb"
],
"registration_access_token": "XH80f1wH1xGzPg",
"registration_client_uri": "https://connect.openid4.us/abop/op.php/client/gh9YVBO85BFVa9TkqL6xqw",
"require_auth_time": true,
"response_types": [
"code"
],
"subject_type": "pairwise"
}
16.345440 ------------ AuthorizationRequest ------------
16.346045 --> URL: https://connect.openid4.us/abop/op.php/auth?state=CFyDYtirPVUlkGdU&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60103%2Fauthz_cb&response_type=code&client_id=Y2HySPeP559F6wuBrhE_7A&claims=%7B%22id_token%22%3A+%7B%22sub%22%3A+%22%7B%5C%22value%5C%22%3A+%5C%22c0cf39a3332e0a9ed82c4060d0f470c82138df057a4fcc6513fd751f2b0eeaab%5C%22%7D%22%7D%7D&scope=openid
16.346053 --> BODY: None
173.036585 <-- state=CFyDYtirPVUlkGdU&session_state=20061cba0ef1ea2707025bd6ef4913a3b7902de72b99425347df7da3d37c2879.4204230a991d780196beea69e1382a8e&code=mrvFuBgqYDCVvG_9ofYWAb0LsjUwoEdOEv3PXzQsp8Q
173.036935 AuthorizationResponse: {
"code": "mrvFuBgqYDCVvG_9ofYWAb0LsjUwoEdOEv3PXzQsp8Q",
"session_state": "20061cba0ef1ea2707025bd6ef4913a3b7902de72b99425347df7da3d37c2879.4204230a991d780196beea69e1382a8e",
"state": "CFyDYtirPVUlkGdU"
}
173.037314 ------------ AccessTokenRequest ------------
173.037681 --> URL: https://connect.openid4.us/abop/op.php/token
173.037687 --> BODY: code=mrvFuBgqYDCVvG_9ofYWAb0LsjUwoEdOEv3PXzQsp8Q&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60103%2Fauthz_cb
173.037698 --> HEADERS: {'Content-type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic WTJIeVNQZVA1NTlGNnd1QnJoRV83QTp5anlNM25GZ3RxVllIQQ=='}
173.465394 <-- STATUS: 200
173.465511 <-- BODY: {"access_token":"gtXzpq5ssCck_jhfeTmjIF5HLhW9QBk8jIXLtNL5zbI","token_type":"Bearer","expires_in":3600,"id_token":"eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXNcL2Nvbm5lY3Q0dXMuandrIiwia2lkIjoiQUJPUC0wMCJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzIiwic3ViIjoiYTZlMmM4ZjllZjViZWQ5YjNjNDIyMTY5NDNmMjY3ZjEzMWYwNTc4ZTk3ZDhlY2ViMmE2NGUwNzFmMjYwZTRjYSIsImF1ZCI6WyJZMkh5U1BlUDU1OUY2d3VCcmhFXzdBIl0sImV4cCI6MTQyNjcxOTgzOCwiaWF0IjoxNDI2NzE5NTM4LCJhdXRoX3RpbWUiOjE0MjY3MTk1MzV9.pBwKLFiL7VSb3UweuzVRdbet5IPlmPIqOKsLE253vilIrzi5yWTKzj23K3mVIJGjyXqhTircg3BZ28tRIiTnLlhKK3hzWg8pdIWe2jJUz3Odw5_g5SH6Guk9xQUBJSQnSngi5z3l_LikFd19Fht12rksu0KW6AooZbXWPw81SJR4lTFViyi6tyKf2mGb3lB-AoKVavMXwNlvI4Xz0sx230PVJWEUe4FdrlUlM72Hc5oVmqfEzCF_hwi5xlZCPjG-pHauCjPOjxbHj655vdjViC53mxhpiS1PzlnftmEp_i9zlumz2UXiAEZIvREbhBvyoOTM9NHiGO5HMNZmf8Db8A"}
173.763633 AccessTokenResponse: {
"access_token": "gtXzpq5ssCck_jhfeTmjIF5HLhW9QBk8jIXLtNL5zbI",
"expires_in": 3600,
"id_token": {
"claims": {
"aud": [
"Y2HySPeP559F6wuBrhE_7A"
],
"auth_time": 1426719535,
"exp": 1426719838,
"iat": 1426719538,
"iss": "https://connect.openid4.us",
"sub": "a6e2c8f9ef5bed9b3c42216943f267f131f0578e97d8eceb2a64e071f260e4ca"
},
"jws header parameters": {
"alg": "RS256",
"jku": "https://connect.openid4.us/connect4us.jwk",
"kid": "ABOP-00"
}
},
"token_type": "Bearer"
}
Result
FAILED
```
More information about the Openid-specs-ab
mailing list