Test detail

Test Name	oidcc-client-test-client-secret-basic
Variant	client_auth_type=client_secret_basic, request_type=plain_http_request, response_type=code, response_mode=default, client_registration=static_client
Test ID	D4L9TIWmp9Hhlb1 https://www.certification.openid.net/log-detail.html?public=true&log=D4L9TIWmp9Hhlb1
Created	2025-04-28T07:53:12.159854888Z
Description	Conformance testing of Arcon Converged Identity as a Relaying Party using the OpenID Connect Core: Basic Certification Profile
Test Version	5.1.31
Test Owner	115858928797071758548 https://accounts.google.com
Plan ID	BFj2iiVzbPPzd https://www.certification.openid.net/plan-detail.html?public=true&plan=BFj2iiVzbPPzd
Exported From	https://www.certification.openid.net
Exported By	115858928797071758548 https://accounts.google.com
Suite Version	5.1.31
Exported	2025-04-28 09:45:42 (UTC)

2025-04-28 07:53:12

(8) More

INFO

TEST-RUNNER

Test instance D4L9TIWmp9Hhlb1 created

baseUrl	https://www.certification.openid.net/test/a/ArconCI
variant	{ "client_auth_type": "client_secret_basic", "response_type": "code", "request_type": "plain_http_request", "response_mode": "default", "client_registration": "static_client" }
alias	ArconCI
description	Conformance testing of Arcon Converged Identity as a Relaying Party using the OpenID Connect Core: Basic Certification Profile
planId	BFj2iiVzbPPzd
config	{ "alias": "ArconCI", "description": "Conformance testing of Arcon Converged Identity as a Relaying Party using the OpenID Connect Core: Basic Certification Profile", "client": { "client_id": "0oaka2gpoymlyinwZ5d7", "client_secret": "_SDHPKKxtbQ55rPvFJV3DIHNI9VKAfbCJptzJhzV5EibdtvYJlXNP6vSlPC-ZDKJ", "redirect_uri": "https://oidc.arconnet.com/api/Oidc/callback", "initiate_login_uri": "https://oidc.arconnet.com/api/Oidc/initiate-login" }, "publish": "everything" }
baseMtlsUrl	https://mtls-www.certification.openid.net/test-mtls/a/ArconCI
testName	oidcc-client-test-client-secret-basic

2025-04-28 07:53:12

(1) More

SUCCESS

OIDCCGenerateServerConfiguration

Generated default server configuration

server_configuration

{
  "issuer": "https://www.certification.openid.net/test/a/ArconCI/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/ArconCI/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/ArconCI/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/ArconCI/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/ArconCI/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/ArconCI/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA",
    "Ed25519",
    "Ed448"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "preferred_username",
    "gender",
    "birthdate",
    "address",
    "zoneinfo",
    "locale",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified",
    "website",
    "profile",
    "updated_at",
    "txn"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA",
    "Ed25519",
    "Ed448"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA-OAEP-384",
    "RSA-OAEP-512",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA",
    "Ed25519",
    "Ed448"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA-OAEP-384",
    "RSA-OAEP-512",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA",
    "Ed25519",
    "Ed448"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA-OAEP-384",
    "RSA-OAEP-512",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}

2025-04-28 07:53:12

(1) More

SetTokenEndpointAuthMethodsSupportedToClientSecretBasicOnly

Changed token_endpoint_auth_methods_supported to client_secret_basic only in server configuration

server_configuration

{
  "issuer": "https://www.certification.openid.net/test/a/ArconCI/",
  "authorization_endpoint": "https://www.certification.openid.net/test/a/ArconCI/authorize",
  "token_endpoint": "https://www.certification.openid.net/test/a/ArconCI/token",
  "jwks_uri": "https://www.certification.openid.net/test/a/ArconCI/jwks",
  "userinfo_endpoint": "https://www.certification.openid.net/test/a/ArconCI/userinfo",
  "registration_endpoint": "https://www.certification.openid.net/test/a/ArconCI/register",
  "scopes_supported": [
    "openid",
    "phone",
    "profile",
    "email",
    "address",
    "offline_access"
  ],
  "response_types_supported": [
    "code",
    "id_token code",
    "token code id_token",
    "id_token",
    "token id_token",
    "token code",
    "token"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA",
    "Ed25519",
    "Ed448"
  ],
  "grant_types_supported": [
    "authorization_code",
    "implicit"
  ],
  "claims_parameter_supported": true,
  "acr_values_supported": [
    "PASSWORD"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "claim_types_supported": [
    "normal",
    "aggregated",
    "distributed"
  ],
  "claims_supported": [
    "sub",
    "name",
    "given_name",
    "family_name",
    "middle_name",
    "nickname",
    "preferred_username",
    "gender",
    "birthdate",
    "address",
    "zoneinfo",
    "locale",
    "phone_number",
    "phone_number_verified",
    "email",
    "email_verified",
    "website",
    "profile",
    "updated_at",
    "txn"
  ],
  "id_token_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA",
    "Ed25519",
    "Ed448"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA-OAEP-384",
    "RSA-OAEP-512",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "request_object_signing_alg_values_supported": [
    "none",
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA",
    "Ed25519",
    "Ed448"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA-OAEP-384",
    "RSA-OAEP-512",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "RS384",
    "RS512",
    "PS256",
    "PS384",
    "PS512",
    "ES256",
    "ES256K",
    "ES384",
    "ES512",
    "EdDSA",
    "Ed25519",
    "Ed448"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA-OAEP-384",
    "RSA-OAEP-512",
    "ECDH-ES",
    "ECDH-ES+A128KW",
    "ECDH-ES+A192KW",
    "ECDH-ES+A256KW",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ]
}

2025-04-28 07:53:12

(3) More

OIDCCGenerateServerJWKs

Generated server public private JWK sets

server_jwks

{
  "keys": [
    {
      "p": "umAcYZYea1b40mVxAeiBOV3zpLj5BsQcu3lgpPiIg2aRqT8BzEy6LobgdMiF32za2TFyGtAmNw0ehG-Jf7g8EYyqqgQW8QjSOvPzKJW8xQ4k4lY736MlFy-l3XTlFNSUuQrZvxIE6nzb3LoAqkAAMPuHhvJWHGDt4aesyLvUq20",
      "kty": "RSA",
      "q": "3IDY7eCz2gGvW_Jo6uIrxBYlhmCOptF6iLJOjw1lF-wQukqXTMtD-aJy-zQDSmEPJMFaXcB9c96YNnhi4c9R6Nya9Fa34KAIMgWaLMWj9OX8IZ1wd0QYh1uZlR5_Y3r9ipSb_I2FP96H7ghda3piLtLPjqUkWfQCioeMBGOMGOU",
      "d": "BpKx2cG3YhQfzHDlOafDM0SRuM6VbvLKUcQK56gqkTEQ30xekFpKPDsvlF4Zck_dlChtG7rB0GypPJ5vEsb5-n5YbXnVIxWkCTK_M-j157j6w1wmLNamZ1OYfPXtBsFzXxdIo7JCB-KgvtK6YgnTlWJ0iC4EVik3rBmKBv_wiIu7k7oJ7Mj1JkcDrj3SB7Yc4w10sgpjeNM78MY1B2YXRRXkL4kUqhnUxqGEEVkcw_Eo7VshDbR2m_IlJL7o8q9kY16_YRhrvkua5tNu7M5T-yxJekSFGe97srVZvfos5AeERCCl-Sgs421vPJepN7RfAR4UR4-A8542RBUUa77QJQ",
      "e": "AQAB",
      "use": "sig",
      "kid": "62cfa918-92b0-415a-9d50-fcfb21cad254",
      "qi": "MCSs4DHqrDFiiZo_DffU1xPj2BowBwdmc84cd3Hz4FicIXstReSBYDVzvlb-MnNynIJVMWRFtnryxHFuEjctzUJWtkOA6pqhVgwRzbbIKFa12A6v7lvgRDKW7HwHHz2CpyW6BOY7INml4dVJwIQPEnX4P54ISzrqQxPZLNAW8NQ",
      "dp": "aaxrCy3Z65SxmmHoFGPnOUa7Ca_TivGRNP8aPA-rH439kw_ljhgHDLBu_ehgd5E5-SIfB3Lz6AzpO8AeHyuv62dtsN6Gv3337XM6cM2N7dEaOrcYVbIkKqRakFliNlBeTxkG415tKSNIajuQeve05BEKBArNpmOTHXo77skJSXU",
      "dq": "KxfjTVoEzC5YHxgY-Q6Kjx_k5YYpWuDFmcF_KOXtQ-eWvVGmkBOJjVf6MK3Rls-xLfW7u2bLHcH67WpJqOfjkibLAcWQ2g1sjJobr3RQvqPTyp4CRMzCHnIAaewz6TU4J8UzVwAxcnIDDroDx-V7GruIZNBRcmMFvB0ReCocTyE",
      "n": "oIhmYFRQ2TZb2GlKZMIICE9G7TYbclnosh2vmJ_JLb_ZXZpuyA6vKGcUECfcGt6DCQIFV2XqgSNy5a1_Jkzak4EsTfedkf9kMfgiyd4hiPHbAEEE2zbazKaFL1GK5aCglFC3EnlfFqYjEi3kO2QcYs6dO7vGLByzIRmy41pO1NrUIU8lCqxj-fq4-A-hNJ20GSBrK0AxOdnVa0qBPIA41JPdtwzUjLkhcKRZKi2rPJBXsLUOrZxoTGs0f-z83e7E7KLHARqpwUb6jxGvqSNAiEvJBfM91R1a0-JfFvE2l14TiexHKPiCOxyPKQJMlioPXb5SblT-p7sXJ6F42-uQgQ"
    },
    {
      "kty": "EC",
      "d": "mIqWl6QmsAFDVX47ivJG2mH9ZnJMcSOP9YaRGrwq66A",
      "use": "sig",
      "crv": "P-256",
      "kid": "a64d8eb2-0b80-4dc3-b870-39e6645f74ce",
      "x": "B2VS4grjSLKSQ7soYPQ-QCJfcDkrupN7YwHM1Rtz0dM",
      "y": "LBKZhtkMnfmV9MdWO5uNRac3qZTVP7lYSY8IDjFk_yE"
    },
    {
      "kty": "EC",
      "d": "wwGG4Xg6xbNayx-w3FpvgURnfMjaDiYiznPwPVs9cDc",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "8aa6d684-e32b-4053-bf44-5837b085185b",
      "x": "wgIjHh8ufxgvS77VTGZDVeoFi7F8s3bgO5xLmXWdjXU",
      "y": "IuVjNVJ1qQBFwzCT_eLpbwB1x3FACqCp8kLctwCn2GE"
    },
    {
      "kty": "OKP",
      "d": "tn-ZUBXD6xZ0_knyKNi5mEcT_h-17SnGTszbTopC0N0",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "df9b693e-846f-411d-8d31-cba165210d2f",
      "x": "ecEnWCRUNC03tfZx20d-tfr1LKFKucV6ALWnSEkNcAk"
    }
  ]
}

server_encryption_keys

{
  "keys": [
    {
      "p": "vLc5Olag_XduaW5NiCA23Mb-LaqkN8rH43-pvCmfoQNm0ar5Ge8GD2gmilbGZy0nnSXhgQule0EYGA7XwjpbV6ukjPH3nebPpsTLALjdPNBMH9p509pa9d_i6G2S2tp5rY8060onfovaAdMUwopspD0vXX_pv-dAT7fWYbBzPNc",
      "kty": "RSA",
      "q": "yd6rAhWhC-BY5iG_X2vnlNtpOfqR_Xr_9DQpeg7HcNSRCwbE9CVRfJ156Lrf129-p4rkn2QQV5Lqsf1bGEG6FH4cs04As2x1qU-6Z14pRqzbPuLyiKbM25IRsYbTbpt7fQQ-7u1A4XUH6JilHR0flaetjmjSsrJZqAFVPMrQhcM",
      "d": "PkrRy-8FSwE4fMhNOZLFLfdST9pZh1xs-T4IMhNrKOZJQqb4k86aio1ZVFLIFFyI4CzE9rfWGcXHKHG8P11W-iA33rYArzbO3NvTippBS4Y7MpDkXnN0M5g812Qo5hwDcDTr5Q8BLHptJNUWNsNkR6XHtSGMbbXlFujCWjMxj4bzL1L5XsvzXNSTcIJCQ19Mwl5gkLXdKIAHgBcNcKod6XWs7YwGIjxxhPv_d6NIMGRcM9oheb5fQRPjRz94uvs_w6jwzj0FMTznIsPb_fUAVQDxxfM9QbRYGeUJeXoglZerHgCC2SHQepmgjX4Xa7IqV4vhUO5_CiPgu-fR1CGXIw",
      "e": "AQAB",
      "use": "enc",
      "kid": "20cf3acf-29e1-4132-b7b2-4365f1194000",
      "qi": "cYlZdNZIzOuJABnPdEu05P2gReIp3IqLQUbKubwZudL70kAOXL_P0enGNuJF-O13D2FYdVmAOcPFs7oouOkmfxGmgP56kXPFRIcGXPN_iRh1xw1-0Z3AdbfFeW5Hme2zC9_9wMzmIPrJYKmAiaSGFrj2Om3u2FDv8OYcy6_cTnw",
      "dp": "Z94UwnZBv6BHhgHu7HiGmbdw2OOt5QNYR2_RlT33nSCJK-eFmW-Ej2BMriGaq9kfj4_08Rje6NroDv3EZSPHeJaBSA45spACRJDWBry5ECq5a2LNYPwyyleCxVjh1lEfXZaPkt1KpY0F3bE3IOgdabw_YJ_xoOz_6aCOf1Al7Rs",
      "alg": "RSA-OAEP",
      "dq": "ewWSy7NosLcpFh4s5Tb6K3JHP0kfnQ1PXIBJYpQNIQq51bFrZ6oybbH-cEEqVr0gv3PaffRaLTRgiNXwpOixQPnV_cOkk7OeRO9MluAAYYzIFBv0WCjmoUz0MW8L_NUOPZLP04WMy5kpl6smvIZaEDbegvIIrVQZZVRioKisyUc",
      "n": "lNAA4ls1sJ7R7y6w5ifrJCtlEXE_dQ0cA-QvuRz2htPzj3GXe75-ubCKMuL1f6FQW1qF5SkIxdR5_Ej2Gs5V386_WrKmH8nIpp0jtiqBNqC1CqTCVb83Zdhalpgi_wiJ9hV0VTme1-JXKPtsWmbCtvdisggfrvLAeRFHrkTktP0msir-wKNGGpq0DSqcFCufFMTx3Kx9gygc1RyPFBDQMQQwKwVU9eJZMRgBl7SkRvsNTfDYbW6RJsi1KifVIyElNrMmiJP24qEUQtpNwks_pwcLCxc9amMiDK9ZlcXZLf6KuyCVqtxI2JzagbxyyOP8btotPjLHB4lzD_4cWxMKxQ"
    },
    {
      "kty": "EC",
      "d": "S53-iQL18pzvYWLy_je_ugH7FWR3ok5qhkG5hpTWuD4",
      "use": "enc",
      "crv": "P-256",
      "kid": "8a04558f-f443-45ae-8905-d1de15465491",
      "x": "Gimmdw_VoCb-WOsLin3JgZu5_9F9eB60TouDdo6UdRs",
      "y": "_ugneLORXJ6LjyNrhcTChqMBfMo_e5OthHp6h0hx12I",
      "alg": "ECDH-ES"
    }
  ]
}

server_public_jwks

{
  "keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "62cfa918-92b0-415a-9d50-fcfb21cad254",
      "n": "oIhmYFRQ2TZb2GlKZMIICE9G7TYbclnosh2vmJ_JLb_ZXZpuyA6vKGcUECfcGt6DCQIFV2XqgSNy5a1_Jkzak4EsTfedkf9kMfgiyd4hiPHbAEEE2zbazKaFL1GK5aCglFC3EnlfFqYjEi3kO2QcYs6dO7vGLByzIRmy41pO1NrUIU8lCqxj-fq4-A-hNJ20GSBrK0AxOdnVa0qBPIA41JPdtwzUjLkhcKRZKi2rPJBXsLUOrZxoTGs0f-z83e7E7KLHARqpwUb6jxGvqSNAiEvJBfM91R1a0-JfFvE2l14TiexHKPiCOxyPKQJMlioPXb5SblT-p7sXJ6F42-uQgQ"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "05d7ebb1-73aa-4767-9526-9dfc6968704f",
      "n": "moakVNbCsRfYoYsQZZeLFEkmjFSgl9N0qVcfiNS2Ws3J9gPP0Qe9xAAN0El2oP8p-dRWt1CHutVrH531oRpq6Setz8lFudxRba0bE60RGcC1Nq-c2dbX--YLzwzZ-68Jfil3bCa-1Rwgnm-bQjebB0u9Q_U111uh5vyonI4VGBJs5BvVxKepoCjg31SFqwd-82yGWoNcAK4nJxupJN-hn3K7Y6hAKIwdyNoOTGVUa2u0TEVb8ssFkkLYzH7NMKCDjuk1OSM5BmOJBbFAdDzuRXkyaaTXdlU85V4YhdndXZu6w180MLSqaUYoKHRZGxIlwEmQhShfY1guKVGEH1wt4Q"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "a64d8eb2-0b80-4dc3-b870-39e6645f74ce",
      "x": "B2VS4grjSLKSQ7soYPQ-QCJfcDkrupN7YwHM1Rtz0dM",
      "y": "LBKZhtkMnfmV9MdWO5uNRac3qZTVP7lYSY8IDjFk_yE"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "18208fbc-5ef5-472f-9c7c-45c5621f252f",
      "x": "9Q02L4sB4e5Kkd3AJOTN74CPH8XHW2bNJlgnT-B36-8",
      "y": "DlHzHaQqBau2Jcpzwqj7LF9gKJisiCmW0XEqVe6bQUg"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "secp256k1",
      "kid": "8aa6d684-e32b-4053-bf44-5837b085185b",
      "x": "wgIjHh8ufxgvS77VTGZDVeoFi7F8s3bgO5xLmXWdjXU",
      "y": "IuVjNVJ1qQBFwzCT_eLpbwB1x3FACqCp8kLctwCn2GE"
    },
    {
      "kty": "OKP",
      "use": "sig",
      "crv": "Ed25519",
      "kid": "df9b693e-846f-411d-8d31-cba165210d2f",
      "x": "ecEnWCRUNC03tfZx20d-tfr1LKFKucV6ALWnSEkNcAk"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "20cf3acf-29e1-4132-b7b2-4365f1194000",
      "alg": "RSA-OAEP",
      "n": "lNAA4ls1sJ7R7y6w5ifrJCtlEXE_dQ0cA-QvuRz2htPzj3GXe75-ubCKMuL1f6FQW1qF5SkIxdR5_Ej2Gs5V386_WrKmH8nIpp0jtiqBNqC1CqTCVb83Zdhalpgi_wiJ9hV0VTme1-JXKPtsWmbCtvdisggfrvLAeRFHrkTktP0msir-wKNGGpq0DSqcFCufFMTx3Kx9gygc1RyPFBDQMQQwKwVU9eJZMRgBl7SkRvsNTfDYbW6RJsi1KifVIyElNrMmiJP24qEUQtpNwks_pwcLCxc9amMiDK9ZlcXZLf6KuyCVqtxI2JzagbxyyOP8btotPjLHB4lzD_4cWxMKxQ"
    },
    {
      "kty": "EC",
      "use": "enc",
      "crv": "P-256",
      "kid": "8a04558f-f443-45ae-8905-d1de15465491",
      "x": "Gimmdw_VoCb-WOsLin3JgZu5_9F9eB60TouDdo6UdRs",
      "y": "_ugneLORXJ6LjyNrhcTChqMBfMo_e5OthHp6h0hx12I",
      "alg": "ECDH-ES"
    }
  ]
}

2025-04-28 07:53:12	SUCCESS RFC7517-1.1	ValidateServerJWKs Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url

2025-04-28 07:53:12

(1) More

SUCCESS

RFC7517-4.5

CheckDistinctKeyIdValueInServerJWKs

Distinct 'kid' value in all keys of server_jwks

see	https://bitbucket.org/openid/connect/issues/1127

2025-04-28 07:53:12

(1) More

SUCCESS

OIDCCLoadUserInfo

Added user information

user_info

{
  "sub": "user-subject-1234531",
  "name": "Demo T. User",
  "given_name": "Demo",
  "family_name": "User",
  "middle_name": "Theresa",
  "nickname": "Dee",
  "preferred_username": "d.tu",
  "gender": "female",
  "birthdate": "2000-02-03",
  "address": {
    "street_address": "100 Universal City Plaza",
    "locality": "Hollywood",
    "region": "CA",
    "postal_code": "91608",
    "country": "USA"
  },
  "zoneinfo": "America/Los_Angeles",
  "locale": "en-US",
  "phone_number": "+1 555 5550000",
  "phone_number_verified": false,
  "email": "user@example.com",
  "email_verified": false,
  "website": "https://openid.net/",
  "profile": "https://example.com/user",
  "updated_at": 1580000000,
  "txn": "2c6fb585-d51b-465a-9dca-b8cd22a11451"
}

2025-04-28 07:53:12

(4) More

SUCCESS

OIDCCGetStaticClientConfigurationForRPTests

Found a static client object

client_id	0oaka2gpoymlyinwZ5d7
client_secret	_SDHPKKxtbQ55rPvFJV3DIHNI9VKAfbCJptzJhzV5EibdtvYJlXNP6vSlPC-ZDKJ
initiate_login_uri	https://oidc.arconnet.com/api/Oidc/initiate-login
redirect_uris	[ "https://oidc.arconnet.com/api/Oidc/callback" ]

2025-04-28 07:53:12

(1) More

SUCCESS

OIDCR-2

EnsureClientDoesNotHaveBothJwksAndJwksUri

Client does not have both jwks and jwks_uri set

client

{
  "client_id": "0oaka2gpoymlyinwZ5d7",
  "client_secret": "_SDHPKKxtbQ55rPvFJV3DIHNI9VKAfbCJptzJhzV5EibdtvYJlXNP6vSlPC-ZDKJ",
  "initiate_login_uri": "https://oidc.arconnet.com/api/Oidc/initiate-login",
  "redirect_uris": [
    "https://oidc.arconnet.com/api/Oidc/callback"
  ]
}

2025-04-28 07:53:12

(3) More

INFO

OIDCC-10.1.1 OIDCC-10.2.1

FetchClientKeys

Skipped evaluation due to missing required element: client jwks_uri

path	jwks_uri
mapped
object	client

2025-04-28 07:53:12

(2) More

SUCCESS

OIDCR-2

ValidateClientGrantTypes

grant_types match response_types

grant_types	[ "authorization_code" ]
response_types	[ "code" ]

2025-04-28 07:53:12

(1) More

SUCCESS

OIDCR-2

OIDCCValidateClientRedirectUris

Valid redirect_uri(s) provided in registration request

redirect_uris

[
  "https://oidc.arconnet.com/api/Oidc/callback"
]

2025-04-28 07:53:12	SUCCESS OIDCR-2	ValidateClientLogoUris Client does not contain any logo_uri

2025-04-28 07:53:12	SUCCESS OIDCR-2	ValidateClientUris Client does not contain any client_uri

2025-04-28 07:53:12	SUCCESS OIDCR-2	ValidateClientPolicyUris Client does not contain any policy_uri

2025-04-28 07:53:12	SUCCESS OIDCR-2	ValidateClientTosUris Client does not contain any tos_uri

2025-04-28 07:53:12	SUCCESS OIDCR-2	ValidateClientSubjectType A subject_type was not provided

2025-04-28 07:53:12

(3) More

INFO

OIDCR-2

ValidateIdTokenSignedResponseAlg

Skipped evaluation due to missing required element: client id_token_signed_response_alg

path	id_token_signed_response_alg
mapped
object	client

2025-04-28 07:53:12	SUCCESS OIDCR-2	EnsureIdTokenEncryptedResponseAlgIsSetIfEncIsSet id_token_encrypted_response_enc is not set

2025-04-28 07:53:12

(3) More

INFO

OIDCR-2

ValidateUserinfoSignedResponseAlg

Skipped evaluation due to missing required element: client userinfo_signed_response_alg

path	userinfo_signed_response_alg
mapped
object	client

2025-04-28 07:53:12	SUCCESS OIDCR-2	EnsureUserinfoEncryptedResponseAlgIsSetIfEncIsSet userinfo_encrypted_response_enc is not set

2025-04-28 07:53:12

(3) More

INFO

OIDCR-2

ValidateRequestObjectSigningAlg

Skipped evaluation due to missing required element: client request_object_signing_alg

path	request_object_signing_alg
mapped
object	client

2025-04-28 07:53:12	SUCCESS OIDCR-2	EnsureRequestObjectEncryptionAlgIsSetIfEncIsSet request_object_encryption_enc is not set

2025-04-28 07:53:12

(3) More

INFO

OIDCR-2

ValidateTokenEndpointAuthSigningAlg

Skipped evaluation due to missing required element: client token_endpoint_auth_signing_alg

path	token_endpoint_auth_signing_alg
mapped
object	client

2025-04-28 07:53:12	SUCCESS OIDCR-2	ValidateDefaultMaxAge default_max_age is not set

2025-04-28 07:53:12

(3) More

INFO

OIDCR-2

ValidateRequireAuthTime

Skipped evaluation due to missing required element: client require_auth_time

path	require_auth_time
mapped
object	client

2025-04-28 07:53:12

(3) More

INFO

OIDCR-2

ValidateDefaultAcrValues

Skipped evaluation due to missing required element: client default_acr_values

path	default_acr_values
mapped
object	client

2025-04-28 07:53:12

(1) More

SUCCESS

OIDCR-2

ValidateInitiateLoginUri

initiate_login_uri is valid

initiate_login_uri

https://oidc.arconnet.com/api/Oidc/initiate-login

2025-04-28 07:53:12

(3) More

INFO

OIDCR-2

ValidateRequestUris

Skipped evaluation due to missing required element: client request_uris

path	request_uris
mapped
object	client

2025-04-28 07:53:12

(1) More

SUCCESS

OIDCCExtractServerSigningAlg

Using the default algorithm for the first key in server jwks

signing_algorithm

RS256

2025-04-28 07:53:12

(1) More

SetClientIdTokenSignedResponseAlgToServerSigningAlg

Set id_token_signed_response_alg for the registered client

id_token_signed_response_alg

RS256

2025-04-28 07:53:12		oidcc-client-test-client-secret-basic Setup Done

2025-04-28 07:53:19

(12) More

INCOMING

oidcc-client-test-client-secret-basic

Incoming HTTP request to /test/a/ArconCI/authorize

incoming_headers	{ "host": "www.certification.openid.net", "upgrade-insecure-requests": "1", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36", "accept": "text/html,application/xhtml+xml,application/xml;q\u003d0.9,image/avif,image/webp,image/apng,/;q\u003d0.8,application/signed-exchange;v\u003db3;q\u003d0.7", "sec-fetch-site": "none", "sec-fetch-mode": "navigate", "sec-fetch-user": "?1", "sec-fetch-dest": "document", "sec-ch-ua": "\"Google Chrome\";v\u003d\"135\", \"Not-A.Brand\";v\u003d\"8\", \"Chromium\";v\u003d\"135\"", "sec-ch-ua-mobile": "?0", "sec-ch-ua-platform": "\"Windows\"", "accept-encoding": "gzip, deflate, br, zstd", "accept-language": "en-US,en;q\u003d0.9", "cookie": "_gid\u003dGA1.2.1265047192.1745825002; _ga\u003dGA1.2.1650576532.1738752960; JSESSIONID\u003dAD623538DCDCDE27055B97879A488FDA; _ga_NF8HNLNJJE\u003dGS1.1.1745825002.5.1.1745825607.0.0.0", "connection": "close" }
incoming_path	/test/a/ArconCI/authorize
incoming_body_form_params
incoming_method	GET
incoming_tls_version	TLSv1.2
incoming_tls_cert
incoming_query_string_params	{ "response_type": "code", "client_id": "0oaka2gpoymlyinwZ5d7", "redirect_uri": "https://oidc.arconnet.com/api/Oidc/callback", "scope": "openid email", "state": "9b45ecb6-789b-4182-ac76-fb9d456d4070", "nonce": "eb1ade05-3e99-4582-aa9f-1255c3834b63" }
incoming_body
incoming_tls_chain	[ "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL" ]
incoming_body_json_parse_error
incoming_tls_cipher	ECDHE-RSA-AES128-GCM-SHA256
incoming_body_json

Authorization endpoint

2025-04-28 07:53:19	SUCCESS OIDCC-6.1	EnsureRequestDoesNotContainRequestObject Request does not contain a request parameter

2025-04-28 07:53:19

(2) More

SUCCESS

OIDCC-6.2 OIDCC-6.1

EnsureAuthorizationHttpRequestContainsOpenIDScope

Found 'openid' in scope http request parameter

actual	[ "openid", "email" ]
expected	openid

2025-04-28 07:53:19

(1) More

SUCCESS

OIDCC-6.2 OIDCC-6.1

CreateEffectiveAuthorizationRequestParameters

Merged http request parameters with request object claims

effective_authorization_endpoint_request

{
  "response_type": "code",
  "client_id": "0oaka2gpoymlyinwZ5d7",
  "redirect_uri": "https://oidc.arconnet.com/api/Oidc/callback",
  "scope": "openid email",
  "state": "9b45ecb6-789b-4182-ac76-fb9d456d4070",
  "nonce": "eb1ade05-3e99-4582-aa9f-1255c3834b63"
}

2025-04-28 07:53:19

(1) More

SUCCESS

ExtractRequestedScopes

Requested scopes

scope

openid email

2025-04-28 07:53:19

(1) More

SUCCESS

OIDCC-3.1.2.1

ExtractNonceFromAuthorizationRequest

Extracted nonce

nonce

eb1ade05-3e99-4582-aa9f-1255c3834b63

2025-04-28 07:53:19

(3) More

INFO

RFC7636-4.3

EnsureAuthorizationRequestContainsPkceCodeChallenge

Skipped evaluation due to missing required element: effective_authorization_endpoint_request code_challenge

path	code_challenge
mapped
object	effective_authorization_endpoint_request

2025-04-28 07:53:19

(1) More

SUCCESS

EnsureResponseTypeIsCode

Response type is expected value

expected

code

2025-04-28 07:53:19

(1) More

SUCCESS

OIDCC-3.1.2.1

EnsureMatchingClientId

Client ID matched

client_id

0oaka2gpoymlyinwZ5d7

2025-04-28 07:53:19

(2) More

SUCCESS

OIDCC-3.1.2.1

EnsureValidRedirectUriForAuthorizationEndpointRequest

redirect_uri is one of the allowed redirect uris

actual	https://oidc.arconnet.com/api/Oidc/callback
expected	[ "https://oidc.arconnet.com/api/Oidc/callback" ]

2025-04-28 07:53:19

(2) More

SUCCESS

OIDCC-3.1.2.1

EnsureOpenIDInScopeRequest

Found 'openid' scope in request

actual	[ "openid", "email" ]
expected	openid

2025-04-28 07:53:19	SUCCESS OIDCC-3.1.2.3	DisallowMaxAgeEqualsZeroAndPromptNone The client did not send max_age=0 and prompt=none parameters as expected

2025-04-28 07:53:19

(3) More

INFO

RFC6749-4.1.1 OIDCC-3.1.2.1 RFC7636-4.3 OAuth2-RT-2.1 RFC7519-4.1 DPOP-10 RFC8485-4.1 RFC8707-2.1 RFC9396-2

CheckForUnexpectedClaimsInRequestObject

Skipped evaluation due to missing required element: authorization_request_object claims

path	claims
mapped
object	authorization_request_object

2025-04-28 07:53:19

(3) More

INFO

OIDCC-5.5

CheckForUnexpectedClaimsInClaimsParameter

Skipped evaluation due to missing required element: authorization_request_object claims.claims

path	claims.claims
mapped
object	authorization_request_object

2025-04-28 07:53:19

(3) More

INFO

OIDCC-5.1 OIDCC-5.5.1.1 BrazilOB-5.2.2.3 BrazilOB-5.2.2.4 OBSP-3.4

CheckForUnexpectedOpenIdClaims

Skipped evaluation due to missing required element: authorization_request_object claims.claims

path	claims.claims
mapped
object	authorization_request_object

2025-04-28 07:53:19

(3) More

INFO

OIDCC-5.5

CheckRequestObjectClaimsParameterValues

Skipped evaluation due to missing required element: authorization_request_object claims.claims

path	claims.claims
mapped
object	authorization_request_object

2025-04-28 07:53:19

(3) More

INFO

OIDCC-5.5.1

CheckRequestObjectClaimsParameterMemberValues

Skipped evaluation due to missing required element: authorization_request_object claims.claims

path	claims.claims
mapped
object	authorization_request_object

2025-04-28 07:53:19

(1) More

SUCCESS

CreateAuthorizationCode

Created authorization code

authorization_code

LHjymncqp4iUpURU0Twd4j35kkmJTNY1

2025-04-28 07:53:19

(1) More

SUCCESS

OIDCC-3.3.2.11

CalculateCHash

Successful c_hash encoding

c_hash

uGcwSrZjT4TGU5ZuHXLsxw

2025-04-28 07:53:19

(1) More

SUCCESS

CreateAuthorizationEndpointResponseParams

Added authorization_endpoint_response_params to environment

params

{
  "redirect_uri": "https://oidc.arconnet.com/api/Oidc/callback",
  "state": "9b45ecb6-789b-4182-ac76-fb9d456d4070"
}

2025-04-28 07:53:19

(1) More

SUCCESS

OIDCC-3.3.2.5

AddCodeToAuthorizationEndpointResponseParams

Added code to authorization endpoint response params

authorization_endpoint_response_params

{
  "redirect_uri": "https://oidc.arconnet.com/api/Oidc/callback",
  "state": "9b45ecb6-789b-4182-ac76-fb9d456d4070",
  "code": "LHjymncqp4iUpURU0Twd4j35kkmJTNY1"
}

2025-04-28 07:53:19

(1) More

OIDCC-3.3.2.5

SendAuthorizationResponseWithResponseModeQuery

Redirecting back to client

uri	https://oidc.arconnet.com/api/Oidc/callback?state=9b45ecb6-789b-4182-ac76-fb9d456d4070&code=LHjymncqp4iUpURU0Twd4j35kkmJTNY1

2025-04-28 07:53:19

(2) More

OUTGOING

oidcc-client-test-client-secret-basic

Response to HTTP request to test instance D4L9TIWmp9Hhlb1

outgoing

org.springframework.web.servlet.view.RedirectView: [RedirectView]; URL [https://oidc.arconnet.com/api/Oidc/callback?state=9b45ecb6-789b-4182-ac76-fb9d456d4070&code=LHjymncqp4iUpURU0Twd4j35kkmJTNY1]

outgoing_path

authorize

2025-04-28 07:53:20

(12) More

INCOMING

oidcc-client-test-client-secret-basic

Incoming HTTP request to /test/a/ArconCI/token

incoming_headers	{ "host": "www.certification.openid.net", "authorization": "Basic MG9ha2EyZ3BveW1seWlud1o1ZDc6X1NESFBLS3h0YlE1NXJQdkZKVjNESUhOSTlWS0FmYkNKcHR6Smh6VjVFaWJkdHZZSmxYTlA2dlNsUEMtWkRLSg\u003d\u003d", "traceparent": "00-c97b85bd75e57c2ff66649ded84b4d48-8c9986ebe6e75922-00", "cookie": "JSESSIONID\u003d63C028490CD78A9D63484D337447BAAE", "content-type": "application/x-www-form-urlencoded", "content-length": "136", "connection": "close" }
incoming_path	/test/a/ArconCI/token
incoming_body_form_params	{ "grant_type": "authorization_code", "code": "LHjymncqp4iUpURU0Twd4j35kkmJTNY1", "redirect_uri": "https://oidc.arconnet.com/api/Oidc/callback" }
incoming_method	POST
incoming_tls_version	TLSv1.2
incoming_tls_cert
incoming_query_string_params	{}
incoming_body	grant_type=authorization_code&code=LHjymncqp4iUpURU0Twd4j35kkmJTNY1&redirect_uri=https%3A%2F%2Foidc.arconnet.com%2Fapi%2FOidc%2Fcallback
incoming_tls_chain	[ "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL" ]
incoming_body_json_parse_error
incoming_tls_cipher	ECDHE-RSA-AES256-GCM-SHA384
incoming_body_json

Token endpoint

2025-04-28 07:53:20	RFC6749-3.2.1	CheckClientIdMatchesOnTokenRequestIfPresent client_id not present, nothing to check

2025-04-28 07:53:20

(3) More

SUCCESS

OIDCC-9

ExtractClientCredentialsFromBasicAuthorizationHeader

Extracted client authentication

client_id	0oaka2gpoymlyinwZ5d7
client_secret	_SDHPKKxtbQ55rPvFJV3DIHNI9VKAfbCJptzJhzV5EibdtvYJlXNP6vSlPC-ZDKJ
method	client_secret_basic

2025-04-28 07:53:20	SUCCESS RFC6749-2.3.1	ValidateClientIdAndSecret Client id and secret match

2025-04-28 07:53:20

(1) More

SUCCESS

OIDCC-3.1.3.2

ValidateAuthorizationCode

Found authorization code

authorization_code

LHjymncqp4iUpURU0Twd4j35kkmJTNY1

2025-04-28 07:53:20

(1) More

SUCCESS

OIDCC-3.1.3.2

ValidateRedirectUriForTokenEndpointRequest

redirect_uri is the same as the one used in the authorization request

actual

https://oidc.arconnet.com/api/Oidc/callback

2025-04-28 07:53:20

(1) More

SUCCESS

GenerateBearerAccessToken

Generated access token

access_token

fFlfTVFsMhW5YL0NyO8MLO23bSSIhsuGHj3ckBJ3jCkafr7Cp8

2025-04-28 07:53:20

(1) More

SUCCESS

OIDCC-3.3.2.11

CalculateAtHash

Successful at_hash encoding

at_hash

P5Z-vp5iTnWQbITzi0ASOw

2025-04-28 07:53:20

(6) More

SUCCESS

GenerateIdTokenClaims

Created ID Token Claims

iss	https://www.certification.openid.net/test/a/ArconCI/
sub	user-subject-1234531
aud	0oaka2gpoymlyinwZ5d7
nonce	eb1ade05-3e99-4582-aa9f-1255c3834b63
iat	1745826800
exp	1745827100

2025-04-28 07:53:20

(2) More

SUCCESS

OIDCC-3.3.2.11

AddAtHashToIdTokenClaims

Added at_hash to ID token claims

at_hash

P5Z-vp5iTnWQbITzi0ASOw

id_token_claims

{
  "iss": "https://www.certification.openid.net/test/a/ArconCI/",
  "sub": "user-subject-1234531",
  "aud": "0oaka2gpoymlyinwZ5d7",
  "nonce": "eb1ade05-3e99-4582-aa9f-1255c3834b63",
  "iat": 1745826800,
  "exp": 1745827100,
  "at_hash": "P5Z-vp5iTnWQbITzi0ASOw"
}

2025-04-28 07:53:20

(3) More

INFO

OIDCC-3.1.2.1

AddAuthTimeToIdTokenClaims

Skipped evaluation due to missing required element: effective_authorization_endpoint_request max_age

path	max_age
mapped
object	effective_authorization_endpoint_request

2025-04-28 07:53:20

(3) More

SUCCESS

OIDCC-2

OIDCCSignIdToken

Signed the ID token

id_token

eyJraWQiOiI2MmNmYTkxOC05MmIwLTQxNWEtOWQ1MC1mY2ZiMjFjYWQyNTQiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiUDVaLXZwNWlUbldRYklUemkwQVNPdyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiMG9ha2EyZ3BveW1seWlud1o1ZDciLCJpc3MiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL0FyY29uQ0kvIiwiZXhwIjoxNzQ1ODI3MTAwLCJub25jZSI6ImViMWFkZTA1LTNlOTktNDU4Mi1hYTlmLTEyNTVjMzgzNGI2MyIsImlhdCI6MTc0NTgyNjgwMH0.cTKAY3UVWQW_Nh2O1p8xs-WqqOwH_gZBdiZx5aGHaxMzLTyMDMPhFd5u5gGJzDE6lPC2uoi0klZQOlRVe2qkVkb-dzIIX8uNkipZ1l6F80NxWo1dXOFYEtGsB-7z8jLZX2gedI--ek_FfXcQKr8k1NjOUz4awtqYLRh7keRWZWmcBiaP4h1J7HjjVt-5saFZgIV3sK_Vu6DIMJqO-yYTJ6axftTx5BV-J4ovfh0KWYUH1GL9XIA1AXlTmEenEvr1vAMhCFShbYLFjBebsX4OzQIJ5szSNgOo18ikQqnngfGIO5LEs7cxJZNGXcVuxEIy_Hm4CsOLQYcR062H4-_8Cg

key

{"p":"umAcYZYea1b40mVxAeiBOV3zpLj5BsQcu3lgpPiIg2aRqT8BzEy6LobgdMiF32za2TFyGtAmNw0ehG-Jf7g8EYyqqgQW8QjSOvPzKJW8xQ4k4lY736MlFy-l3XTlFNSUuQrZvxIE6nzb3LoAqkAAMPuHhvJWHGDt4aesyLvUq20","kty":"RSA","q":"3IDY7eCz2gGvW_Jo6uIrxBYlhmCOptF6iLJOjw1lF-wQukqXTMtD-aJy-zQDSmEPJMFaXcB9c96YNnhi4c9R6Nya9Fa34KAIMgWaLMWj9OX8IZ1wd0QYh1uZlR5_Y3r9ipSb_I2FP96H7ghda3piLtLPjqUkWfQCioeMBGOMGOU","d":"BpKx2cG3YhQfzHDlOafDM0SRuM6VbvLKUcQK56gqkTEQ30xekFpKPDsvlF4Zck_dlChtG7rB0GypPJ5vEsb5-n5YbXnVIxWkCTK_M-j157j6w1wmLNamZ1OYfPXtBsFzXxdIo7JCB-KgvtK6YgnTlWJ0iC4EVik3rBmKBv_wiIu7k7oJ7Mj1JkcDrj3SB7Yc4w10sgpjeNM78MY1B2YXRRXkL4kUqhnUxqGEEVkcw_Eo7VshDbR2m_IlJL7o8q9kY16_YRhrvkua5tNu7M5T-yxJekSFGe97srVZvfos5AeERCCl-Sgs421vPJepN7RfAR4UR4-A8542RBUUa77QJQ","e":"AQAB","use":"sig","kid":"62cfa918-92b0-415a-9d50-fcfb21cad254","qi":"MCSs4DHqrDFiiZo_DffU1xPj2BowBwdmc84cd3Hz4FicIXstReSBYDVzvlb-MnNynIJVMWRFtnryxHFuEjctzUJWtkOA6pqhVgwRzbbIKFa12A6v7lvgRDKW7HwHHz2CpyW6BOY7INml4dVJwIQPEnX4P54ISzrqQxPZLNAW8NQ","dp":"aaxrCy3Z65SxmmHoFGPnOUa7Ca_TivGRNP8aPA-rH439kw_ljhgHDLBu_ehgd5E5-SIfB3Lz6AzpO8AeHyuv62dtsN6Gv3337XM6cM2N7dEaOrcYVbIkKqRakFliNlBeTxkG415tKSNIajuQeve05BEKBArNpmOTHXo77skJSXU","dq":"KxfjTVoEzC5YHxgY-Q6Kjx_k5YYpWuDFmcF_KOXtQ-eWvVGmkBOJjVf6MK3Rls-xLfW7u2bLHcH67WpJqOfjkibLAcWQ2g1sjJobr3RQvqPTyp4CRMzCHnIAaewz6TU4J8UzVwAxcnIDDroDx-V7GruIZNBRcmMFvB0ReCocTyE","n":"oIhmYFRQ2TZb2GlKZMIICE9G7TYbclnosh2vmJ_JLb_ZXZpuyA6vKGcUECfcGt6DCQIFV2XqgSNy5a1_Jkzak4EsTfedkf9kMfgiyd4hiPHbAEEE2zbazKaFL1GK5aCglFC3EnlfFqYjEi3kO2QcYs6dO7vGLByzIRmy41pO1NrUIU8lCqxj-fq4-A-hNJ20GSBrK0AxOdnVa0qBPIA41JPdtwzUjLkhcKRZKi2rPJBXsLUOrZxoTGs0f-z83e7E7KLHARqpwUb6jxGvqSNAiEvJBfM91R1a0-JfFvE2l14TiexHKPiCOxyPKQJMlioPXb5SblT-p7sXJ6F42-uQgQ"}

algorithm

RS256

2025-04-28 07:53:20

(3) More

INFO

OIDCC-10.2

EncryptIdToken

Skipped evaluation due to missing required element: client id_token_encrypted_response_alg

path	id_token_encrypted_response_alg
mapped
object	client

2025-04-28 07:53:20

(4) More

SUCCESS

OIDCC-3.1.3.3

CreateTokenEndpointResponse

Created token endpoint response

access_token	fFlfTVFsMhW5YL0NyO8MLO23bSSIhsuGHj3ckBJ3jCkafr7Cp8
token_type	Bearer
id_token	eyJraWQiOiI2MmNmYTkxOC05MmIwLTQxNWEtOWQ1MC1mY2ZiMjFjYWQyNTQiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiUDVaLXZwNWlUbldRYklUemkwQVNPdyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiMG9ha2EyZ3BveW1seWlud1o1ZDciLCJpc3MiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL0FyY29uQ0kvIiwiZXhwIjoxNzQ1ODI3MTAwLCJub25jZSI6ImViMWFkZTA1LTNlOTktNDU4Mi1hYTlmLTEyNTVjMzgzNGI2MyIsImlhdCI6MTc0NTgyNjgwMH0.cTKAY3UVWQW_Nh2O1p8xs-WqqOwH_gZBdiZx5aGHaxMzLTyMDMPhFd5u5gGJzDE6lPC2uoi0klZQOlRVe2qkVkb-dzIIX8uNkipZ1l6F80NxWo1dXOFYEtGsB-7z8jLZX2gedI--ek_FfXcQKr8k1NjOUz4awtqYLRh7keRWZWmcBiaP4h1J7HjjVt-5saFZgIV3sK_Vu6DIMJqO-yYTJ6axftTx5BV-J4ovfh0KWYUH1GL9XIA1AXlTmEenEvr1vAMhCFShbYLFjBebsX4OzQIJ5szSNgOo18ikQqnngfGIO5LEs7cxJZNGXcVuxEIy_Hm4CsOLQYcR062H4-_8Cg
scope	openid email

2025-04-28 07:53:20

(4) More

OUTGOING

oidcc-client-test-client-secret-basic

Response to HTTP request to test instance D4L9TIWmp9Hhlb1

outgoing_status_code	200
outgoing_headers	{}
outgoing_body	{ "access_token": "fFlfTVFsMhW5YL0NyO8MLO23bSSIhsuGHj3ckBJ3jCkafr7Cp8", "token_type": "Bearer", "id_token": "eyJraWQiOiI2MmNmYTkxOC05MmIwLTQxNWEtOWQ1MC1mY2ZiMjFjYWQyNTQiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiUDVaLXZwNWlUbldRYklUemkwQVNPdyIsInN1YiI6InVzZXItc3ViamVjdC0xMjM0NTMxIiwiYXVkIjoiMG9ha2EyZ3BveW1seWlud1o1ZDciLCJpc3MiOiJodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLm9wZW5pZC5uZXQvdGVzdC9hL0FyY29uQ0kvIiwiZXhwIjoxNzQ1ODI3MTAwLCJub25jZSI6ImViMWFkZTA1LTNlOTktNDU4Mi1hYTlmLTEyNTVjMzgzNGI2MyIsImlhdCI6MTc0NTgyNjgwMH0.cTKAY3UVWQW_Nh2O1p8xs-WqqOwH_gZBdiZx5aGHaxMzLTyMDMPhFd5u5gGJzDE6lPC2uoi0klZQOlRVe2qkVkb-dzIIX8uNkipZ1l6F80NxWo1dXOFYEtGsB-7z8jLZX2gedI--ek_FfXcQKr8k1NjOUz4awtqYLRh7keRWZWmcBiaP4h1J7HjjVt-5saFZgIV3sK_Vu6DIMJqO-yYTJ6axftTx5BV-J4ovfh0KWYUH1GL9XIA1AXlTmEenEvr1vAMhCFShbYLFjBebsX4OzQIJ5szSNgOo18ikQqnngfGIO5LEs7cxJZNGXcVuxEIy_Hm4CsOLQYcR062H4-_8Cg", "scope": "openid email" }
outgoing_path	token

2025-04-28 07:53:20

(12) More

INCOMING

oidcc-client-test-client-secret-basic

Incoming HTTP request to /test/a/ArconCI/jwks

incoming_headers	{ "host": "www.certification.openid.net", "traceparent": "00-c97b85bd75e57c2ff66649ded84b4d48-b6036ec86f0c7309-00", "cookie": "JSESSIONID\u003d63C028490CD78A9D63484D337447BAAE", "connection": "close" }
incoming_path	/test/a/ArconCI/jwks
incoming_body_form_params
incoming_method	GET
incoming_tls_version	TLSv1.2
incoming_tls_cert
incoming_query_string_params	{}
incoming_body
incoming_tls_chain	[ "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL" ]
incoming_body_json_parse_error
incoming_tls_cipher	ECDHE-RSA-AES256-GCM-SHA384
incoming_body_json

Jwks endpoint

2025-04-28 07:53:20

(4) More

OUTGOING

oidcc-client-test-client-secret-basic

Response to HTTP request to test instance D4L9TIWmp9Hhlb1

outgoing_status_code	200
outgoing_headers	{}
outgoing_body	{ "keys": [ { "kty": "RSA", "e": "AQAB", "use": "sig", "kid": "62cfa918-92b0-415a-9d50-fcfb21cad254", "n": "oIhmYFRQ2TZb2GlKZMIICE9G7TYbclnosh2vmJ_JLb_ZXZpuyA6vKGcUECfcGt6DCQIFV2XqgSNy5a1_Jkzak4EsTfedkf9kMfgiyd4hiPHbAEEE2zbazKaFL1GK5aCglFC3EnlfFqYjEi3kO2QcYs6dO7vGLByzIRmy41pO1NrUIU8lCqxj-fq4-A-hNJ20GSBrK0AxOdnVa0qBPIA41JPdtwzUjLkhcKRZKi2rPJBXsLUOrZxoTGs0f-z83e7E7KLHARqpwUb6jxGvqSNAiEvJBfM91R1a0-JfFvE2l14TiexHKPiCOxyPKQJMlioPXb5SblT-p7sXJ6F42-uQgQ" }, { "kty": "RSA", "e": "AQAB", "use": "sig", "kid": "05d7ebb1-73aa-4767-9526-9dfc6968704f", "n": "moakVNbCsRfYoYsQZZeLFEkmjFSgl9N0qVcfiNS2Ws3J9gPP0Qe9xAAN0El2oP8p-dRWt1CHutVrH531oRpq6Setz8lFudxRba0bE60RGcC1Nq-c2dbX--YLzwzZ-68Jfil3bCa-1Rwgnm-bQjebB0u9Q_U111uh5vyonI4VGBJs5BvVxKepoCjg31SFqwd-82yGWoNcAK4nJxupJN-hn3K7Y6hAKIwdyNoOTGVUa2u0TEVb8ssFkkLYzH7NMKCDjuk1OSM5BmOJBbFAdDzuRXkyaaTXdlU85V4YhdndXZu6w180MLSqaUYoKHRZGxIlwEmQhShfY1guKVGEH1wt4Q" }, { "kty": "EC", "use": "sig", "crv": "P-256", "kid": "a64d8eb2-0b80-4dc3-b870-39e6645f74ce", "x": "B2VS4grjSLKSQ7soYPQ-QCJfcDkrupN7YwHM1Rtz0dM", "y": "LBKZhtkMnfmV9MdWO5uNRac3qZTVP7lYSY8IDjFk_yE" }, { "kty": "EC", "use": "sig", "crv": "P-256", "kid": "18208fbc-5ef5-472f-9c7c-45c5621f252f", "x": "9Q02L4sB4e5Kkd3AJOTN74CPH8XHW2bNJlgnT-B36-8", "y": "DlHzHaQqBau2Jcpzwqj7LF9gKJisiCmW0XEqVe6bQUg" }, { "kty": "EC", "use": "sig", "crv": "secp256k1", "kid": "8aa6d684-e32b-4053-bf44-5837b085185b", "x": "wgIjHh8ufxgvS77VTGZDVeoFi7F8s3bgO5xLmXWdjXU", "y": "IuVjNVJ1qQBFwzCT_eLpbwB1x3FACqCp8kLctwCn2GE" }, { "kty": "OKP", "use": "sig", "crv": "Ed25519", "kid": "df9b693e-846f-411d-8d31-cba165210d2f", "x": "ecEnWCRUNC03tfZx20d-tfr1LKFKucV6ALWnSEkNcAk" }, { "kty": "RSA", "e": "AQAB", "use": "enc", "kid": "20cf3acf-29e1-4132-b7b2-4365f1194000", "alg": "RSA-OAEP", "n": "lNAA4ls1sJ7R7y6w5ifrJCtlEXE_dQ0cA-QvuRz2htPzj3GXe75-ubCKMuL1f6FQW1qF5SkIxdR5_Ej2Gs5V386_WrKmH8nIpp0jtiqBNqC1CqTCVb83Zdhalpgi_wiJ9hV0VTme1-JXKPtsWmbCtvdisggfrvLAeRFHrkTktP0msir-wKNGGpq0DSqcFCufFMTx3Kx9gygc1RyPFBDQMQQwKwVU9eJZMRgBl7SkRvsNTfDYbW6RJsi1KifVIyElNrMmiJP24qEUQtpNwks_pwcLCxc9amMiDK9ZlcXZLf6KuyCVqtxI2JzagbxyyOP8btotPjLHB4lzD_4cWxMKxQ" }, { "kty": "EC", "use": "enc", "crv": "P-256", "kid": "8a04558f-f443-45ae-8905-d1de15465491", "x": "Gimmdw_VoCb-WOsLin3JgZu5_9F9eB60TouDdo6UdRs", "y": "_ugneLORXJ6LjyNrhcTChqMBfMo_e5OthHp6h0hx12I", "alg": "ECDH-ES" } ] }
outgoing_path	jwks

2025-04-28 07:53:20

(12) More

INCOMING

oidcc-client-test-client-secret-basic

Incoming HTTP request to /test/a/ArconCI/userinfo

incoming_headers	{ "host": "www.certification.openid.net", "authorization": "Bearer fFlfTVFsMhW5YL0NyO8MLO23bSSIhsuGHj3ckBJ3jCkafr7Cp8", "traceparent": "00-c97b85bd75e57c2ff66649ded84b4d48-f21e4f25989984c7-00", "cookie": "JSESSIONID\u003d63C028490CD78A9D63484D337447BAAE", "connection": "close" }
incoming_path	/test/a/ArconCI/userinfo
incoming_body_form_params
incoming_method	GET
incoming_tls_version	TLSv1.2
incoming_tls_cert
incoming_query_string_params	{}
incoming_body
incoming_tls_chain	[ "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL", "CONFORMANCE_SUITE_JSON_NULL" ]
incoming_body_json_parse_error
incoming_tls_cipher	ECDHE-RSA-AES256-GCM-SHA384
incoming_body_json

Userinfo endpoint

2025-04-28 07:53:20

(1) More

SUCCESS

RFC6750-2 OIDCC-5.3.1

OIDCCExtractBearerAccessTokenFromRequest

Found access token on incoming request

access_token

fFlfTVFsMhW5YL0NyO8MLO23bSSIhsuGHj3ckBJ3jCkafr7Cp8

2025-04-28 07:53:20

(1) More

SUCCESS

OIDCC-5.3.1

RequireBearerAccessToken

Found access token in request

actual

fFlfTVFsMhW5YL0NyO8MLO23bSSIhsuGHj3ckBJ3jCkafr7Cp8

2025-04-28 07:53:20

(3) More

SUCCESS

OIDCC-5.4

FilterUserInfoForScopes

User info endpoint output

sub	user-subject-1234531
email	user@example.com
email_verified	false

2025-04-28 07:53:20		ClearAccessTokenFromRequest Removed incoming access token from environment

2025-04-28 07:53:20

(3) More

INFO

OIDCC-5.3.2

AddIssAndAudToUserInfoResponse

Skipped evaluation due to missing required element: client userinfo_signed_response_alg

path	userinfo_signed_response_alg
mapped
object	client

2025-04-28 07:53:20

(3) More

INFO

OIDCC-5.3.2

SignUserInfoResponse

Skipped evaluation due to missing required element: client userinfo_signed_response_alg

path	userinfo_signed_response_alg
mapped
object	client

2025-04-28 07:53:20

(3) More

INFO

OIDCC-5.3.2

EncryptUserInfoResponse

Skipped evaluation due to missing required element: client userinfo_encrypted_response_alg

path	userinfo_encrypted_response_alg
mapped
object	client

2025-04-28 07:53:20

(4) More

OUTGOING

oidcc-client-test-client-secret-basic

Response to HTTP request to test instance D4L9TIWmp9Hhlb1

outgoing_status_code	200
outgoing_headers	{}
outgoing_body	{ "sub": "user-subject-1234531", "email": "user@example.com", "email_verified": false }
outgoing_path	userinfo

2025-04-28 07:53:20

(1) More

FINISHED

oidcc-client-test-client-secret-basic

Test has run to completion

testmodule_result

PASSED

2025-04-28 07:53:33

(2) More

TEST-RUNNER

Alias has now been claimed by another test

alias	ArconCI
new_test_id	U7IsbrZLj1ueniz

Test Summary

Test Results