[Openid-specs-ab] Issue #108: OP-claims-sub (Support claims request specifying sub value) Invalid JSON in request (openid/certification)

Edmund Jay issues-reply at bitbucket.org
Wed Mar 18 23:03:51 UTC 2015


New issue 108: OP-claims-sub (Support claims request specifying sub value) Invalid JSON in request
https://bitbucket.org/openid/certification/issue/108/op-claims-sub-support-claims-request

Edmund Jay:

The test has 2 problems :

1) It performs registration twice and requests authentication with these 2 different client_id.
The result is that the "sub" value will never match for different clients when using pairwise subject types.

2) The claims parameter contains invalid JSON. The sub value should be an array with the value element set to the subject value. It is now a string value with the JSON syntax for an array.  E.g. 

{"id_token": {"sub": "{\\"value\\": \\"c0cf39a3332e0a9ed82c4060d0f470c82138df057a4fcc6513fd751f2b0eeaab\\"}"}}

It should be 

{"id_token": {"sub": {"value": "c0cf39a3332e0a9ed82c4060d0f470c82138df057a4fcc6513fd751f2b0eeaab"}}}


```
#!text

Test info

Profile: {'openid-configuration': 'config', 'extras': True, 'response_type': 'code', 'crypto': 'encrypt+sign', 'registration': 'dynamic'}
Test description: Support claims request specifying sub value [Extra]
Test ID: OP-claims-sub
Issuer: https://connect.openid4.us
Test output


__RegistrationRequest:post__
[check]
	status: INFORMATION
	description: Registration Response
	info: {"client_id":"VFkSxoGnFJ8Vzx69ZwmWYQ","client_secret":"t-8M1Ac8LIvqeQ","registration_access_token":"MnEoky8OEeOivQ","registration_client_uri":"https:\/\/connect.openid4.us\/abop\/op.php\/client\/I5iKGQ3GCu4ZMX7GcCJ3eA","client_id_issued_at":1426719365,"client_secret_expires_at":0,"contacts":["roland.hedberg at umu.se"],"application_type":"web","redirect_uris":["https:\/\/op.certification.openid.net:60103\/authz_cb","https:\/\/op.certification.openid.net:60103\/cb"],"post_logout_redirect_uris":["https:\/\/op.certification.openid.net:60103\/logout"],"jwks_uri":"https:\/\/op.certification.openid.net:60103\/export\/jwk_60103.json","subject_type":"pairwise","default_max_age":3600,"require_auth_time":true,"response_types":["code"],"grant_types":["authorization_code"]}
__AuthorizationRequest:pre__
[check-response-type]
	status: OK
	description: Checks that the asked for response type are among the supported
[check-endpoint]
	status: OK
	description: Checks that the necessary endpoint exists at a server
__RegistrationRequest:post__
[check]
	status: INFORMATION
	description: Registration Response
	info: {"client_id":"Y2HySPeP559F6wuBrhE_7A","client_secret":"yjyM3nFgtqVYHA","registration_access_token":"XH80f1wH1xGzPg","registration_client_uri":"https:\/\/connect.openid4.us\/abop\/op.php\/client\/gh9YVBO85BFVa9TkqL6xqw","client_id_issued_at":1426719380,"client_secret_expires_at":0,"contacts":["roland.hedberg at umu.se"],"application_type":"web","redirect_uris":["https:\/\/op.certification.openid.net:60103\/authz_cb","https:\/\/op.certification.openid.net:60103\/cb"],"post_logout_redirect_uris":["https:\/\/op.certification.openid.net:60103\/logout"],"jwks_uri":"https:\/\/connect.openid4.us\/connect4us.jwk","subject_type":"pairwise","default_max_age":3600,"require_auth_time":true,"response_types":["code"],"grant_types":["authorization_code"]}
__AuthorizationRequest:pre__
[check-response-type]
	status: OK
	description: Checks that the asked for response type are among the supported
[check-endpoint]
	status: OK
	description: Checks that the necessary endpoint exists at a server
__After completing the test flow:__
[verify-response]
	status: OK
	description: Checks that the last response was one of a possible set of OpenID Connect Responses
[verify-sub-value]
	status: ERROR
	description: Verifies that the sub claim returned in the id_token matched the asked for.
Trace output


0.000289 ------------ DiscoveryRequest ------------
0.000300 Provider info discover from 'https://connect.openid4.us'
0.000306 --> URL: https://connect.openid4.us/.well-known/openid-configuration
0.408733 ProviderConfigurationResponse: {
  "authorization_endpoint": "https://connect.openid4.us/abop/op.php/auth",
  "check_session_iframe": "https://connect.openid4.us/abop/opframe.php/1",
  "claim_types_supported": [
    "normal"
  ],
  "claims_locales_supported": [
    "en-US"
  ],
  "claims_parameter_supported": true,
  "claims_supported": [
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "preferred_username",
    "profile",
    "picture",
    "website",
    "email",
    "email_verified",
    "gender",
    "birthdate",
    "zoneinfo",
    "locale",
    "phone_number",
    "phone_number_verified",
    "address",
    "updated_at"
  ],
  "display_values_supported": [
    "page"
  ],
  "end_session_endpoint": "https://connect.openid4.us/abop/op.php/endsession",
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A256CBC-HS512",
    "A128GCM",
    "A256GCM"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "issuer": "https://connect.openid4.us",
  "jwks_uri": "https://connect.openid4.us/connect4us.jwk",
  "op_policy_uri": "https://connect.openid4.us/abop/op.php/op_policy",
  "op_tos_uri": "https://connect.openid4.us/abop/op.php/op_tos",
  "registration_endpoint": "https://connect.openid4.us/abop/op.php/registration",
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A256CBC-HS512",
    "A128GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "request_parameter_supported": true,
  "request_uri_parameter_supported": true,
  "require_request_uri_registration": false,
  "response_types_supported": [
    "code",
    "code token",
    "code id_token",
    "token",
    "token id_token",
    "code token id_token",
    "id_token"
  ],
  "scopes_supported": [
    "openid",
    "profile",
    "email",
    "address",
    "phone",
    "offline_access"
  ],
  "service_documentation": "https://connect.openid4.us/abop/op.php/servicedocs",
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "token_endpoint": "https://connect.openid4.us/abop/op.php/token",
  "token_endpoint_auth_methods_supported": [
    "client_secret_post",
    "client_secret_basic",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "ui_locales_supported": [
    "en-US"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A256CBC-HS512",
    "A128GCM",
    "A256GCM"
  ],
  "userinfo_endpoint": "https://connect.openid4.us/abop/op.php/userinfo",
  "userinfo_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "version": "3.0"
}
0.726239 JWKS: {
  "keys": [
    {
      "e": "AQAB",
      "kid": "ABOP-00",
      "kty": "RSA",
      "n": "tf_sB4M0sHearRLzz1q1JRgRdRnwk0lz-IcVDFlpp2dtDVyA-ZM8Tu1swp7upaTNykf7cp3Ne_6uW3JiKvRMDdNdvHWCzDHmbmZWGdnFF9Ve-D1cUxj4ETVpUM7AIXWbGs34fUNYl3Xzc4baSyvYbc3h6iz8AIdb_1bQLxJsHBi-ydg3NMJItgQJqBiwCmQYCOnJlekR-Ga2a5XlIx46Wsj3Pz0t0dzM8gVSU9fU3QrKKzDFCoFHTgig1YZNNW5W2H6QwANL5h-nbgre5sWmDmdnfiU6Pj5GOQDmp__rweinph8OAFNF6jVqrRZ3QJEmMnO42naWOsxV2FAUXafksQ"
    }
  ]
}
0.727140 ------------ RegistrationRequest ------------
0.727520 --> URL: https://connect.openid4.us/abop/op.php/registration
0.727527 --> BODY: {"subject_type": "pairwise", "jwks_uri": "https://op.certification.openid.net:60103/export/jwk_60103.json", "contacts": ["roland.hedberg at umu.se"], "application_type": "web", "grant_types": ["authorization_code"], "post_logout_redirect_uris": ["https://op.certification.openid.net:60103/logout"], "redirect_uris": ["https://op.certification.openid.net:60103/authz_cb", "https://op.certification.openid.net:60103/cb"], "response_types": ["code"], "require_auth_time": true, "default_max_age": 3600}
0.727536 --> HEADERS: {'Content-type': 'application/json'}
1.174447 <-- STATUS: 200
1.174544 <-- BODY: {"client_id":"VFkSxoGnFJ8Vzx69ZwmWYQ","client_secret":"t-8M1Ac8LIvqeQ","registration_access_token":"MnEoky8OEeOivQ","registration_client_uri":"https:\/\/connect.openid4.us\/abop\/op.php\/client\/I5iKGQ3GCu4ZMX7GcCJ3eA","client_id_issued_at":1426719365,"client_secret_expires_at":0,"contacts":["roland.hedberg at umu.se"],"application_type":"web","redirect_uris":["https:\/\/op.certification.openid.net:60103\/authz_cb","https:\/\/op.certification.openid.net:60103\/cb"],"post_logout_redirect_uris":["https:\/\/op.certification.openid.net:60103\/logout"],"jwks_uri":"https:\/\/op.certification.openid.net:60103\/export\/jwk_60103.json","subject_type":"pairwise","default_max_age":3600,"require_auth_time":true,"response_types":["code"],"grant_types":["authorization_code"]}
1.175232 RegistrationResponse: {
  "application_type": "web",
  "client_id": "VFkSxoGnFJ8Vzx69ZwmWYQ",
  "client_id_issued_at": 1426719365,
  "client_secret": "t-8M1Ac8LIvqeQ",
  "client_secret_expires_at": 0,
  "contacts": [
    "roland.hedberg at umu.se"
  ],
  "default_max_age": 3600,
  "grant_types": [
    "authorization_code"
  ],
  "jwks_uri": "https://op.certification.openid.net:60103/export/jwk_60103.json",
  "post_logout_redirect_uris": [
    "https://op.certification.openid.net:60103/logout"
  ],
  "redirect_uris": [
    "https://op.certification.openid.net:60103/authz_cb",
    "https://op.certification.openid.net:60103/cb"
  ],
  "registration_access_token": "MnEoky8OEeOivQ",
  "registration_client_uri": "https://connect.openid4.us/abop/op.php/client/I5iKGQ3GCu4ZMX7GcCJ3eA",
  "require_auth_time": true,
  "response_types": [
    "code"
  ],
  "subject_type": "pairwise"
}
1.176608 ------------ AuthorizationRequest ------------
1.176965 --> URL: https://connect.openid4.us/abop/op.php/auth?scope=openid&state=daRju35lS25Z3dgy&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60103%2Fauthz_cb&response_type=code&client_id=VFkSxoGnFJ8Vzx69ZwmWYQ
1.176973 --> BODY: None
3.195025 <-- state=daRju35lS25Z3dgy&session_state=3ba5ae031c7a010c61ac71b33752dec5e8ba3e2c256311f84bcaab48139be0bf.ff5ee5315d0871b3ab10509bc8e93496&code=1eiIuqpbOGHTZTHqqzOFMgU2ReXPHZ63z9QuF7zA4wY
3.195326 AuthorizationResponse: {
  "code": "1eiIuqpbOGHTZTHqqzOFMgU2ReXPHZ63z9QuF7zA4wY",
  "session_state": "3ba5ae031c7a010c61ac71b33752dec5e8ba3e2c256311f84bcaab48139be0bf.ff5ee5315d0871b3ab10509bc8e93496",
  "state": "daRju35lS25Z3dgy"
}
3.195647 ------------ AccessTokenRequest ------------
3.195961 --> URL: https://connect.openid4.us/abop/op.php/token
3.195967 --> BODY: code=1eiIuqpbOGHTZTHqqzOFMgU2ReXPHZ63z9QuF7zA4wY&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60103%2Fauthz_cb
3.195976 --> HEADERS: {'Content-type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic VkZrU3hvR25GSjhWeng2OVp3bVdZUTp0LThNMUFjOExJdnFlUQ=='}
3.616023 <-- STATUS: 200
3.616138 <-- BODY: {"access_token":"x9HZkHgkt9W6or4EjSchHRYE7MeahQsuKEFtfiugsk8","token_type":"Bearer","expires_in":3600,"id_token":"eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXNcL2Nvbm5lY3Q0dXMuandrIiwia2lkIjoiQUJPUC0wMCJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzIiwic3ViIjoiYzBjZjM5YTMzMzJlMGE5ZWQ4MmM0MDYwZDBmNDcwYzgyMTM4ZGYwNTdhNGZjYzY1MTNmZDc1MWYyYjBlZWFhYiIsImF1ZCI6WyJWRmtTeG9HbkZKOFZ6eDY5WndtV1lRIl0sImV4cCI6MTQyNjcxOTY2OCwiaWF0IjoxNDI2NzE5MzY4LCJhdXRoX3RpbWUiOjE0MjY3MTg2NzJ9.gfNfHF9lIIDUQFXf37BgguYuGSz5wQfc6QCn55DuMo1W9g1yyD0S7CE46SffTjj8GBCtUC9l1O3uCmPbNqYTzs7_wRphyWHg996HZnjm163vkTwlF7I3VotfixrHiLVruVQSV7ft-pA1pNkN6iqiEn51gjZYHbdRA6dl8yRCSFh2mVkN8JkbJBqotbWDfR77dZGKowfLbkRPEUPSF5sR5aUi-xyxUDy-F9nl8ivqNB_N-W61DT0mJrMaKL2SXkMhb8ySAEgEY69VJTfNhF15zjEiDPtCpVCqkYLjfE-6pz2opebDVILZXNzxbKkBu7HaU5yPhiS2TKZBmMZJh6YahA"}
3.932811 AccessTokenResponse: {
  "access_token": "x9HZkHgkt9W6or4EjSchHRYE7MeahQsuKEFtfiugsk8",
  "expires_in": 3600,
  "id_token": {
    "claims": {
      "aud": [
        "VFkSxoGnFJ8Vzx69ZwmWYQ"
      ],
      "auth_time": 1426718672,
      "exp": 1426719668,
      "iat": 1426719368,
      "iss": "https://connect.openid4.us",
      "sub": "c0cf39a3332e0a9ed82c4060d0f470c82138df057a4fcc6513fd751f2b0eeaab"
    },
    "jws header parameters": {
      "alg": "RS256",
      "jku": "https://connect.openid4.us/connect4us.jwk",
      "kid": "ABOP-00"
    }
  },
  "token_type": "Bearer"
}
14.884051 ------------ DiscoveryRequest ------------
14.884068 Provider info discover from 'https://connect.openid4.us'
14.884076 --> URL: https://connect.openid4.us/.well-known/openid-configuration
15.281320 ProviderConfigurationResponse: {
  "authorization_endpoint": "https://connect.openid4.us/abop/op.php/auth",
  "check_session_iframe": "https://connect.openid4.us/abop/opframe.php/1",
  "claim_types_supported": [
    "normal"
  ],
  "claims_locales_supported": [
    "en-US"
  ],
  "claims_parameter_supported": true,
  "claims_supported": [
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "preferred_username",
    "profile",
    "picture",
    "website",
    "email",
    "email_verified",
    "gender",
    "birthdate",
    "zoneinfo",
    "locale",
    "phone_number",
    "phone_number_verified",
    "address",
    "updated_at"
  ],
  "display_values_supported": [
    "page"
  ],
  "end_session_endpoint": "https://connect.openid4.us/abop/op.php/endsession",
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A256CBC-HS512",
    "A128GCM",
    "A256GCM"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "issuer": "https://connect.openid4.us",
  "jwks_uri": "https://connect.openid4.us/connect4us.jwk",
  "op_policy_uri": "https://connect.openid4.us/abop/op.php/op_policy",
  "op_tos_uri": "https://connect.openid4.us/abop/op.php/op_tos",
  "registration_endpoint": "https://connect.openid4.us/abop/op.php/registration",
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A256CBC-HS512",
    "A128GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "request_parameter_supported": true,
  "request_uri_parameter_supported": true,
  "require_request_uri_registration": false,
  "response_types_supported": [
    "code",
    "code token",
    "code id_token",
    "token",
    "token id_token",
    "code token id_token",
    "id_token"
  ],
  "scopes_supported": [
    "openid",
    "profile",
    "email",
    "address",
    "phone",
    "offline_access"
  ],
  "service_documentation": "https://connect.openid4.us/abop/op.php/servicedocs",
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "token_endpoint": "https://connect.openid4.us/abop/op.php/token",
  "token_endpoint_auth_methods_supported": [
    "client_secret_post",
    "client_secret_basic",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "ui_locales_supported": [
    "en-US"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A256CBC-HS512",
    "A128GCM",
    "A256GCM"
  ],
  "userinfo_endpoint": "https://connect.openid4.us/abop/op.php/userinfo",
  "userinfo_signing_alg_values_supported": [
    "none",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "version": "3.0"
}
15.589948 JWKS: {
  "keys": [
    {
      "e": "AQAB",
      "kid": "ABOP-00",
      "kty": "RSA",
      "n": "tf_sB4M0sHearRLzz1q1JRgRdRnwk0lz-IcVDFlpp2dtDVyA-ZM8Tu1swp7upaTNykf7cp3Ne_6uW3JiKvRMDdNdvHWCzDHmbmZWGdnFF9Ve-D1cUxj4ETVpUM7AIXWbGs34fUNYl3Xzc4baSyvYbc3h6iz8AIdb_1bQLxJsHBi-ydg3NMJItgQJqBiwCmQYCOnJlekR-Ga2a5XlIx46Wsj3Pz0t0dzM8gVSU9fU3QrKKzDFCoFHTgig1YZNNW5W2H6QwANL5h-nbgre5sWmDmdnfiU6Pj5GOQDmp__rweinph8OAFNF6jVqrRZ3QJEmMnO42naWOsxV2FAUXafksQ"
    }
  ]
}
15.939387 JWKS: {
  "keys": [
    {
      "e": "AQAB",
      "kid": "ABOP-00",
      "kty": "RSA",
      "n": "tf_sB4M0sHearRLzz1q1JRgRdRnwk0lz-IcVDFlpp2dtDVyA-ZM8Tu1swp7upaTNykf7cp3Ne_6uW3JiKvRMDdNdvHWCzDHmbmZWGdnFF9Ve-D1cUxj4ETVpUM7AIXWbGs34fUNYl3Xzc4baSyvYbc3h6iz8AIdb_1bQLxJsHBi-ydg3NMJItgQJqBiwCmQYCOnJlekR-Ga2a5XlIx46Wsj3Pz0t0dzM8gVSU9fU3QrKKzDFCoFHTgig1YZNNW5W2H6QwANL5h-nbgre5sWmDmdnfiU6Pj5GOQDmp__rweinph8OAFNF6jVqrRZ3QJEmMnO42naWOsxV2FAUXafksQ"
    }
  ]
}
15.940460 ------------ RegistrationRequest ------------
15.940842 --> URL: https://connect.openid4.us/abop/op.php/registration
15.940850 --> BODY: {"subject_type": "pairwise", "jwks_uri": "https://connect.openid4.us/connect4us.jwk", "contacts": ["roland.hedberg at umu.se"], "application_type": "web", "grant_types": ["authorization_code"], "post_logout_redirect_uris": ["https://op.certification.openid.net:60103/logout"], "redirect_uris": ["https://op.certification.openid.net:60103/authz_cb", "https://op.certification.openid.net:60103/cb"], "response_types": ["code"], "require_auth_time": true, "default_max_age": 3600}
15.940860 --> HEADERS: {'Content-type': 'application/json'}
16.342893 <-- STATUS: 200
16.342978 <-- BODY: {"client_id":"Y2HySPeP559F6wuBrhE_7A","client_secret":"yjyM3nFgtqVYHA","registration_access_token":"XH80f1wH1xGzPg","registration_client_uri":"https:\/\/connect.openid4.us\/abop\/op.php\/client\/gh9YVBO85BFVa9TkqL6xqw","client_id_issued_at":1426719380,"client_secret_expires_at":0,"contacts":["roland.hedberg at umu.se"],"application_type":"web","redirect_uris":["https:\/\/op.certification.openid.net:60103\/authz_cb","https:\/\/op.certification.openid.net:60103\/cb"],"post_logout_redirect_uris":["https:\/\/op.certification.openid.net:60103\/logout"],"jwks_uri":"https:\/\/connect.openid4.us\/connect4us.jwk","subject_type":"pairwise","default_max_age":3600,"require_auth_time":true,"response_types":["code"],"grant_types":["authorization_code"]}
16.343657 RegistrationResponse: {
  "application_type": "web",
  "client_id": "Y2HySPeP559F6wuBrhE_7A",
  "client_id_issued_at": 1426719380,
  "client_secret": "yjyM3nFgtqVYHA",
  "client_secret_expires_at": 0,
  "contacts": [
    "roland.hedberg at umu.se"
  ],
  "default_max_age": 3600,
  "grant_types": [
    "authorization_code"
  ],
  "jwks_uri": "https://connect.openid4.us/connect4us.jwk",
  "post_logout_redirect_uris": [
    "https://op.certification.openid.net:60103/logout"
  ],
  "redirect_uris": [
    "https://op.certification.openid.net:60103/authz_cb",
    "https://op.certification.openid.net:60103/cb"
  ],
  "registration_access_token": "XH80f1wH1xGzPg",
  "registration_client_uri": "https://connect.openid4.us/abop/op.php/client/gh9YVBO85BFVa9TkqL6xqw",
  "require_auth_time": true,
  "response_types": [
    "code"
  ],
  "subject_type": "pairwise"
}
16.345440 ------------ AuthorizationRequest ------------
16.346045 --> URL: https://connect.openid4.us/abop/op.php/auth?state=CFyDYtirPVUlkGdU&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60103%2Fauthz_cb&response_type=code&client_id=Y2HySPeP559F6wuBrhE_7A&claims=%7B%22id_token%22%3A+%7B%22sub%22%3A+%22%7B%5C%22value%5C%22%3A+%5C%22c0cf39a3332e0a9ed82c4060d0f470c82138df057a4fcc6513fd751f2b0eeaab%5C%22%7D%22%7D%7D&scope=openid
16.346053 --> BODY: None
173.036585 <-- state=CFyDYtirPVUlkGdU&session_state=20061cba0ef1ea2707025bd6ef4913a3b7902de72b99425347df7da3d37c2879.4204230a991d780196beea69e1382a8e&code=mrvFuBgqYDCVvG_9ofYWAb0LsjUwoEdOEv3PXzQsp8Q
173.036935 AuthorizationResponse: {
  "code": "mrvFuBgqYDCVvG_9ofYWAb0LsjUwoEdOEv3PXzQsp8Q",
  "session_state": "20061cba0ef1ea2707025bd6ef4913a3b7902de72b99425347df7da3d37c2879.4204230a991d780196beea69e1382a8e",
  "state": "CFyDYtirPVUlkGdU"
}
173.037314 ------------ AccessTokenRequest ------------
173.037681 --> URL: https://connect.openid4.us/abop/op.php/token
173.037687 --> BODY: code=mrvFuBgqYDCVvG_9ofYWAb0LsjUwoEdOEv3PXzQsp8Q&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60103%2Fauthz_cb
173.037698 --> HEADERS: {'Content-type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic WTJIeVNQZVA1NTlGNnd1QnJoRV83QTp5anlNM25GZ3RxVllIQQ=='}
173.465394 <-- STATUS: 200
173.465511 <-- BODY: {"access_token":"gtXzpq5ssCck_jhfeTmjIF5HLhW9QBk8jIXLtNL5zbI","token_type":"Bearer","expires_in":3600,"id_token":"eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOlwvXC9jb25uZWN0Lm9wZW5pZDQudXNcL2Nvbm5lY3Q0dXMuandrIiwia2lkIjoiQUJPUC0wMCJ9.eyJpc3MiOiJodHRwczpcL1wvY29ubmVjdC5vcGVuaWQ0LnVzIiwic3ViIjoiYTZlMmM4ZjllZjViZWQ5YjNjNDIyMTY5NDNmMjY3ZjEzMWYwNTc4ZTk3ZDhlY2ViMmE2NGUwNzFmMjYwZTRjYSIsImF1ZCI6WyJZMkh5U1BlUDU1OUY2d3VCcmhFXzdBIl0sImV4cCI6MTQyNjcxOTgzOCwiaWF0IjoxNDI2NzE5NTM4LCJhdXRoX3RpbWUiOjE0MjY3MTk1MzV9.pBwKLFiL7VSb3UweuzVRdbet5IPlmPIqOKsLE253vilIrzi5yWTKzj23K3mVIJGjyXqhTircg3BZ28tRIiTnLlhKK3hzWg8pdIWe2jJUz3Odw5_g5SH6Guk9xQUBJSQnSngi5z3l_LikFd19Fht12rksu0KW6AooZbXWPw81SJR4lTFViyi6tyKf2mGb3lB-AoKVavMXwNlvI4Xz0sx230PVJWEUe4FdrlUlM72Hc5oVmqfEzCF_hwi5xlZCPjG-pHauCjPOjxbHj655vdjViC53mxhpiS1PzlnftmEp_i9zlumz2UXiAEZIvREbhBvyoOTM9NHiGO5HMNZmf8Db8A"}
173.763633 AccessTokenResponse: {
  "access_token": "gtXzpq5ssCck_jhfeTmjIF5HLhW9QBk8jIXLtNL5zbI",
  "expires_in": 3600,
  "id_token": {
    "claims": {
      "aud": [
        "Y2HySPeP559F6wuBrhE_7A"
      ],
      "auth_time": 1426719535,
      "exp": 1426719838,
      "iat": 1426719538,
      "iss": "https://connect.openid4.us",
      "sub": "a6e2c8f9ef5bed9b3c42216943f267f131f0578e97d8eceb2a64e071f260e4ca"
    },
    "jws header parameters": {
      "alg": "RS256",
      "jku": "https://connect.openid4.us/connect4us.jwk",
      "kid": "ABOP-00"
    }
  },
  "token_type": "Bearer"
}
Result

FAILED
```





More information about the Openid-specs-ab mailing list