Started by an SCM change Running as SYSTEM Building on master in workspace /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace The recommended git tool is: NONE No credentials specified > git rev-parse --is-inside-work-tree # timeout=10 Fetching changes from the remote Git repository > git config remote.origin.url https://github.com/GluuFederation/oxAuth # timeout=10 Fetching upstream changes from https://github.com/GluuFederation/oxAuth > git --version # timeout=10 > git --version # 'git version 1.8.3.1' > git fetch --tags --progress https://github.com/GluuFederation/oxAuth +refs/heads/*:refs/remotes/origin/* # timeout=10 > git rev-parse refs/remotes/origin/version_4.2.1^{commit} # timeout=10 > git rev-parse refs/remotes/origin/origin/version_4.2.1^{commit} # timeout=10 Checking out Revision f579fee74c9a38d6aaea008131cd432a85d9dcee (refs/remotes/origin/version_4.2.1) > git config core.sparsecheckout # timeout=10 > git checkout -f f579fee74c9a38d6aaea008131cd432a85d9dcee # timeout=10 Commit message: "Revert "Temporary disable tests"" > git rev-list --no-walk 3e97bca2a5224bf2cdc3b5aeff68933c31b6d866 # timeout=10 Run condition [Boolean condition] enabling prebuild for step [Trigger/call builds on other projects] [workspace] $ /bin/bash /opt/jetty/temp/jenkins3706924318662879878.sh Cloning into 'oxHudsonProfiles'... [workspace] $ /home/jenkins/.jenkins/tools/hudson.tasks.Maven_MavenInstallation/maven_3.3.9/bin/mvn -DDEPLOY_BUILD=true -DVERSION_NAME=version_4.2.1 -DPROFILE_NAME=ce-dev5.gluu.org -DDEVELOPMENT_BUILD=false -DMAVEN_SKIP_TESTS=false -Dpython.import.site=false -DPYTHON_HOME=/opt/jython -Dcfg=ce-dev5.gluu.org -Dmaven.test.skip=false -Ddevelopment-build=false clean compile test-compile install javadoc:javadoc site [INFO] Scanning for projects... [INFO] ------------------------------------------------------------------------ [INFO] Reactor Build Order: [INFO] [INFO] oxAuth [INFO] oxAuth Model [INFO] Persistence model [INFO] oxAuth Client [INFO] oxauth-static [INFO] oxAuth RP [INFO] oxAuth RP Demo [INFO] oxAuth Common [INFO] oxAuth Server [INFO] rp-spring-boot [INFO] [INFO] ------------------------------------------------------------------------ [INFO] Building oxAuth 4.2.1.Final [INFO] ------------------------------------------------------------------------ [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ oxauth --- [INFO] Deleting /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/target [INFO] [INFO] --- maven-install-plugin:2.3.1:install (default-install) @ oxauth --- [INFO] Installing /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/pom.xml to /var/www/html/maven/org/gluu/oxauth/4.2.1.Final/oxauth-4.2.1.Final.pom [INFO] [INFO] >>> maven-javadoc-plugin:3.0.1:javadoc (default-cli) > generate-sources @ oxauth >>> [INFO] [INFO] <<< maven-javadoc-plugin:3.0.1:javadoc (default-cli) < generate-sources @ oxauth <<< [INFO] [INFO] --- maven-javadoc-plugin:3.0.1:javadoc (default-cli) @ oxauth --- [INFO] [INFO] --- maven-site-plugin:2.1.1:site (default-site) @ oxauth --- Downloading: https://repo2.maven.org/maven2/org/bouncycastle/org/apache/maven/skins/maven-default-skin/maven-metadata.xml [WARNING] Could not transfer metadata org.apache.maven.skins:maven-default-skin/maven-metadata.xml from/to bouncycastle (https://repo2.maven.org/maven2/org/bouncycastle): repo2.maven.org: Name or service not known [INFO] [INFO] ------------------------------------------------------------------------ [INFO] Building oxAuth Model 4.2.1.Final [INFO] ------------------------------------------------------------------------ Downloading: https://repo2.maven.org/maven2/org/bouncycastle/net/minidev/json-smart/maven-metadata.xml [WARNING] Could not transfer metadata net.minidev:json-smart/maven-metadata.xml from/to bouncycastle (https://repo2.maven.org/maven2/org/bouncycastle): repo2.maven.org [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ oxauth-model --- [INFO] Deleting /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-model --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Copying 1 resource [INFO] [INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-model --- [INFO] Compiling 194 source files to /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-model --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Copying 1 resource [INFO] [INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-model --- [INFO] Nothing to compile - all classes are up to date [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ oxauth-model --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Copying 4 resources [INFO] [INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ oxauth-model --- [INFO] Compiling 9 source files to /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/test-classes [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-model --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Copying 1 resource [INFO] [INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-model --- [INFO] Nothing to compile - all classes are up to date [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ oxauth-model --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Copying 4 resources [INFO] [INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ oxauth-model --- [INFO] Nothing to compile - all classes are up to date [INFO] [INFO] --- maven-surefire-plugin:2.19.1:test (default-test) @ oxauth-model --- ------------------------------------------------------- T E S T S ------------------------------------------------------- Running TestSuite CodeVerifier{codeVerifier='Nn0Da0N6vW09iLkUEsAATCxRIFrhyMdBkwFqDnOY_HjuBJHIkAiaDXO0uTEfhE1Yo7izdf3jiIK~EXRq7Gc~.vjLKfhreeYZdGIQBDLmby2egxfsDN92k9ZOqPjk02cs', codeChallenge='Nn0Da0N6vW09iLkUEsAATCxRIFrhyMdBkwFqDnOY_HjuBJHIkAiaDXO0uTEfhE1Yo7izdf3jiIK~EXRq7Gc~.vjLKfhreeYZdGIQBDLmby2egxfsDN92k9ZOqPjk02cs', transformationType=PLAIN} CodeVerifier{codeVerifier='2TLzX8pEf8fQTZu-l4U9q-vpyzfPc2duu.aO42DHmBMNS-bHz0hsh42GEoG7eNT_ak6sxa6vYRDFDKkHRqne3XcFSi_ODwxkBep1hA48xolVuy4DORi~pgg~qug9gIYK', codeChallenge='Z2oiXvueMU9o1nKgbGA9piIGaGRAIVL6ysivD1MKWww', transformationType=S256} Hi there from Javascript, Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 5.214 sec - in TestSuite Results : Tests run: 8, Failures: 0, Errors: 0, Skipped: 0 [INFO] [INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ oxauth-model --- [INFO] Building jar: /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/oxauth-model.jar [INFO] [INFO] --- maven-jar-plugin:2.4:test-jar (default) @ oxauth-model --- [INFO] Building jar: /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/oxauth-model-tests.jar [INFO] [INFO] --- maven-install-plugin:2.3.1:install (default-install) @ oxauth-model --- [INFO] Installing /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/oxauth-model.jar to /var/www/html/maven/org/gluu/oxauth-model/4.2.1.Final/oxauth-model-4.2.1.Final.jar [INFO] Installing /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/pom.xml to /var/www/html/maven/org/gluu/oxauth-model/4.2.1.Final/oxauth-model-4.2.1.Final.pom [INFO] Installing /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/oxauth-model-tests.jar to /var/www/html/maven/org/gluu/oxauth-model/4.2.1.Final/oxauth-model-4.2.1.Final-tests.jar [INFO] [INFO] >>> maven-javadoc-plugin:3.0.1:javadoc (default-cli) > generate-sources @ oxauth-model >>> [INFO] [INFO] <<< maven-javadoc-plugin:3.0.1:javadoc (default-cli) < generate-sources @ oxauth-model <<< [INFO] [INFO] --- maven-javadoc-plugin:3.0.1:javadoc (default-cli) @ oxauth-model --- [INFO] Loading source files for package org.gluu.oxauth.model.authorize... Loading source files for package org.gluu.oxauth.model.common... Loading source files for package org.gluu.oxauth.model.configuration... Loading source files for package org.gluu.oxauth.model.crypto... Loading source files for package org.gluu.oxauth.model.crypto.binding... Loading source files for package org.gluu.oxauth.model.crypto.encryption... Loading source files for package org.gluu.oxauth.model.crypto.signature... Loading source files for package org.gluu.oxauth.model.discovery... Loading source files for package org.gluu.oxauth.model.error... Loading source files for package org.gluu.oxauth.model.exception... Loading source files for package org.gluu.oxauth.model.fido.u2f... Loading source files for package org.gluu.oxauth.model.fido.u2f.exception... Loading source files for package org.gluu.oxauth.model.fido.u2f.message... Loading source files for package org.gluu.oxauth.model.fido.u2f.protocol... Loading source files for package org.gluu.oxauth.model.gluu... Loading source files for package org.gluu.oxauth.model.jwe... Loading source files for package org.gluu.oxauth.model.jwk... Loading source files for package org.gluu.oxauth.model.jws... Loading source files for package org.gluu.oxauth.model.jwt... Loading source files for package org.gluu.oxauth.model.register... Loading source files for package org.gluu.oxauth.model.session... Loading source files for package org.gluu.oxauth.model.token... Loading source files for package org.gluu.oxauth.model.uma... Loading source files for package org.gluu.oxauth.model.uma.persistence... Loading source files for package org.gluu.oxauth.model.uma.wrapper... Loading source files for package org.gluu.oxauth.model.userinfo... Loading source files for package org.gluu.oxauth.model.util... Loading source files for package org.gluu.oxauth.model.ciba... Loading source files for package org.gluu.oxauth.model.json... Constructing Javadoc information... Standard Doclet version 1.8.0_221 Building tree for all the packages and classes... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/AuthorizeErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/AuthorizeRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/AuthorizeResponseParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/CodeVerifier.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/CodeVerifier.CodeChallengeMethod.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/DeviceAuthorizationRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/DeviceAuthorizationResponseParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/DeviceAuthzErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/AuthenticationMethod.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/AuthorizationMethod.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/BackchannelTokenDeliveryMode.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/Display.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/GrantType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/HasParamName.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/Holder.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/Id.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/IdType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/IntrospectionResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/JSONable.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/PairwiseIdType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/ProgrammingLanguage.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/Prompt.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/ResponseMode.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/ResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/ScopeConstants.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/ScopeType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/SoftwareStatementValidationType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/SubjectType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/TokenType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/TokenTypeHint.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/WebKeyStorage.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/AppConfiguration.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/AuthenticationFilter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/AuthenticationProtectionConfiguration.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/BaseFilter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/CIBAEndUserNotificationConfig.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/ClientAuthenticationFilter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/Configuration.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/ConfigurationResponseClaim.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/CorsConfigurationFilter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/AbstractCryptoProvider.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/Certificate.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/CryptoProviderFactory.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/Key.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/KeyFactory.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/OxAuthCryptoProvider.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/OxElevenCryptoProvider.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/PrivateKey.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/PublicKey.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBinding.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingExtension.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingExtensionType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingID.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingKeyParameters.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingMessage.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingMessageParser.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingParseException.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingStream.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/BlockEncryptionAlgorithm.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/KeyEncryptionAlgorithm.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/AbstractSigner.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/AlgorithmFamily.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/AsymmetricSignatureAlgorithm.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/ECDSAKeyFactory.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/ECDSAPrivateKey.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/ECDSAPublicKey.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/ECEllipticCurve.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/RSAKeyFactory.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/RSAPrivateKey.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/RSAPublicKey.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/SignatureAlgorithm.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/Signer.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/OAuth2Discovery.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/WebFingerLink.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/WebFingerParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/DefaultErrorResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/ErrorHandlingMethod.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/ErrorResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/IErrorType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/InvalidClaimException.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/InvalidJweException.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/InvalidJwtException.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/InvalidParameterException.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/SignatureException.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/DeviceRegistrationStatus.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/U2fConfiguration.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/U2fConstants.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/U2fErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/BadInputException.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/RegistrationNotAllowed.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/RawAuthenticateResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/RawRegisterResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/AuthenticateRequest.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/AuthenticateRequestMessage.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/AuthenticateResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/AuthenticateStatus.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/ClientData.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/DeviceData.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/RegisterRequest.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/RegisterRequestMessage.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/RegisterResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/RegisterStatus.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/GluuConfiguration.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/GluuErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/AbstractJweDecrypter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/AbstractJweEncrypter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/Jwe.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/JweDecrypter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/JweDecrypterImpl.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/JweEncrypter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/JweEncrypterImpl.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/KeyDerivationFunction.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/Algorithm.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/JSONWebKey.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/JSONWebKeySet.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/JWKParameter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/KeyType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/Use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/AbstractJwsSigner.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/ECDSASigner.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/HMACSigner.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/JwsSigner.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/PlainTextSignature.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/RSASigner.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/Jwt.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtClaimName.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtClaims.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtClaimSet.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtHeader.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtHeaderName.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtStateClaimName.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtSubClaimObject.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/PureJwt.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/ApplicationType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/RegisterErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/RegisterRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/RegisterResponseParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/EndSessionErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/EndSessionRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/EndSessionResponseParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/ClientAssertionType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/JsonWebResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/TokenErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/TokenRevocationErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/TokenRevocationRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/ClaimTokenFormatType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/JsonLogic.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/JsonLogicNode.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/JsonLogicNodeParser.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/PermissionTicket.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/RptIntrospectionResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/RptProfiles.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/RPTResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaConstants.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaMetadata.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaNeedInfoResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaPermission.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaPermissionList.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaResource.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaResourceResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaResourceWithId.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaScopeDescription.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaScopeType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaTokenResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/UmaPermission.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/UmaResource.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/wrapper/Token.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/Schema.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/UserInfoErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/Base64Util.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/ByteUtils.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/CertUtils.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/HashUtil.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/JwtUtil.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/Pair.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/QueryBuilder.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/SecurityProviderUtility.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/StringUtils.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/SubjectIdentifierGenerator.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/URLPatternList.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/Util.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/BackchannelAuthenticationErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/BackchannelAuthenticationRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/BackchannelAuthenticationResponseParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/BackchannelDeviceRegistrationErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/FirebaseCloudMessagingRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/FirebaseCloudMessagingResponseParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/PushErrorRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/PushErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/PushTokenDeliveryRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/JsonApplier.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/PropertyDefinition.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/PropertyDefinition.ClassNames.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/overview-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/wrapper/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/wrapper/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/wrapper/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/constant-values.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/serialized-form.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/DeviceAuthzErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/DeviceAuthorizationResponseParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/DeviceAuthorizationRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/AuthorizeRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/AuthorizeErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/CodeVerifier.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/CodeVerifier.CodeChallengeMethod.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/AuthorizeResponseParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/SoftwareStatementValidationType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/ScopeType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/ScopeConstants.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/ResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/IntrospectionResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/GrantType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/BackchannelTokenDeliveryMode.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/WebKeyStorage.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/TokenTypeHint.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/TokenType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/SubjectType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/ResponseMode.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/Prompt.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/ProgrammingLanguage.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/PairwiseIdType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/JSONable.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/IdType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/Id.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/Holder.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/HasParamName.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/Display.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/AuthorizationMethod.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/AuthenticationMethod.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/AppConfiguration.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/ConfigurationResponseClaim.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/CIBAEndUserNotificationConfig.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/CorsConfigurationFilter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/Configuration.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/ClientAuthenticationFilter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/BaseFilter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/AuthenticationProtectionConfiguration.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/AuthenticationFilter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/CryptoProviderFactory.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/Certificate.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/PublicKey.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/PrivateKey.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/AbstractCryptoProvider.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/KeyFactory.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/Key.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/OxElevenCryptoProvider.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/OxAuthCryptoProvider.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingStream.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingParseException.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingMessageParser.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingMessage.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingKeyParameters.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingID.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingExtensionType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingExtension.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBinding.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/class-use/KeyEncryptionAlgorithm.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/class-use/BlockEncryptionAlgorithm.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/SignatureAlgorithm.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/AsymmetricSignatureAlgorithm.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/ECDSAKeyFactory.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/ECEllipticCurve.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/Signer.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/RSAPublicKey.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/RSAPrivateKey.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/RSAKeyFactory.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/ECDSAPublicKey.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/ECDSAPrivateKey.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/AlgorithmFamily.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/AbstractSigner.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/class-use/OAuth2Discovery.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/class-use/WebFingerParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/class-use/WebFingerLink.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/class-use/ErrorResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/class-use/DefaultErrorResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/class-use/IErrorType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/class-use/ErrorHandlingMethod.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/class-use/SignatureException.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/class-use/InvalidParameterException.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/class-use/InvalidJwtException.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/class-use/InvalidJweException.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/class-use/InvalidClaimException.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/class-use/U2fConfiguration.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/class-use/DeviceRegistrationStatus.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/class-use/U2fErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/class-use/U2fConstants.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/class-use/RegistrationNotAllowed.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/class-use/BadInputException.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/class-use/RawRegisterResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/class-use/RawAuthenticateResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/AuthenticateResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/RegisterStatus.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/RegisterResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/RegisterRequestMessage.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/RegisterRequest.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/DeviceData.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/ClientData.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/AuthenticateStatus.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/AuthenticateRequestMessage.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/AuthenticateRequest.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/class-use/GluuConfiguration.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/class-use/GluuErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/KeyDerivationFunction.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/JweEncrypterImpl.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/JweEncrypter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/JweDecrypterImpl.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/JweDecrypter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/Jwe.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/AbstractJweEncrypter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/AbstractJweDecrypter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/class-use/JSONWebKey.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/class-use/Use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/class-use/KeyType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/class-use/JWKParameter.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/class-use/JSONWebKeySet.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/class-use/Algorithm.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/class-use/ECDSASigner.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/class-use/RSASigner.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/class-use/PlainTextSignature.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/class-use/JwsSigner.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/class-use/HMACSigner.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/class-use/AbstractJwsSigner.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtHeader.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtClaims.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtClaimSet.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtClaimName.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/PureJwt.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtSubClaimObject.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtStateClaimName.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtHeaderName.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/Jwt.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/class-use/RegisterRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/class-use/RegisterErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/class-use/RegisterResponseParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/class-use/ApplicationType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/class-use/EndSessionResponseParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/class-use/EndSessionRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/class-use/EndSessionErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/class-use/TokenErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/class-use/JsonWebResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/class-use/TokenRevocationRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/class-use/TokenRevocationErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/class-use/ClientAssertionType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaScopeDescription.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaPermission.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/JsonLogic.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaTokenResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaResource.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaMetadata.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaScopeType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaResourceWithId.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaResourceResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaPermissionList.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaNeedInfoResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaConstants.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/RptProfiles.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/RptIntrospectionResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/RPTResponse.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/PermissionTicket.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/JsonLogicNodeParser.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/JsonLogicNode.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/ClaimTokenFormatType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/class-use/UmaResource.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/class-use/UmaPermission.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/wrapper/class-use/Token.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/class-use/UserInfoErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/class-use/Schema.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/HashUtil.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/CertUtils.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/Util.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/StringUtils.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/QueryBuilder.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/JwtUtil.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/URLPatternList.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/SubjectIdentifierGenerator.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/SecurityProviderUtility.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/Pair.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/ByteUtils.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/Base64Util.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/PushTokenDeliveryRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/PushErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/PushErrorRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/FirebaseCloudMessagingResponseParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/FirebaseCloudMessagingRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/BackchannelDeviceRegistrationErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/BackchannelAuthenticationResponseParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/BackchannelAuthenticationRequestParam.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/BackchannelAuthenticationErrorResponseType.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/class-use/PropertyDefinition.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/class-use/PropertyDefinition.ClassNames.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/class-use/JsonApplier.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/wrapper/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/package-use.html... Building index for all the packages and classes... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/overview-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/index-all.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/deprecated-list.html... Building index for all classes... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/allclasses-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/allclasses-noframe.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/index.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/overview-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/help-doc.html... 8 errors 16 warnings [ERROR] Error while creating javadoc report: Exit code: 1 - /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/common/ScopeType.java:33: warning: empty <p> tag * <p> ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:9: error: malformed HTML * opaque signature<64..2^16-1>; Signature over the concatenation ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:9: error: bad use of '>' * opaque signature<64..2^16-1>; Signature over the concatenation ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:13: error: malformed HTML * TB_Extension extensions<0..2^16-1>; ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:13: error: bad use of '>' * TB_Extension extensions<0..2^16-1>; ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingExtension.java:8: error: malformed HTML * opaque extension_data<0..2^16-1>; ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingExtension.java:8: error: bad use of '>' * opaque extension_data<0..2^16-1>; ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingMessage.java:16: error: malformed HTML * TokenBinding tokenbindings<132..2^16-1>; ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingMessage.java:16: error: bad use of '>' * TokenBinding tokenbindings<132..2^16-1>; ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/fido/u2f/message/RawAuthenticateResponse.java:37: warning: no @return public byte getUserPresence() { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/fido/u2f/message/RawAuthenticateResponse.java:45: warning: no @return public long getCounter() { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/fido/u2f/message/RawAuthenticateResponse.java:52: warning: no @return public byte[] getSignature() { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:44: warning: no @return public JwtHeader setType(JwtType type) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:63: warning: no @return public JwtHeader setAlgorithm(SignatureAlgorithm algorithm) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:77: warning: no @return public JwtHeader setAlgorithm(KeyEncryptionAlgorithm algorithm) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:96: warning: no @return public JwtHeader setKeyId(String keyId) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/uma/UmaNeedInfoResponse.java:66: warning: no @param for clientId public String buildClaimsGatheringUrl(String clientId, String claimsRedirectUri) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/uma/UmaNeedInfoResponse.java:66: warning: no @param for claimsRedirectUri public String buildClaimsGatheringUrl(String clientId, String claimsRedirectUri) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/StringUtils.java:181: warning: no @param for length public static String generateRandomReadableCode(byte length) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/StringUtils.java:181: warning: no @return public static String generateRandomReadableCode(byte length) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/StringUtils.java:198: warning: no @return public static String generateRandomCode(byte seedLength) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/Util.java:215: warning: no description for @return * @return ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/json/JsonApplier.java:152: warning: no @param for source public void transfer(Object source, Object target) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/json/JsonApplier.java:152: warning: no @param for target public void transfer(Object source, Object target) { ^ Command line was: /opt/java/jdk1.8.0_221/jre/../bin/javadoc @options @packages Refer to the generated Javadoc files in '/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs' dir. org.apache.maven.reporting.MavenReportException: Exit code: 1 - /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/common/ScopeType.java:33: warning: empty <p> tag * <p> ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:9: error: malformed HTML * opaque signature<64..2^16-1>; Signature over the concatenation ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:9: error: bad use of '>' * opaque signature<64..2^16-1>; Signature over the concatenation ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:13: error: malformed HTML * TB_Extension extensions<0..2^16-1>; ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:13: error: bad use of '>' * TB_Extension extensions<0..2^16-1>; ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingExtension.java:8: error: malformed HTML * opaque extension_data<0..2^16-1>; ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingExtension.java:8: error: bad use of '>' * opaque extension_data<0..2^16-1>; ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingMessage.java:16: error: malformed HTML * TokenBinding tokenbindings<132..2^16-1>; ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingMessage.java:16: error: bad use of '>' * TokenBinding tokenbindings<132..2^16-1>; ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/fido/u2f/message/RawAuthenticateResponse.java:37: warning: no @return public byte getUserPresence() { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/fido/u2f/message/RawAuthenticateResponse.java:45: warning: no @return public long getCounter() { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/fido/u2f/message/RawAuthenticateResponse.java:52: warning: no @return public byte[] getSignature() { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:44: warning: no @return public JwtHeader setType(JwtType type) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:63: warning: no @return public JwtHeader setAlgorithm(SignatureAlgorithm algorithm) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:77: warning: no @return public JwtHeader setAlgorithm(KeyEncryptionAlgorithm algorithm) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:96: warning: no @return public JwtHeader setKeyId(String keyId) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/uma/UmaNeedInfoResponse.java:66: warning: no @param for clientId public String buildClaimsGatheringUrl(String clientId, String claimsRedirectUri) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/uma/UmaNeedInfoResponse.java:66: warning: no @param for claimsRedirectUri public String buildClaimsGatheringUrl(String clientId, String claimsRedirectUri) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/StringUtils.java:181: warning: no @param for length public static String generateRandomReadableCode(byte length) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/StringUtils.java:181: warning: no @return public static String generateRandomReadableCode(byte length) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/StringUtils.java:198: warning: no @return public static String generateRandomCode(byte seedLength) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/Util.java:215: warning: no description for @return * @return ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/json/JsonApplier.java:152: warning: no @param for source public void transfer(Object source, Object target) { ^ /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/json/JsonApplier.java:152: warning: no @param for target public void transfer(Object source, Object target) { ^ Command line was: /opt/java/jdk1.8.0_221/jre/../bin/javadoc @options @packages Refer to the generated Javadoc files in '/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs' dir. at org.apache.maven.plugins.javadoc.AbstractJavadocMojo.executeJavadocCommandLine(AbstractJavadocMojo.java:5298) at org.apache.maven.plugins.javadoc.AbstractJavadocMojo.executeReport(AbstractJavadocMojo.java:2134) at org.apache.maven.plugins.javadoc.JavadocReport.generate(JavadocReport.java:134) at org.apache.maven.plugins.javadoc.JavadocReport.doExecute(JavadocReport.java:329) at org.apache.maven.plugins.javadoc.AbstractJavadocMojo.execute(AbstractJavadocMojo.java:1912) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193) at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106) at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863) at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288) at org.apache.maven.cli.MavenCli.main(MavenCli.java:199) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289) at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415) at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356) [INFO] [INFO] --- maven-site-plugin:2.1.1:site (default-site) @ oxauth-model --- [INFO] [INFO] ------------------------------------------------------------------------ [INFO] Building Persistence model 4.2.1.Final [INFO] ------------------------------------------------------------------------ [WARNING] Failure to transfer net.minidev:json-smart/maven-metadata.xml from https://repo2.maven.org/maven2/org/bouncycastle was cached in the local repository, resolution will not be reattempted until the update interval of bouncycastle has elapsed or updates are forced. Original error: Could not transfer metadata net.minidev:json-smart/maven-metadata.xml from/to bouncycastle (https://repo2.maven.org/maven2/org/bouncycastle): repo2.maven.org [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ oxauth-persistence-model --- [INFO] Deleting /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-persistence-model --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Copying 1 resource [INFO] [INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-persistence-model --- [INFO] Compiling 10 source files to /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-persistence-model --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Copying 1 resource [INFO] [INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-persistence-model --- [INFO] Nothing to compile - all classes are up to date [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ oxauth-persistence-model --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] skip non existing resourceDirectory /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ oxauth-persistence-model --- [INFO] No sources to compile [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-persistence-model --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Copying 1 resource [INFO] [INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-persistence-model --- [INFO] Nothing to compile - all classes are up to date [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ oxauth-persistence-model --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] skip non existing resourceDirectory /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ oxauth-persistence-model --- [INFO] No sources to compile [INFO] [INFO] --- maven-surefire-plugin:2.19.1:test (default-test) @ oxauth-persistence-model --- [INFO] Tests are skipped. [INFO] [INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ oxauth-persistence-model --- [INFO] Building jar: /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/oxauth-persistence-model.jar [INFO] [INFO] --- maven-jar-plugin:2.4:test-jar (default) @ oxauth-persistence-model --- [WARNING] JAR will be empty - no content was marked for inclusion! [INFO] Building jar: /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/oxauth-persistence-model-tests.jar [INFO] [INFO] --- maven-install-plugin:2.3.1:install (default-install) @ oxauth-persistence-model --- [INFO] Installing /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/oxauth-persistence-model.jar to /var/www/html/maven/org/gluu/oxauth-persistence-model/4.2.1.Final/oxauth-persistence-model-4.2.1.Final.jar [INFO] Installing /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/pom.xml to /var/www/html/maven/org/gluu/oxauth-persistence-model/4.2.1.Final/oxauth-persistence-model-4.2.1.Final.pom [INFO] Installing /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/oxauth-persistence-model-tests.jar to /var/www/html/maven/org/gluu/oxauth-persistence-model/4.2.1.Final/oxauth-persistence-model-4.2.1.Final-tests.jar [INFO] [INFO] >>> maven-javadoc-plugin:3.0.1:javadoc (default-cli) > generate-sources @ oxauth-persistence-model >>> [INFO] [INFO] <<< maven-javadoc-plugin:3.0.1:javadoc (default-cli) < generate-sources @ oxauth-persistence-model <<< [INFO] [INFO] --- maven-javadoc-plugin:3.0.1:javadoc (default-cli) @ oxauth-persistence-model --- [INFO] Loading source files for package org.oxauth.persistence.model... Loading source files for package org.oxauth.persistence.model.base... Loading source files for package org.oxauth.persistence.model.configuration... Constructing Javadoc information... Standard Doclet version 1.8.0_221 Building tree for all the packages and classes... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/ClientAttributes.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/PairwiseIdentifier.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/Scope.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/ScopeAttributes.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/SectorIdentifier.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/base/Entry.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/CustomProperty.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/GluuConfiguration.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/InumEntry.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/oxIDPAuthConf.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/overview-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/base/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/base/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/base/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/package-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/package-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/package-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/constant-values.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/serialized-form.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/class-use/ScopeAttributes.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/class-use/Scope.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/class-use/ClientAttributes.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/class-use/PairwiseIdentifier.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/class-use/SectorIdentifier.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/base/class-use/Entry.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/class-use/GluuConfiguration.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/class-use/oxIDPAuthConf.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/class-use/InumEntry.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/class-use/CustomProperty.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/base/package-use.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/package-use.html... Building index for all the packages and classes... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/overview-tree.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/index-all.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/deprecated-list.html... Building index for all classes... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/allclasses-frame.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/allclasses-noframe.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/index.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/overview-summary.html... Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/help-doc.html... [INFO] [INFO] --- maven-site-plugin:2.1.1:site (default-site) @ oxauth-persistence-model --- [INFO] [INFO] ------------------------------------------------------------------------ [INFO] Building oxAuth Client 4.2.1.Final [INFO] ------------------------------------------------------------------------ [WARNING] Failure to transfer net.minidev:json-smart/maven-metadata.xml from https://repo2.maven.org/maven2/org/bouncycastle was cached in the local repository, resolution will not be reattempted until the update interval of bouncycastle has elapsed or updates are forced. Original error: Could not transfer metadata net.minidev:json-smart/maven-metadata.xml from/to bouncycastle (https://repo2.maven.org/maven2/org/bouncycastle): repo2.maven.org [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ oxauth-client --- [INFO] Deleting /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/target [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-client --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] skip non existing resourceDirectory /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-client --- [INFO] Compiling 87 source files to /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-client --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] skip non existing resourceDirectory /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-client --- [INFO] Nothing to compile - all classes are up to date [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ oxauth-client --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Copying 15 resources [INFO] [INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ oxauth-client --- [INFO] Compiling 178 source files to /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/target/test-classes [WARNING] /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/src/test/java/org/gluu/oxauth/ws/rs/WebKeysTest.java:[15,24] X509CertImpl is internal proprietary API and may be removed in a future release [WARNING] /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/src/test/java/org/gluu/oxauth/ws/rs/WebKeysTest.java:[15,24] X509CertImpl is internal proprietary API and may be removed in a future release [WARNING] /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/src/test/java/org/gluu/oxauth/ws/rs/WebKeysTest.java:[15,24] X509CertImpl is internal proprietary API and may be removed in a future release [WARNING] /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/src/test/java/org/gluu/oxauth/ws/rs/WebKeysTest.java:[48,35] X509CertImpl is internal proprietary API and may be removed in a future release [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-client --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] skip non existing resourceDirectory /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-client --- [INFO] Nothing to compile - all classes are up to date [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ oxauth-client --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Copying 15 resources [INFO] [INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ oxauth-client --- [INFO] Nothing to compile - all classes are up to date [INFO] [INFO] --- maven-surefire-plugin:2.19.1:test (default-test) @ oxauth-client --- ------------------------------------------------------- T E S T S ------------------------------------------------------- Running TestSuite Invoked init test suite method ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:22 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:22 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: authorizationRequestAlgA128KWEncA128GCM ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "request_object_encryption_alg" : "A128KW", "application_type" : "web", "userinfo_encrypted_response_enc" : "A128GCM", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "userinfo_encrypted_response_alg" : "A128KW", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "additional_audience" : [ ], "id_token_encrypted_response_alg" : "A128KW", "id_token_encrypted_response_enc" : "A128GCM", "oxIncludeClaimsInIdToken" : "true", "client_name" : "oxAuth test app", "request_object_encryption_enc" : "A128GCM", "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:23 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestAlgA256KWEncA256GCM ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "request_object_encryption_alg" : "A256KW", "application_type" : "web", "userinfo_encrypted_response_enc" : "A256GCM", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "userinfo_encrypted_response_alg" : "A256KW", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "additional_audience" : [ ], "id_token_encrypted_response_alg" : "A256KW", "id_token_encrypted_response_enc" : "A256GCM", "oxIncludeClaimsInIdToken" : "true", "client_name" : "oxAuth test app", "request_object_encryption_enc" : "A256GCM", "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:23 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestAlgRSA15EncA128CBCPLUSHS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "request_object_encryption_alg" : "RSA1_5", "application_type" : "web", "userinfo_encrypted_response_enc" : "A128CBC+HS256", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "userinfo_encrypted_response_alg" : "RSA1_5", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "additional_audience" : [ ], "id_token_encrypted_response_alg" : "RSA1_5", "id_token_encrypted_response_enc" : "A128CBC+HS256", "oxIncludeClaimsInIdToken" : "true", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "client_name" : "oxAuth test app", "request_object_encryption_enc" : "A128CBC+HS256", "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:23 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestAlgRSA15EncA256CBCPLUSHS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "request_object_encryption_alg" : "RSA1_5", "application_type" : "web", "userinfo_encrypted_response_enc" : "A256CBC+HS512", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "userinfo_encrypted_response_alg" : "RSA1_5", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "additional_audience" : [ ], "id_token_encrypted_response_alg" : "RSA1_5", "id_token_encrypted_response_enc" : "A256CBC+HS512", "oxIncludeClaimsInIdToken" : "true", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "client_name" : "oxAuth test app", "request_object_encryption_enc" : "A256CBC+HS512", "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:24 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestAlgRSAOAEPEncA256GCM ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "request_object_encryption_alg" : "RSA-OAEP", "application_type" : "web", "userinfo_encrypted_response_enc" : "A256GCM", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "userinfo_encrypted_response_alg" : "RSA-OAEP", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "additional_audience" : [ ], "id_token_encrypted_response_alg" : "RSA-OAEP", "id_token_encrypted_response_enc" : "A256GCM", "oxIncludeClaimsInIdToken" : "true", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "client_name" : "oxAuth test app", "request_object_encryption_enc" : "A256GCM", "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:24 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestDefault ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "oxIncludeClaimsInIdToken" : "true", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:24 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestES256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "oxIncludeClaimsInIdToken" : "true", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "ES256", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "ES256", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "ES256" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:24 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestES384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "oxIncludeClaimsInIdToken" : "true", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "ES384", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "ES384", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "ES384" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:24 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestES512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "oxIncludeClaimsInIdToken" : "true", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "ES512", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "ES512", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "ES512" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:24 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestHS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "oxIncludeClaimsInIdToken" : "true", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "HS256", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "HS256", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "HS256" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:24 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestHS384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "oxIncludeClaimsInIdToken" : "true", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "HS384", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "HS384", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "HS384" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:25 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestHS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "oxIncludeClaimsInIdToken" : "true", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "HS512", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "HS512", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "HS512" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:25 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestPS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "oxIncludeClaimsInIdToken" : "true", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "PS256", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "PS256", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "PS256" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:25 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestPS384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "oxIncludeClaimsInIdToken" : "true", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "PS384", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "PS384", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "PS384" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:25 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestPS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "oxIncludeClaimsInIdToken" : "true", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "PS512", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "PS512", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "PS512" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:25 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestRS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "oxIncludeClaimsInIdToken" : "true", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "RS256", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "RS256", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "RS256" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:25 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestRS384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "oxIncludeClaimsInIdToken" : "true", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "RS384", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "RS384", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "RS384" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:25 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestRS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "oxIncludeClaimsInIdToken" : "true", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "RS512", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "RS512", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "RS512" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:25 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:25 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:26 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: applicationTypeNativeSubjectTypePairwise ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "subject_type" : "pairwise", "application_type" : "native", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:26 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: applicationTypeNativeSubjectTypePublic ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "subject_type" : "public", "application_type" : "native", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:26 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: applicationTypeWeb ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:26 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: applicationTypeWebFail1 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "http://client.example.com/cb" ], "client_name" : "oxAuth test app", "additional_audience" : [ ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 114 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:26 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "Value of one or more redirect_uris is invalid.", "error": "invalid_redirect_uri" } ####################################################### TEST: omittedApplicationType ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:26 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:26 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:26 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: tokenBindingWithImplicitFlow ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "oxAuthTrustedClient" : "true", "grant_types" : [ "password" ], "application_type" : "web", "id_token_token_binding_cnf" : "tbh", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ], "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 105 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:26 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The authorization server denied the request.", "error": "access_denied" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:26 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:26 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: accessTokenAsJwt ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "access_token_as_jwt" : "true", "application_type" : "web", "scope" : "openid profile address email phone user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ], "access_token_signing_alg" : "RS512", "client_name" : "access token as JWT test", "additional_audience" : [ ], "response_types" : [ "code", "id_token", "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:27 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:27 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:27 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: spontaneousScope ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "allow_spontaneous_scopes" : true, "application_type" : "web", "scope" : "openid profile address email phone user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ], "client_name" : "Spontaneous scope test", "additional_audience" : [ ], "spontaneous_scopes" : [ "^transaction:.+$" ], "response_types" : [ "code", "id_token", "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:27 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:27 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:27 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "allow_spontaneous_scopes" : true, "grant_types" : [ "authorization_code", "implicit", "password", "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:uma-ticket", "urn:openid:params:grant-type:ciba", "urn:ietf:params:oauth:grant-type:device_code" ], "application_type" : "web", "scope" : "openid uma_protection profile address email phone user_name", "redirect_uris" : [ "https://cb.example.com" ], "client_name" : "UMA Spontaneous scope test", "additional_audience" : [ ], "response_types" : [ "code", "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 105 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:27 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The authorization server denied the request.", "error": "access_denied" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:27 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:27 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: authorizationCodeFlow ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email phone user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth select accounts test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:30 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:30 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:30 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: authorizationCodeDynamicScopeFlow ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name org_name work_phone", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:30 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationCodeFlow ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email phone user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:30 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationCodeFlowLoginHint ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:30 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationCodeFlowNegativeTest ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:30 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationCodeFlowWithOptionalNonce ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:30 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationCodeWithNotAllowedScopeFlow ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:30 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: revokeTokens ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:31 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:31 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:31 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: AuthorizationResponseCustomHeaderTest ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "oxAuthTrustedClient" : "true", "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:31 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: AuthorizationResponseCustomHeaderTest ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "oxAuthTrustedClient" : "true", "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:31 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: AuthorizationResponseCustomHeaderTest ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "oxAuthTrustedClient" : "true", "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:31 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: AuthorizationResponseCustomHeaderTest ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "oxAuthTrustedClient" : "true", "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:31 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: AuthorizationResponseCustomHeaderTest ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "oxAuthTrustedClient" : "true", "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:31 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: AuthorizationResponseCustomHeaderTest ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "oxAuthTrustedClient" : "true", "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:31 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: AuthorizationResponseCustomHeaderTest ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "oxAuthTrustedClient" : "true", "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:32 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:32 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:32 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: defaultResponseModeBasicCode ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:32 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: defaultResponseModeHybridCodeIdToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:32 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: defaultResponseModeHybridCodeIdTokenToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token", "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:32 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: defaultResponseModeHybridCodeToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:32 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: defaultResponseModeImplicitIdToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:32 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: defaultResponseModeImplicitIdTokenToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token", "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:32 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: formPostResponseModeBasicCode ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:33 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: formPostResponseModeHybridCodeIdToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:34 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: formPostResponseModeHybridCodeIdTokenToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token", "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:34 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: formPostResponseModeHybridCodeToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:34 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: formPostResponseModeImplicitIdToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:34 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: formPostResponseModeImplicitIdTokenToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token", "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:34 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: fragmentResponseModeBasicCode ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:34 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: fragmentResponseModeHybridCodeIdToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:34 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: fragmentResponseModeHybridCodeIdTokenToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token", "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:34 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: fragmentResponseModeHybridCodeToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:35 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: fragmentResponseModeImplicitIdToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:35 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: fragmentResponseModeImplicitIdTokenToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token", "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:35 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: queryResponseModeBasicCode ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:35 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: queryResponseModeHybridCodeIdToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:35 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: queryResponseModeHybridCodeIdTokenToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token", "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:35 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: queryResponseModeHybridCodeToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:35 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: queryResponseModeImplicitIdToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:36 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: queryResponseModeImplicitIdTokenToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token", "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:36 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:36 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:36 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: requestAuthorizationAccessToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:36 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationAccessTokenFail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:36 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationAccessTokenSubjectTypePublic ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "subject_type" : "public", "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:36 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationAccessTokenUserBasicAuth ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:36 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationCode ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:36 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationCodeFail1 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/authorize HTTP/1.1 Host: ce-dev5.gluu.org Authorization: Basic dGVzdF91c2VyOnRlc3RfdXNlcl9wYXNzd29yZA== response_type=code ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 187 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:37 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "reason": "client_id is empty or blank.", "error_description": "The client is not authorized to request an access token using this method.", "error": "unauthorized_client" } ####################################################### TEST: requestAuthorizationCodeFail2 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:37 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationCodeFail3 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/authorize HTTP/1.1 Host: ce-dev5.gluu.org response_type=code&client_id=%40%211111%210008%21INVALID_VALUE&scope=openid+profile+address+email&redirect_uri=https%3A%2F%2Fce-dev5.gluu.org%2Foxauth-rp%2Fhome.htm&state=8323d758-923e-4ff7-9fee-ca5244913204 ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 401 Connection: Keep-Alive Content-Length: 234 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:37 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "reason": "Unable to find client.", "error_description": "The client is not authorized to request an access token using this method.", "state": "8323d758-923e-4ff7-9fee-ca5244913204", "error": "unauthorized_client" } ####################################################### TEST: requestAuthorizationCodeFail4 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:37 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationCodeIdToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:37 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationCodeIdTokenUserBasicAuth ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:37 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationCodeNoRedirection ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:37 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationCodeUserBasicAuth ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:37 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationCodeWithoutRedirectUri ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ], "client_name" : "oxAuth test app", "additional_audience" : [ ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:38 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationCodeWithoutRedirectUriFail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "oxAuthTrustedClient" : "true", "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:38 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationCodeWithoutRedirectUriUserBasicAuth ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "oxAuthTrustedClient" : "true", "subject_type" : "public", "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ], "client_name" : "oxAuth test app", "additional_audience" : [ ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:38 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationDenyAccessThenGrantAccess ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:38 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationIdToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:38 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationIdTokenUserBasicAuth ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:38 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationObjectUILocales ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:38 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationPromptConsent ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:38 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationPromptConsentTrustedClient ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "oxAuthTrustedClient" : "true", "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:38 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationPromptLogin ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:38 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationPromptLoginConsent ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:39 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationPromptLoginConsentTrustedClient ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "oxAuthTrustedClient" : "true", "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:39 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationPromptNoneFail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:39 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationPromptLoginConsent ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:39 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationPromptNoneTrustedClient ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "oxAuthTrustedClient" : "true", "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:39 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:39 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationTokenCode ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:39 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationTokenCodeIdToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:39 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationTokenCodeIdTokenUserBasicAuth ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:40 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationTokenCodeUserBasicAuth ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:40 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationTokenFail1 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/authorize HTTP/1.1 Host: ce-dev5.gluu.org Authorization: Basic dGVzdF91c2VyOnRlc3RfdXNlcl9wYXNzd29yZA== response_type=token&redirect_uri=https%3A%2F%2Fce-dev5.gluu.org%2Foxauth-rp%2Fhome.htm&state=f874a803-3fff-4680-83bd-298bb45bf9ab ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 240 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:40 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "reason": "client_id is empty or blank.", "error_description": "The client is not authorized to request an access token using this method.", "state": "f874a803-3fff-4680-83bd-298bb45bf9ab", "error": "unauthorized_client" } ####################################################### TEST: requestAuthorizationTokenFail2 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:40 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationTokenIdToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:40 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationTokenIdTokenUserBasicAuth ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:40 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationTokenUserBasicAuth ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:40 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationUILocales ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:40 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestAuthorizationWithoutScope ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:41 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:41 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:41 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: requestSessionIdAuthorizationCode1 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:41 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestSessionIdAuthorizationCode2 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:41 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:41 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:41 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: requestClientRegistrationWithCustomAttributes ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "oxAuthTrustedClient" : "true", "myCustomAttr1" : "4fed1907-e3ae-4da2-bd05-73ad07099815", "grant_types" : [ "password" ], "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 105 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:41 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The authorization server denied the request.", "error": "access_denied" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:41 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:41 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: clientSecretBasicAuthenticationMethod ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "client_credentials" ], "application_type" : "web", "scope" : "openid profile address email clientinfo", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "client_secret_basic" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:41 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: clientSecretBasicAuthenticationMethodFail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "client_secret_basic" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:41 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: clientSecretJwtAuthenticationMethodHS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "client_credentials" ], "application_type" : "web", "scope" : "clientinfo", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "client_secret_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:42 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: clientSecretJwtAuthenticationMethodHS256Fail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "client_secret_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:42 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: clientSecretJwtAuthenticationMethodHS384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "client_credentials" ], "application_type" : "web", "scope" : "clientinfo", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "client_secret_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:42 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: clientSecretJwtAuthenticationMethodHS384Fail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "client_secret_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:42 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: clientSecretJwtAuthenticationMethodHS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "client_credentials" ], "application_type" : "web", "scope" : "clientinfo", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "client_secret_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:42 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: clientSecretJwtAuthenticationMethodHS512Fail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "client_secret_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:42 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: clientSecretPostAuthenticationMethod ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "client_credentials" ], "application_type" : "web", "scope" : "clientinfo", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "client_secret_post" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:42 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: clientSecretPostAuthenticationMethodFail1 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "client_secret_post" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:42 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: clientSecretPostAuthenticationMethodFail2 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "client_secret_post" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:43 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: clientSecretPostAuthenticationMethodFail3 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "client_secret_post" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:43 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: defaultAuthenticationMethod ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "client_credentials" ], "application_type" : "web", "scope" : "clientinfo", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:43 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: defaultAuthenticationMethodFail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:43 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodES256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "client_credentials" ], "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:43 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodES256Fail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:43 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodES384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "client_credentials" ], "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:43 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodES384Fail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:43 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodES512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "client_credentials" ], "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:44 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodES512Fail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:44 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodPS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "client_credentials" ], "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:44 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodPS256Fail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:44 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodPS384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "client_credentials" ], "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:44 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodPS384Fail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:44 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodPS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "client_credentials" ], "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:44 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodPS512Fail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:44 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodRS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "client_credentials" ], "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:44 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodRS256Fail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:45 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodRS384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "client_credentials" ], "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:45 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodRS384Fail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:45 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodRS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "client_credentials" ], "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:45 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: privateKeyJwtAuthenticationMethodRS512Fail ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "scope" : "clientinfo", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "token_endpoint_auth_method" : "private_key_jwt" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:45 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:45 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:45 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: requestClientInfoImplicitFlow ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:45 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClientInfoInvalidRequest ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/clientinfo HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 273 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:45 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, uses more than one method for including an access token, or is otherwise malformed.", "error": "invalid_request" } ####################################################### TEST: requestClientInfoInvalidToken ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/clientinfo HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 291 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:46 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "reason": "Unable to find grant object associated with access token.", "error_description": "The access token provided is expired, revoked, malformed, or invalid for other reasons. Try to request a new access token and retry the protected resource.", "error": "invalid_token" } ####################################################### TEST: requestClientInfoPasswordFlow ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "grant_types" : [ "password" ], "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 105 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:46 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The authorization server denied the request.", "error": "access_denied" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:46 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:46 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: authorizationCodeFlow ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email phone user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:46 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: testEncode1 ####################################################### ####################################################### TEST: testEncode2 ####################################################### ####################################################### TEST: testEncode3 ####################################################### ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:46 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:46 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: authorizationCodeFlow ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email phone user_name", "access_token_lifetime" : 3, "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:46 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:46 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:46 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: requestClientAssociate ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:46 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClientAssociateInBlackList ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://www.attacker.com" ], "client_name" : "oxAuth test app", "additional_audience" : [ ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 114 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:46 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "Value of one or more redirect_uris is invalid.", "error": "invalid_redirect_uri" } ####################################################### TEST: testUrlPatterList ####################################################### ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:46 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:46 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:46 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } ####################################################### TEST: OpenID Connect Configuration ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:46 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:47 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:47 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: enableClientToRestrictJavascriptOrigin ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "authorized_origins" : [ "https://ce.gluu.info:8443" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email phone user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:47 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:47 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:47 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: encodeClaimsInStateParameterAlgA128KWEncA128GCM ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:47 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterAlgA256KWEncA256GCM ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:47 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterAlgRSA15EncA128CBCPLUSHS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:47 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterAlgRSA15EncA256CBCPLUSHS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:47 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterAlgRSAOAEPEncA256GCM ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:47 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterES256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:48 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterES384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:48 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterES512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:48 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterHS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:48 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterHS384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:48 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterHS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:48 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterPS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:48 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterPS384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:48 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterPS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:49 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterRS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:49 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterRS384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:49 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: encodeClaimsInStateParameterRS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:49 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: jwtStateAlgA128KWEncA128GCMTest ####################################################### Encrypted JWE State: eyJ0eXAiOiJKV1QiLCJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiQTEyOEtXIn0.g1tlogYL_VnPKdaPK_XmKGhFYAsHfAzw.V5hKusHTIo29pgxI.qX5z01KvAnrMMaHYr5EsaZKpo9kGgBQEuUPT-RJFfQCM0UNmwHj2zICZV-HjDpSCu8uX5Nl6Fuv51fuJwX39tb1ZGdav_CWPJm6Miypaj0Yn4X2zh0j8s1zhrLf-V1FwRg3zqcObAr2RVCpIW_LSWqNN065rntP3wl3HBUfxhm-E8oVLmSrhePKPkYfMsu8iBKi5uBZ4cpvBeT33D1bHDYeI1xJELNBE07ZrkzHqoq8Bwik0TLqh2sSe8sdq0ajd0IBuEhGVy4B1n1l02KdixpzJkylcFt6mfYQKoVtm0XUoWbJZm-TvISeVpwN3aLwQ4W1d1spxVw.9PuVpox4fuN8HOqRtMar_w ####################################################### TEST: jwtStateAlgA256KWEncA256GCMTest ####################################################### Encrypted JWE State: eyJ0eXAiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiQTI1NktXIn0.RVObRvlC7KV_LYV_zsbcSbCogHw5brfzfwH7v9mXA7E3JSWEfMod1w.j-1hQA6fBmhtVOmf.P6m11-sOoQa7E1YpOItlKp7IrTbELaZxJ4K2sQnAvLgUhI42hgVPGVewoe6ZVGEDe0mC8FirqHnVRdV4OXTTA8ssJCI0ySsogtlFfWkY8XTxsrWbCqwHvMyn1NQgXHw5o5Bhe4YySL3_13HrHpjYaWB3WUjfNWjSBe9282Jui5ZTtku-AnEMWlY_xSTd1JukU-m4UNjvb0V8C9kZbONwEaJzX4ueql3FDTzeVWC3MRQ6D1OHKM9FJzAjF2rGDHPt1GuPOfa1ptN5BKq8ugXmoRuF7n_bZgjMoDZ-ThOuXjF_fHj9W9YecpUIFL-yvRgr7Fx6ggyn7w.6c7wbX1tzgMwN1zeb3npaw ####################################################### TEST: jwtStateAlgRSA15EncA128CBCPLUSHS256Test ####################################################### Encrypted JWE State: eyJraWQiOiI2ZmIxODU5YS01NGQ5LTQ3YzYtYTI5My05MmNlMmNlZTYzZTAiLCJ0eXAiOiJKV1QiLCJlbmMiOiJBMTI4Q0JDK0hTMjU2IiwiYWxnIjoiUlNBMV81In0.W7YcQyuxvyXTvOvyXAMwKg9Qg1KVoJ1JR1hn37xF_a4dOFB77mOpMX2JI4RX09iRbHbnZKmAcRqSCYEooJ5qeXQc9pvqRluA5NO6mLw2LQRiNGCbFRFd8eSoWIcVpKYKfky-D3MyCNFHStKs-zMFQYa6i8IflE6UYa_kVAistZaaYudPT60ZM10El6Q4Uc_RTqAXDC-Bo0pVqaKPQ2FG3jgaRAF3YwiKC5LTWAdO_dvqA3vtDK-_lRUQyAqpj1dFoB6q4GOKDVXObvPdc68_1qSelP6fIiNEQvtW7DqcE-pt8SUbzaGES1aCM8m3uywwVsU2952DpLFbpls0w5JqGA.25t8PhkL8kp5pQCFkEgr8g.HRQ7G-C23ZlAWNs0MVLoLd_Q66xfzGZSoEhdpTie90rqp7yB-WP3kE1ND336dBeS5IVNmcLZSfol0lEgH7CkpRaOpS4sqPoqrOXiKuT7wWn242Jw5uo8abcAoOzmRZ50aDoIOsT9ZO0g-lcmAwSv4L6z9LBZrNgbxSQbcg4sAL4KvY_lVWs11eRZQyNppWiFZxc4OT52WGRD960h_dXX5HMsAlm2QAnsDHHQGbRCT9o10kvRSxLRo2I96VMKF7vhOFOEmZlCsRRMZbcVuRV7NKyb57hAAd-XkXbWQMA62fSo72muB9pvoYwrLM2uEoYQuPS9hgiYO9gO4CdgqpZ3_1RcQNy-srwZaT9XqXfJFY-5TtLtKaTUYODLlWppdIO2R1OGhIPiHbfsdlrnkrwl8u4Ne7AWrJXsKHSSDTzYkOs.qQYNdfalN8kxyN8YvZl0oRU33IM7S6FGHdd0gvzHdfQ ####################################################### TEST: jwtStateAlgRSA15EncA256CBCPLUSHS512Test ####################################################### Encrypted JWE State: eyJraWQiOiI2ZmIxODU5YS01NGQ5LTQ3YzYtYTI5My05MmNlMmNlZTYzZTAiLCJ0eXAiOiJKV1QiLCJlbmMiOiJBMjU2Q0JDK0hTNTEyIiwiYWxnIjoiUlNBMV81In0.fQDknc97pc2Nu02W81Bgqudnd9xD-xDT-Nm9V0IQ286Ev8AbazIEu7T6Z4tsF6VgZRFx2qvb3Tba77JPyopBv6fEqV5jPQjHiW7P23wB91glmmVWFKM20Gd39jPE2oN1bhFRUdRzkEV0JCwJ63LAOVSc2k76m9xJplJVexmGeX-37vCQ5az4yoHZcaS8MNAJ3mE9uiK-DU9hQ-SdRA5j5Ko0moBI0ldtdUp2kgZI-QLk874DqftDTAcNA2wFD1MNrayPSEcmX9hdA1LUYm4H0Cjuiah4ny10RBddSeQfLcQNHsBcSfVplUYwpVEcmdod__9Xmp9wJOtO1Wg5CfGzsg.QB4Lfg2FZoRoOV9n2pWOww.XycVWfCBw9rgnYdjqpzQAnFmMVabwtTIgZ6ZkqeoC24imTvT-PY3pO8941u6hNXDJ1bySBOp0s6shEW1It7DVkeLwvaMcs-_FKWPGMeqpKba_wSWwGi3ZzvYo5TNhFf22tkufjg54K3h45jyRTmvtzOI3MJ5IwVMNwtVDrcd5kiY64pKAKBPUv3x4KDxRbmuoVe1b39uEHI-bbTCZ2VESzajdHoXCRvjGULiROArKdEpDYwsXVGcnui5Qi5ynDy7L8c3B50U5kCCIV39gQTLzABfOfuPXJOTfzyQv5sDeCjLwgJx_wx4FUaQ4kQseNjah5G8KbCpjzHVuqFy5aeIL26_p0vsh-V1GydV_SMv38FW6CxeCJvtwWmlLBhALt9h1l3MAjeMdlMshBsk_c4y2NuL5tX_eTVv56UwQ7Vx_5Y.s1pBkgcX2EVV5BS2hLrLgtlSHYNxAQxRDuMmVGzPDyNq68m1eYkgBeeL97-mDUG8Wf8BOTqNl_qyU5vwpCNcpA ####################################################### TEST: jwtStateAlgRSAOAEPEncA256GCMTest ####################################################### Encrypted JWE State: eyJraWQiOiI2ZmIxODU5YS01NGQ5LTQ3YzYtYTI5My05MmNlMmNlZTYzZTAiLCJ0eXAiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.HslL9AjoWiskdJh9wSZk3SgH8wDYgty584nqXbjh40e-S3iA2jZ_Ogv4plFLylZBx8QtSPj-kd8ghPLMIZFbTMUGJ-m868AxL9T-EnmDLwSE87nHruMWZY89nV_UEi8l5ue_zJNchgmfF6u685gYDV9EqRlgKk9Vft3I1KxluxrHbTI1e-8hWC8zStgbIaONtmLpLla4gvAEmaszPYkiKscGSZswzlXrUGYdYobKY_AwFDqbxdjgTnn8sSGVGkWcsPahvY50YIz67SZdD8qElPQPd5uD5PE46rvv8TYm2lDNkzepZgB3d8lkBlPvp_5yLlqY7lPU_12MT5dXfHJ68g.RlusFcnk_tUG71Ta.2Xg5AFbUHZ_CdhTv9SAx4Gq47mfIjDFwoI4CziyJs95YxLuXEl1zeJ4VZeFordMOGMSLtYBpj0n9cWVGxu4uVduVrTw9IIKuT2hR5gwslhSct2adZyb_GFkxhewseHU7HFMgzcMOoq9Uvrz54lIQIEkmxG4C406EgM6nZ5FAv5mT8UPaeoCeVtneQhG9QbJm8lDylfh4Cl9Wd5pZbOG9TYw5DlVohjeYDolxhutQIN-lDmb_n1WKSfzypuQkNSJ9a86CiJN6trQ-t23cGaMr-GoF0nbJHgHw5g8qI9yntDusp_GZfEnlJcEVFEd7SVgxW2o2fBINXcjqMvCp-uNgnqIORBJJWKlm81pdi3C3emwoywp35HjH-ekWgezTKtRFQ7BRKLP_ulz0_Kja1IF_N9qh-Q.DLFCCUZidMrsEV-ai3Jfiw ####################################################### TEST: jwtStateES256Test ####################################################### Signed JWS State: ewogICJraWQiIDogImE4YjYyYzlkLTY1ZWEtNDM4NC1hNDkxLWU1MjkyNGM0YTBlMyIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJFUzI1NiIKfQ.ewogICJraWQiIDogImE4YjYyYzlkLTY1ZWEtNDM4NC1hNDkxLWU1MjkyNGM0YTBlMyIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogIjI4ODVkN2FlLWI1YjktNDc5Yi1hZjEzLWViYTAwYzkyMDQ3YSIsCiAgImp0aSIgOiAiNzE2YzA1OTItNTVlMS00NGQ2LTkyZWEtOTFiYmMzYWUxZGVmIgp9.d3WW8MmYEVTejfYaS2HP0mo7ty0LKiGUxNQwvvknzPzAfkJDucLxCN7F-ZYHly2oDob-VaeSQk2BAQ4MXu8LqA ####################################################### TEST: jwtStateES384Test ####################################################### Signed JWS State: ewogICJraWQiIDogIjBiMWEwMTlmLWZjZmItNGQzZC05ODFiLTE2YjQ1MzU1ZGZkZiIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJFUzM4NCIKfQ.ewogICJraWQiIDogIjBiMWEwMTlmLWZjZmItNGQzZC05ODFiLTE2YjQ1MzU1ZGZkZiIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogImU5NDVmZjM1LTYwZGUtNDQwNy04Yzc0LWNlOWZjOTQ1ODYyZSIsCiAgImp0aSIgOiAiZTJlMTNjN2QtNTEwNS00ODVjLWJjMGYtYTU0YmZlMzAyMmQ3Igp9.0sc6kXKbzZsZ4Rk37DJjSRrg9JhwWNpLsFrHVuBB1kVF8WyxDAxUDC7AMQ9IO0ySO5zGgvrnk4Hg0bPCMepDmWrY87XXXEv0MnVIAHqb0a9uRndeI01VgW-F-ox8FM9L ####################################################### TEST: jwtStateES512Test ####################################################### Signed JWS State: ewogICJraWQiIDogIjA3YzkxN2VmLTk0M2YtNGE5YS05NjFjLWQzY2JhMjhjODFkNSIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJFUzUxMiIKfQ.ewogICJraWQiIDogIjA3YzkxN2VmLTk0M2YtNGE5YS05NjFjLWQzY2JhMjhjODFkNSIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogIjI4ODBlNjEzLTYwZDEtNGUyZC05NTM0LTk4Mjk4YzJkNTU2MCIsCiAgImp0aSIgOiAiNGU0NTU5NDctNDZjMC00NTJiLThhYjMtZDIzNzc1MjYxZDBlIgp9.AUDXdppF4YRkkrFIz1eilE9O_rj4mdfaIrfWVSyDDd6QvCvjAYWsVeSqO5waIFoIShcDi8RtzZDMpw246_4JZq7qABoB2gTvBhBPDJ4wRm9Usykuu4iwlZ7wF7_WLfnAfAdih5Fg3ZbjirOe9BDn8GvPLfTSMvOhD0FWwxNAbs_xu1to ####################################################### TEST: jwtStateHS256Test ####################################################### Signed JWS State: ewogICJ0eXAiIDogIkpXVCIsCiAgImFsZyIgOiAiSFMyNTYiCn0.ewogICJhZGRpdGlvbmFsX2NsYWltcyIgOiB7CiAgICAibW9yZSIgOiBbICJmb28iLCAiYmFyIiBdLAogICAgImxhc3RfbmFtZSIgOiAiUm9qYXMiLAogICAgImZpcnN0X25hbWUiIDogIkphdmllciIsCiAgICAiYWdlIiA6IDM0CiAgfSwKICAicmZwIiA6ICI5YjBkMGNjZC03MWNjLTQyNzUtODIzZi1mMGFkZGIzYmQ5NTkiLAogICJqdGkiIDogIjc0NDlmZDZiLWFjZDEtNDQzZi1iZWI1LWFlM2I3ODNmOGM1ZSIKfQ.7YTue6JJuv-V7LG9O2kDtPmdPts1XnyiZzzhBj1ivyQ ####################################################### TEST: jwtStateHS384Test ####################################################### Signed JWS State: ewogICJ0eXAiIDogIkpXVCIsCiAgImFsZyIgOiAiSFMzODQiCn0.ewogICJhZGRpdGlvbmFsX2NsYWltcyIgOiB7CiAgICAibW9yZSIgOiBbICJmb28iLCAiYmFyIiBdLAogICAgImxhc3RfbmFtZSIgOiAiUm9qYXMiLAogICAgImZpcnN0X25hbWUiIDogIkphdmllciIsCiAgICAiYWdlIiA6IDM0CiAgfSwKICAicmZwIiA6ICI4NTZmZmVhNS0wMWM0LTRiNzctOWY4OC02ZDNhN2ExZWE5OTUiLAogICJqdGkiIDogImIzZTcyYmY4LTU2NGMtNDFmNy1hZDQzLWZhN2RkZjljYmU2ZCIKfQ.WLA7Jmi5QgHmqJ_tXzqCQB_fAKdokcbIPMOG3fCI8q5HYrFkn3CLMico3dM3YncE ####################################################### TEST: jwtStateHS512Test ####################################################### Signed JWS State: ewogICJ0eXAiIDogIkpXVCIsCiAgImFsZyIgOiAiSFM1MTIiCn0.ewogICJhZGRpdGlvbmFsX2NsYWltcyIgOiB7CiAgICAibW9yZSIgOiBbICJmb28iLCAiYmFyIiBdLAogICAgImxhc3RfbmFtZSIgOiAiUm9qYXMiLAogICAgImZpcnN0X25hbWUiIDogIkphdmllciIsCiAgICAiYWdlIiA6IDM0CiAgfSwKICAicmZwIiA6ICI3MmM3MmIwMi03OTk5LTQzZWItYjdkNi0zYWEwZjg0Y2M0NzEiLAogICJqdGkiIDogIjA5NzM3MjIzLTc0MDYtNGUzNC05ZjZkLWE0MWMzMTI3Y2Y1YSIKfQ.1y6WPB58VBNU8vanPyctm72GlBulrkgIHKIxMT8HM1lht-UQkz6E93Ju4tnihS09ES7pxmReMI1yqxn-dTo49g ####################################################### TEST: jwtStateNONETest ####################################################### Encoded State: ewogICJ0eXAiIDogIkpXVCIsCiAgImFsZyIgOiAibm9uZSIKfQ.ewogICJhZGRpdGlvbmFsX2NsYWltcyIgOiB7CiAgICAibW9yZSIgOiBbICJmb28iLCAiYmFyIiBdLAogICAgImxhc3RfbmFtZSIgOiAiUm9qYXMiLAogICAgImZpcnN0X25hbWUiIDogIkphdmllciIsCiAgICAiYWdlIiA6IDM0CiAgfSwKICAicmZwIiA6ICIwMjYwZjFkMy1kZGU1LTQ1NmEtODMxNS0wNWQ4NmMzYWE5M2MiLAogICJqdGkiIDogIjE1NmRkZmU5LWNlMjktNDM1Mi1hNDA5LTU2MjM3MjJkMjhhZiIKfQ. ####################################################### TEST: jwtStatePS256Test ####################################################### Signed JWS State: ewogICJraWQiIDogIjI5Y2VmNDA0LTU5ZGItNGFiOS04ZjVjLTZkYThkNTc4ZDEwNyIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJQUzI1NiIKfQ.ewogICJraWQiIDogIjI5Y2VmNDA0LTU5ZGItNGFiOS04ZjVjLTZkYThkNTc4ZDEwNyIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogIjlkNjBmMTRjLTE0MzMtNGJmNi1iMmYwLTdiY2I5YzI5ZDgyNCIsCiAgImp0aSIgOiAiNTUxY2EyMTctN2RlNC00OTU3LWE5ZDAtNTVjYjc0Njg4NjQ3Igp9.59fGNcONB9khgrk6KdavNMdDg2VdmBTrw-umfpg4kE_g3OhFTkSWU0sN4xpheiJQo8MoUTXtleqH8ETn08lcznYcYglZ42YDu_TZyofU12vN2cEHIZjwtOmlIWWf0n9669dIaOQ4TLFaAhez0xR022LN64RnRD7Df5ziTjZfmuNz8PLwquh2ba5rt2o8fK2GdRbtra5Oa-M11MYeUfEEkY3eaoFwkCsEQr_HqcWV5hbTqez2T7eP0Py7dUUaqCQKanC1LYuzEB1h_OUHEV8JLjNLH86dY9n5M_Ua6OGM0uzb46R5kQtiyyTV2JYOpdem5NYPi8gw3-9IDtc4Xm3W4Q ####################################################### TEST: jwtStatePS384Test ####################################################### Signed JWS State: ewogICJraWQiIDogIjZiZDdjYzBjLWUxNzYtNGRhOS1iNjQ2LWZlNzc4MjM5M2RjMCIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJQUzM4NCIKfQ.ewogICJraWQiIDogIjZiZDdjYzBjLWUxNzYtNGRhOS1iNjQ2LWZlNzc4MjM5M2RjMCIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogImNjZWJhNDk1LTRmNjUtNDY0ZC05YzQyLWYyMTM1MzRlZTA4MiIsCiAgImp0aSIgOiAiZDY4ZjBhNmItN2IxYi00MTQyLWJkMDEtOWJkYzQ1OWMwNWNiIgp9.jlUTxBMxBfDVOgwfzQpr0qAAS4VFYWuGeOFDGsULKJjS4s16W_oReVRyuF8SMlTn3JS9c_ueR89hlSUNbYIQVnnLQ8HPFb19-mUfagO-Dv2QR0z4GGSvuZEf1a-NvNYN5nRoiidViTGaaPwvhN6GOfc_enpIlvKn62hpBJOVQ_oAX2AA19ic2UWOI3KS_kqbUDTiuIaXHfMNyxNylCGLrjtz_7O16L1yFSST0-_J_kb0Nk5n2CtFwtfEDKinGjzflKdQFsRyX8Udmb18s3gA1kWnrLem19vsP83kY6msz7tdq3X477x_pH0OztB8mKELklIbsH6HvZLYrN8jQRpgDA ####################################################### TEST: jwtStatePS512Test ####################################################### Signed JWS State: ewogICJraWQiIDogImE2MTRkNmFlLWU4MGYtNDY5YS1hMzA0LTUxYjliYmVmYzk1ZiIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJQUzUxMiIKfQ.ewogICJraWQiIDogImE2MTRkNmFlLWU4MGYtNDY5YS1hMzA0LTUxYjliYmVmYzk1ZiIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogImU4M2JlZTc4LTA3OWUtNDE4OC05OWNhLTdmNDFkNzIzNzEyMCIsCiAgImp0aSIgOiAiY2NjYzlhZmYtNjZjYS00MWM2LTlkOTktMjlmMzVlYzM5NDQ4Igp9.K-iYepwIscMQR3H8d4M-EO_Iv6BiF7aHEP6VFnJCpHPq-nTVWonWrD1K-MxbvKWRVys4tN-Iv2Xp7YAZYZ-6up0UPZBOD4Kz3nLWERhT8295Ork6_lND2JAHmBj9ax8COgO5hDJ8uL0YceRks-kNAxDv2CJlSuturMZ50ncHxzVHaeEppZ-WIf8mBqdahxm9z3wDevuy_T5LFQf4H28PUDQO20MUHGXuT0t_hLugQXNOhFOn6IUG5-0UlbaA0sd0cmes6ejep0tw-St2acwjOQQ9vtfzDSxii4wJcoLwIHMym3r6uiL2ZJXk0NnMhT65I1pjv5JY-K52saICpJ2dYA ####################################################### TEST: jwtStateRS256Test ####################################################### Signed JWS State: ewogICJraWQiIDogIjZmYjE4NTlhLTU0ZDktNDdjNi1hMjkzLTkyY2UyY2VlNjNlMCIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJSUzI1NiIKfQ.ewogICJraWQiIDogIjZmYjE4NTlhLTU0ZDktNDdjNi1hMjkzLTkyY2UyY2VlNjNlMCIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogImJmMjIyMDAxLTA5ODYtNDI0ZS04MzlmLWM4YWEyMmM2YzkxNCIsCiAgImp0aSIgOiAiMWI4NmZlNWYtZjVkMC00NmFkLTgwZmItZGQ0NjI3NDQ0OTQ2Igp9.M_Zfjl74Yj4CyoJPIt-JfNxCAo15iQg5EA07m6XlN0YzMLgVm4c9CVO65BxKfBO-ucrWkqTUK7WZzi5OV8ArQMZapF_7VaC49V3w28UWgAVFV1r079C66t40ffEw3yJLD8GNePymICTwsw9t1UirIcPPt_WtAN7BDtBWCyAogGmBBwbu5sH7jZUnTVy6Xn8a_etC7l8up2v2hJ8AFv8h4c15U6kQjD45L2MbprKSot7i6GyZQtOdQPvnEkAkYpUgV1kyEnj7A5I548PVw5Hk-HYw1-C0MqB2EyOchJQ-_lEA9yLqQE2mHR8_pHRYnbShzF1vn1ZfvGRmhLRSMXUx-w ####################################################### TEST: jwtStateRS384Test ####################################################### Signed JWS State: ewogICJraWQiIDogImE2OGM2MWRkLWY4ZjYtNGZhZi04NTViLWZiYmI4YmVlMDI4YSIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJSUzM4NCIKfQ.ewogICJraWQiIDogImE2OGM2MWRkLWY4ZjYtNGZhZi04NTViLWZiYmI4YmVlMDI4YSIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogIjQ1ZTVhNjAwLTY4OTgtNGU0NS1iM2ZkLTczYjQ3NjdhODkzZiIsCiAgImp0aSIgOiAiZjc2OTJiOWYtYWFmYi00MGU1LWE4MmEtNjI4N2Y3OTMxODkyIgp9.a7CMeiRHO_3ZjzMOdlHfTxYu7HaZ8AoPVOxK-q6s7LrQZ-30o8xmZ-TJmjy27p-Bcf7t1I4wAUm5EXc-BezvMM69aDmx78vjkO35CSe-ku9QSBMYLRmDuEyr-gOS3GryckFAQCNgUFX0qdhTOXxV3gr5IKUk6zvI9rNzY8Ky0V8SRpGd9m3TEv-wwLcKNorkG8j_fs4fO3opIFbqdJWN4XeFuksTDYqusBXf6mwCerzjyeEAqqTiS4ncQ3WyhyeQWi2iWvdHOPEMEJhcZwKUKnavhEvOD8TweDZpJVMln9Rgzc_mvnMlNmmActLInM9g16wBXuLfn9nIDLpSt_FiMA ####################################################### TEST: jwtStateRS512Test ####################################################### Signed JWS State: ewogICJraWQiIDogIjc5ZDEyZTY2LTBiYWEtNGI1OS04YThiLWJkMzE2NDI2MGJmNSIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJSUzUxMiIKfQ.ewogICJraWQiIDogIjc5ZDEyZTY2LTBiYWEtNGI1OS04YThiLWJkMzE2NDI2MGJmNSIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogImIyMzc1NjhlLWE0NGMtNDI4MC1iOWRkLTRkNTg5NTlkN2FiMSIsCiAgImp0aSIgOiAiYzhkZGQxYmEtYTQ4YS00NWMwLTg1M2QtNWRiMjM3ODU5OTFlIgp9.ENpH2KAAOdgcZmpHEHelcdCB290ecXqeLMRHIxnq_kC16cGfQRo_QkztPadjNJ_DScBBZ2aAuwsV_rm-UkwrkIoVzyvZwHEpaIjLg-6tMZQwS-sYFU5y1XclZBYtb7RUB-useKxo01hKBQEnd3r-kN_dKl-ghCNWWamVbsvkZrw4K4O8xqMyOv0bfgnFNQEWahkOounTH4TQbEGn8sY2hfWOn113vfS7mTGRKDNjSTZ7G2XGcif7Zqmm6LXcElUh6fSEQYz_YL5KqiFtPDKSEJgh35-JcHSkWX-V_04WHRxCGgMLaS9OwK_54y1UU9MUG-P2U7xNtPDqI4cD_7fzzg ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:52 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:52 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: requestEndSession by id_token ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:52 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestEndSessionFail1 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /oxauth/restv1/end_session HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 175 Content-Type: text/plain;charset=utf-8 Date: Tue, 15 Sep 2020 17:02:52 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The provided id token (or access token) or session state are invalid or were issued to another client.", "error": "invalid_grant_and_session" } ####################################################### TEST: requestEndSessionFail2 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /oxauth/restv1/end_session HTTP/1.1?id_token_hint=INVALID_ACCESS_TOKEN&post_logout_redirect_uri=https%3A%2F%2Fclient.example.com%2Fpl&state=e39dd6d9-0d82-4539-98f2-36341e7d1fd8 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 175 Content-Type: text/plain;charset=utf-8 Date: Tue, 15 Sep 2020 17:02:52 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The provided id token (or access token) or session state are invalid or were issued to another client.", "error": "invalid_grant_and_session" } ####################################################### TEST: requestEndSession by session_id ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "application_type" : "web", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:53 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:02:53 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:53 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:53 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:53 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:53 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:53 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:53 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:53 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:54 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:54 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:54 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:54 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code", "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:54 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "refresh_token" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:54 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "password" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 105 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:54 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The authorization server denied the request.", "error": "access_denied" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "client_credentials" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:54 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:54 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:55 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:55 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code", "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:55 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "refresh_token" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:55 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "password" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 105 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:55 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The authorization server denied the request.", "error": "access_denied" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "client_credentials" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:55 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:55 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:55 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:56 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code", "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:56 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "refresh_token" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:56 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "password" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 105 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:56 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The authorization server denied the request.", "error": "access_denied" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "client_credentials" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:56 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:56 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:56 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:56 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code", "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:56 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "refresh_token" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:57 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "password" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 105 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:57 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The authorization server denied the request.", "error": "access_denied" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "client_credentials" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:57 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:57 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:57 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:57 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code", "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:57 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "refresh_token" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:57 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "password" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 105 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:58 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The authorization server denied the request.", "error": "access_denied" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "client_credentials" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:58 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:58 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:58 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:58 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code", "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:58 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "refresh_token" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:58 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "password" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 105 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:58 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The authorization server denied the request.", "error": "access_denied" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "client_credentials" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:58 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:59 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:59 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:59 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code", "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:59 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "refresh_token" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:59 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "password" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 105 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:59 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The authorization server denied the request.", "error": "access_denied" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "client_credentials" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:59 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:59 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:02:59 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:00 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "authorization_code", "implicit" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:00 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "refresh_token" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:00 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "password" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 105 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:00 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The authorization server denied the request.", "error": "access_denied" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "client_credentials" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:00 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: grantTypesRestriction ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "post_logout_redirect_uris" : [ "https://client.example.com/pl" ], "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ], "subject_type" : "pairwise", "application_type" : "web", "scope" : "openid profile address email user_name", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "code", "token", "id_token" ], "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:00 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:03:00 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:00 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: requestClaimsIndividuallyRequestObjectEncryptionAlgA128KWEncA128GCMUserInfoEncryptedResponseAlgA128KWEncA128GCM ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "request_object_encryption_alg" : "A128KW", "application_type" : "web", "userinfo_encrypted_response_enc" : "A128GCM", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "userinfo_encrypted_response_alg" : "A128KW", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "additional_audience" : [ ], "id_token_encrypted_response_alg" : "A128KW", "id_token_encrypted_response_enc" : "A128GCM", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "client_name" : "oxAuth test app", "request_object_encryption_enc" : "A128GCM", "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:00 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClaimsIndividuallyRequestObjectEncryptionAlgA256KWEncA256GCMUserInfoEncryptedResponseAlgA256KWEncA256GCM ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "request_object_encryption_alg" : "A256KW", "application_type" : "web", "userinfo_encrypted_response_enc" : "A256GCM", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "userinfo_encrypted_response_alg" : "A256KW", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "additional_audience" : [ ], "id_token_encrypted_response_alg" : "A256KW", "id_token_encrypted_response_enc" : "A256GCM", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "client_name" : "oxAuth test app", "request_object_encryption_enc" : "A256GCM", "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:01 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClaimsIndividuallyRequestObjectEncryptionAlgRSA1_5EncA128CBC_PLUS_HS256UserInfoEncryptedResponseAlgRSA1_5EncA128CBC_PLUS_HS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "request_object_encryption_alg" : "RSA1_5", "application_type" : "web", "userinfo_encrypted_response_enc" : "A128CBC+HS256", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "userinfo_encrypted_response_alg" : "RSA1_5", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "additional_audience" : [ ], "id_token_encrypted_response_alg" : "RSA1_5", "id_token_encrypted_response_enc" : "A128CBC+HS256", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "client_name" : "oxAuth test app", "request_object_encryption_enc" : "A128CBC+HS256", "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:01 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClaimsIndividuallyRequestObjectEncryptionAlgRSA1_5EncA256CBC_PLUS_HS512UserInfoEncryptedResponseAlgRSA1_5EncA256CBC_PLUS_HS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "request_object_encryption_alg" : "RSA1_5", "application_type" : "web", "userinfo_encrypted_response_enc" : "A256CBC+HS512", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "userinfo_encrypted_response_alg" : "RSA1_5", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "additional_audience" : [ ], "id_token_encrypted_response_alg" : "RSA1_5", "id_token_encrypted_response_enc" : "A256CBC+HS512", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "client_name" : "oxAuth test app", "request_object_encryption_enc" : "A256CBC+HS512", "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:01 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClaimsIndividuallyRequestObjectEncryptionAlgRSA_OAEPEncA256GCMUserInfoEncryptedResponseAlgRSA_OAEPEncA256GCM ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "request_object_encryption_alg" : "RSA-OAEP", "application_type" : "web", "userinfo_encrypted_response_enc" : "A256GCM", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "userinfo_encrypted_response_alg" : "RSA-OAEP", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "additional_audience" : [ ], "id_token_encrypted_response_alg" : "RSA-OAEP", "id_token_encrypted_response_enc" : "A256GCM", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "client_name" : "oxAuth test app", "request_object_encryption_enc" : "A256GCM", "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:01 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClaimsIndividuallyRequestObjectSigningAlgES256UserInfoSignedResponseAlgES256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "ES256", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "ES256", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "ES256" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:01 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClaimsIndividuallyRequestObjectSigningAlgES384UserInfoSignedResponseAlgES384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "ES384", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "ES384", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "ES384" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:01 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClaimsIndividuallyRequestObjectSigningAlgES512UserInfoSignedResponseAlgES512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "ES512", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "ES512", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "ES512" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:01 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClaimsIndividuallyRequestObjectSigningAlgHS256UserInfoSignedResponseAlgHS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "HS256", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "HS256", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "HS256" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:02 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClaimsIndividuallyRequestObjectSigningAlgHS384UserInfoSignedResponseAlgHS384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "HS384", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "HS384", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "HS384" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:02 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClaimsIndividuallyRequestObjectSigningAlgHS512UserInfoSignedResponseAlgHS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "HS512", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "HS512", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "HS512" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:02 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClaimsIndividuallyRequestObjectSigningAlgNoneUserInfoSignedResponsAlgNone ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "none", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "none", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "none" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:02 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClaimsIndividuallyRequestObjectSigningAlgNoneUserInfoSignedResponseJson ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "none", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "none" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:02 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClaimsIndividuallyRequestObjectSigningAlgRS256UserInfoSignedResponseAlgRS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "RS256", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "RS256", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "RS256" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:02 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClaimsIndividuallyRequestObjectSigningAlgRS384UserInfoSignedResponseAlgRS384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "RS384", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "RS384", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "RS384" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:02 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: requestClaimsIndividuallyRequestObjectSigningAlgRS512UserInfoSignedResponseAlgRS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "RS512", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "RS512", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "RS512" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:02 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:03:02 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:02 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: requestJwks ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /oxauth-client/test/resources/jwks.json HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Accept-Ranges: bytes Connection: Keep-Alive Content-Length: 16938 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:02 GMT Keep-Alive: timeout=5, max=100 Last-Modified: Wed, 13 Feb 2019 04:13:20 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "keys": [ { "kid": "6fb1859a-54d9-47c6-a293-92ce2cee63e0", "kty": "RSA", "use": "sig", "alg": "RS256", "exp": 1581478254228, "n": "pA_HnIP3BVrR1cO1QiVRsbaoR_aSyCgkPUC1_Dpy_CXxZ8zKP2HW9O4uqNYIG8QMdEcCegqt8V6WfUcu0HAaMOR9onN9umltqvdEmVYHjdG-y5ty-AoyyK_Sa4tEnUez_RWOckTkE9JKGfHga97vZn1i33tmJO296rSa463xYEc5IagzgmGy-MkV9QuebF5Kr_b4bFHDVeD_Eo-ssCa6UjiH_QrAqC_WjVerNjoOlU6o3TIlIQt8HVREP1WmRK9wS0AutywOzK-zuH04q7sjQ-OorLx34Zm9lsM-dlO0qdA6h7UylYjZZwzPpzgjGWWLMjTP0FHrafGnpYd1JZQRAw", "e": "AQAB", "x5c": [ "MIIDAzCCAeugAwIBAgIgZKkonoIOaFle80rYSyRw1Zv4pE6ISK1pObDKxNhyIk0wDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTAyMTIwMzMwNDRaFw0yMDAyMTIwMzMwNTRaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkD8ecg/cFWtHVw7VCJVGxtqhH9pLIKCQ9QLX8OnL8JfFnzMo/Ydb07i6o1ggbxAx0RwJ6Cq3xXpZ9Ry7QcBow5H2ic326aW2q90SZVgeN0b7Lm3L4CjLIr9Jri0SdR7P9FY5yROQT0koZ8eBr3u9mfWLfe2Yk7b3qtJrjrfFgRzkhqDOCYbL4yRX1C55sXkqv9vhsUcNV4P8Sj6ywJrpSOIf9CsCoL9aNV6s2Og6VTqjdMiUhC3wdVEQ/VaZEr3BLQC63LA7Mr7O4fTiruyND46isvHfhmb2Wwz52U7Sp0DqHtTKViNlnDM+nOCMZZYsyNM/QUetp8aelh3UllBEDAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAeS0U26UQBhpDwIA7KcxIAD/xq4kw+XTbZ8VerwbRUiqT0LrTscUXbzXC83Er7G0rWsx/hEDUwlxF3dt85HCw8RKwvhtQiFTkIsYteNRi04uIuEo8I8vmFe/gc4/odprdWG7rtvxPMFctJ7X+GN9BLUHUv5DO79bmDvtZ982Zq/D1LtcycDiDdcMqm79EYnmprkacspaqChK1Dfpjevl9ntcOKlTNIcr9wJPQZJpdXNT9x+WTnTud9m2+N26eweafrLWj186VEUvBEpBWn47oqB9pK34OwT8xHZwRS+ZqCkwNFtNTRvlTTjhuRK0vYdWo3ICyN55Qt5upQJnocCvTPQ==" ] }, { "kid": "a68c61dd-f8f6-4faf-855b-fbbb8bee028a", "kty": "RSA", "use": "sig", "alg": "RS384", "exp": 1581478254228, "n": "kDbcPm7kNAKwr4UeDtp9rXDwt4Zr3ekARDTAzirCKHWCDkqdjhdlwKS9Ndybm_TFZshoE51WGiJGmwEOoXb-7QLpbME1Y9AjJXEeUIVVUc9ZGMQve8ODFawo9xsn3mmwEHJukhJ8j9QakNe-xj7vkxd79SHVsVwfY3o7RBmyZYRcGxfBgrapekAiGYngjHyx-CXlarkP4Rc3wMD0dUNeIlH9auAn5Usq0i1p5bOjmQ3n-0JjwYCEgF-4hLmQRW_rT82WuR4G1eCAbwxUuF0ooo2rtQ2NEVyy0XtbwYnj-fwh8c-xQHMmxL1Wh0FT6JG0r8DhLookReepKPyytvkvBw", "e": "AQAB", "x5c": [ "MIIDAzCCAeugAwIBAgIgSz74G7jWHwUuk1jXILAyhR2sx+J2QkB1+L7xvGh8+jQwDQYJKoZIhvcNAQEMBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTAyMTIwMzMwNDRaFw0yMDAyMTIwMzMwNTRaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQNtw+buQ0ArCvhR4O2n2tcPC3hmvd6QBENMDOKsIodYIOSp2OF2XApL013Jub9MVmyGgTnVYaIkabAQ6hdv7tAulswTVj0CMlcR5QhVVRz1kYxC97w4MVrCj3GyfeabAQcm6SEnyP1BqQ177GPu+TF3v1IdWxXB9jejtEGbJlhFwbF8GCtql6QCIZieCMfLH4JeVquQ/hFzfAwPR1Q14iUf1q4CflSyrSLWnls6OZDef7QmPBgISAX7iEuZBFb+tPzZa5HgbV4IBvDFS4XSiijau1DY0RXLLRe1vBieP5/CHxz7FAcybEvVaHQVPokbSvwOEuiiRF56ko/LK2+S8HAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQwFAAOCAQEAPf7m4ZciJXDNchNydJYRjk+04d0FRIjFGvg2sAKelp6c809dVu8yd4Bz6CoAnS8Wcxh9zWYZWLxcoDmeY7C4/n84znT1V7gSJMPRSIGU81Mm09kolMkT4NgJ26GgUIou2rAsOKCNpbJ5pIHdFnaeb6q2XbgFReQBwnDqG2nLXNqiJoRa4c4VwCPMO06DS7ym1JmMIxSKEq57mUyY49fk5DmVTe860cRI5Y36/EQsoeyfFlo9o1sd5n+0qu+F9P8ZSE7bYQ2USDv//ODlVIGqL8nle+UPzmQYfQqsYzMjy0JOyfbxYqFhfwQt2Cv+jf10OBCGM3McO7jFyLKiPavUHQ==" ] }, { "kid": "79d12e66-0baa-4b59-8a8b-bd3164260bf5", "kty": "RSA", "use": "sig", "alg": "RS512", "exp": 1581478254228, "n": "6cwmc6A0qSAfbRyQfsb3uc8WW4kPyKswpO6lsJobgQTVMj-RwjPz8Ugjell_buPXUqPW34GTRFqb9-6vvjdco9ps5GAgxLWgU31PucOiHNSuAtJsmarWjQ46q7v2Gum759Rk-0IK8vZKJxOQpACRxvUWbCxtfz8CTbSLE3Qs21XFm21FjVeCeLQeEnewd-gBz3heuwsA4xrX8xbkMtDtvHreM9bhGxZ3sMCYarRp0hjBTc-1bE9cTU8dh33Nnn75BkejUNK4DM5eqqlKypFxlDXS4LdSz0LImkYyJtx-lUbgguXvzH6OAYEgDlmO7SB1tUdVHFyuvUTqRgWYeilPfQ", "e": "AQAB", "x5c": [ "MIIDBDCCAeygAwIBAgIhAOuZ0LKRIAUmP1h5BdzzRHu88ICE4U3r9m59e9qM4282MA0GCSqGSIb3DQEBDQUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTkwMjEyMDMzMDQ2WhcNMjAwMjEyMDMzMDU0WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6cwmc6A0qSAfbRyQfsb3uc8WW4kPyKswpO6lsJobgQTVMj+RwjPz8Ugjell/buPXUqPW34GTRFqb9+6vvjdco9ps5GAgxLWgU31PucOiHNSuAtJsmarWjQ46q7v2Gum759Rk+0IK8vZKJxOQpACRxvUWbCxtfz8CTbSLE3Qs21XFm21FjVeCeLQeEnewd+gBz3heuwsA4xrX8xbkMtDtvHreM9bhGxZ3sMCYarRp0hjBTc+1bE9cTU8dh33Nnn75BkejUNK4DM5eqqlKypFxlDXS4LdSz0LImkYyJtx+lUbgguXvzH6OAYEgDlmO7SB1tUdVHFyuvUTqRgWYeilPfQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQENBQADggEBAEdmQsaUHAn5mKbEMw4WI/cRBvrvQBypKMIyLGC3s0OMKk5QenVdD7rHexlBT/CQmQGx0yGh12d9SAfjSEYxd+1zjDOX4OHvssdsuff8tuwn/uLu/rXpUbvc17IulSz5L3HfMepBVZ59N1jhYvO8VNDaoW2l7BOYtvlU1fR5RvfY9vr4NW1IujSQXL2RVi+T3Mi1OXx3lO4gMChYQ6iKzcSOgEi9FzOLg5tBPLeGS1mj251qYPJ0hHQor/wvQG64sri0hkucvjuP/3Ls3ssmLGJ9wlcEWBj3WnjNB0SnVNXkmbhY6q4PbuQDTGoG9llwtGxZSFWJqsquYFG5NrcsSpE=" ] }, { "kid": "a8b62c9d-65ea-4384-a491-e52924c4a0e3", "kty": "EC", "use": "sig", "alg": "ES256", "exp": 1581478254228, "crv": "P-256", "x": "9LvaCQg9J193EZB90pFJyzkFEWshcx-Rt34z5vfYJdQ", "y": "akmZ3aHwJks4EpkSoVSwFZMtoPkLqhSbKqae2hWqnRY", "x5c": [ "MIIBdjCCAR2gAwIBAgIgDorsje5HAehA8HhEghQa36AoYLO/OvguMNfmWl6HD7MwCgYIKoZIzj0EAwIwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTAyMTIwMzMwNDZaFw0yMDAyMTIwMzMwNTRaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT0u9oJCD0nX3cRkH3SkUnLOQURayFzH5G3fjPm99gl1GpJmd2h8CZLOBKZEqFUsBWTLaD5C6oUmyqmntoVqp0WoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwIDRwAwRAIgCj0ZkQG33+zTn1kITlRutcuhzUf/f0dqtn7w8qUjvJoCIEEwyhRmm15nW1tIeei2zycxt6yOeVSENnJGr0qVUTx9" ] }, { "kid": "0b1a019f-fcfb-4d3d-981b-16b45355dfdf", "kty": "EC", "use": "sig", "alg": "ES384", "exp": 1581478254228, "crv": "P-384", "x": "SEEoZ_YvthDh4SnP76AVclQ0hwEC8fKAKWQHy3Wt6AXzAOKNC5H3GbZbw2LXNuRk", "y": "S8CZbi3rE7xyvgOPoaWWQx3uIkqOy-O3U1gkmcbFR9jfYrXwp2nCUmToyBNoYk2f", "x5c": [ "MIIBtDCCATqgAwIBAgIgGAqDzf+1qz88ojb8XU7zz2yftnx7SdCrhRyMUBefbE4wCgYIKoZIzj0EAwMwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTAyMTIwMzMwNDZaFw0yMDAyMTIwMzMwNTRaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARIQShn9i+2EOHhKc/voBVyVDSHAQLx8oApZAfLda3oBfMA4o0LkfcZtlvDYtc25GRLwJluLesTvHK+A4+hpZZDHe4iSo7L47dTWCSZxsVH2N9itfCnacJSZOjIE2hiTZ+jJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDAwNoADBlAjEAxHNX5TCgNpd6PwYeMY+alRBQhWCETO+thJmkkUjx9nUUImGF2uPiXGmLH/TU3jo9AjBlePQrwY7AIQdlFaHHP9x/fmJ1fTCMZhBJZgrdnvEtazwMwllaW8dkkSuuUzOqBXk=" ] }, { "kid": "07c917ef-943f-4a9a-961c-d3cba28c81d5", "kty": "EC", "use": "sig", "alg": "ES512", "exp": 1581478254228, "crv": "P-521", "x": "rwhAT3MJHEj6TIxw45f__6Vxx8CczTay1VI-zBTbQpax6IJPb5vq3XE6ynfpiav9Mcut_Obm39LjXCWUeZWI4d8", "y": "ARddBGb2zwpHhjY2qsupi_ANVhD7j-WCVPbAIhph_JBjJ_uYosUbGpDe23nqoGcEflKsJ9mXdqPG1VdKT-ahdEln", "x5c": [ "MIIB/jCCAWCgAwIBAgIgI7DudeXTxW69jo2ZhnkDBP4+JJTg6KALaSBIAl162tEwCgYIKoZIzj0EAwQwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTAyMTIwMzMwNDZaFw0yMDAyMTIwMzMwNTRaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACvCEBPcwkcSPpMjHDjl///pXHHwJzNNrLVUj7MFNtClrHogk9vm+rdcTrKd+mJq/0xy6385ubf0uNcJZR5lYjh3wEXXQRm9s8KR4Y2NqrLqYvwDVYQ+4/lglT2wCIaYfyQYyf7mKLFGxqQ3tt56qBnBH5SrCfZl3ajxtVXSk/moXRJZ6MnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMEA4GLADCBhwJBQBiGrG2YiVuqozFnYVPf3pWk/KaqPzPNy1Rn6eREut3L+dveNaru8+Okkb4Ehr6G56F8AnDbxdkkdFtScH2FmeMCQgC2Tf0FD102bBYqfvpG2xwaet4hMp3YLJrkUE7BEHPMhQSkNGfGIREy1VYRjJboP0p3SViPC/kr78jG6PAiWF1ClA==" ] }, { "kid": "29cef404-59db-4ab9-8f5c-6da8d578d107", "kty": "RSA", "use": "sig", "alg": "PS256", "exp": 1581478254228, "n": "9KfoZHLGJ6F1nJMZBpg6NChobaUgSw3VJUnf5n7MiSU69S18tYmenjWz1U1y9cF5SGwDJrcC6CUWgAaUhBzR7X9J86aU5nkKKDrEluqrnMdU2j7cGaI7OvoRk_cwrhCgKm4RQg8rJUAeqcmEAKSJWnS5is08LSUnUX58phzWfSp0VHVhSFYfs14MQCesVKJMYLYXmJ64VVG6MHXI5yry5RIZrjubywQQlROvmcZTBiaZvWUg6EmgvYNiuQ-qiZFkla67SpqhnK54w06voDWALJzm_HZ736C8xYUkLTq-kRS2Y1iGUbGO24CkvyW61v87VlZ-pnDx7Q-aUmtslIzB1w", "e": "AQAB", "x5c": [ "MIIDbDCCAiCgAwIBAgIhAMQu4s56tLJgB3wSZOHQqtgAPiFoZ7Z0OKo//aZO6skGMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMB4XDTE5MDIxMjAzMzA0N1oXDTIwMDIxMjAzMzA1NFowITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPSn6GRyxiehdZyTGQaYOjQoaG2lIEsN1SVJ3+Z+zIklOvUtfLWJnp41s9VNcvXBeUhsAya3AuglFoAGlIQc0e1/SfOmlOZ5Cig6xJbqq5zHVNo+3BmiOzr6EZP3MK4QoCpuEUIPKyVAHqnJhACkiVp0uYrNPC0lJ1F+fKYc1n0qdFR1YUhWH7NeDEAnrFSiTGC2F5ieuFVRujB1yOcq8uUSGa47m8sEEJUTr5nGUwYmmb1lIOhJoL2DYrkPqomRZJWuu0qaoZyueMNOr6A1gCyc5vx2e9+gvMWFJC06vpEUtmNYhlGxjtuApL8lutb/O1ZWfqZw8e0PmlJrbJSMwdcCAwEAAaMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIAOCAQEA8PURaiAkkcOhH2ANpPju19TF/x/XqefL6+aWINwrey1bUYP+5qReNaE/dBMg1INibPKiOX5hhcAVg9FFejJ6XZh1d5peKxLnVGv0AqEdrBKUNjoSzNwcZ6UwuqM++YmruyoVmOhPGss2Zl0Ygplq6Nc5MLDfF3OephXCa467d3R25adnCnVKyOZAdfpE5nlCEh2eJ+O/qLYBrNSOJu4MismPIrcJ320FyhN/kC6vMmnutT8SfTsi1CpV846GCK5VuON/kUNO28GuTZj+gJmKPaQ0jf4J/T0n2ZYifZFFBCPzkzeyrHqrFwHhdBw0WpK3zhwSAFJg9YtzHA8PmuT4qQ==" ] }, { "kid": "6bd7cc0c-e176-4da9-b646-fe7782393dc0", "kty": "RSA", "use": "sig", "alg": "PS384", "exp": 1581478254228, "n": "wviHIZKUMcwcfXKNqqbYBwrYszNXdaT-W0qGbiwq3XcJxt__J8rCm9Cb2CcnSFwhk6xTbn5DsBfV1z7Tzn2_8uyVKnbez4qOg9B7CaLRsnypIhSYbIVI7zJaGDAcWCjffsIMQOIs2xIk9g81I37CiVuZRgLz_0sSz2Om3KWbA0q8-dSy2MC3S7rkaATiEiF_qG05kzkEOp5LJljks-Ef0ldaZcpLLjDbhjxGUDmjUmGWacp1UhpQGG-C721t42J5EpYYJpNDGCsmvFl11aU6QBzJDHtwTjyFNmDTvgzch-g4vQYgJSXnia-oCZ_vSazc3Yt_AXPUYnjfnyNwMxDaYQ", "e": "AQAB", "x5c": [ "MIIDbDCCAiCgAwIBAgIhALzrpr/bOEqAPZmLrt+fYlvmugbwiXLx83uCg8JEqfz3MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMDAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMB4XDTE5MDIxMjAzMzA0N1oXDTIwMDIxMjAzMzA1NFowITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAML4hyGSlDHMHH1yjaqm2AcK2LMzV3Wk/ltKhm4sKt13Ccbf/yfKwpvQm9gnJ0hcIZOsU25+Q7AX1dc+0859v/LslSp23s+KjoPQewmi0bJ8qSIUmGyFSO8yWhgwHFgo337CDEDiLNsSJPYPNSN+wolbmUYC8/9LEs9jptylmwNKvPnUstjAt0u65GgE4hIhf6htOZM5BDqeSyZY5LPhH9JXWmXKSy4w24Y8RlA5o1JhlmnKdVIaUBhvgu9tbeNieRKWGCaTQxgrJrxZddWlOkAcyQx7cE48hTZg074M3IfoOL0GICUl54mvqAmf70ms3N2LfwFz1GJ4358jcDMQ2mECAwEAAaMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMAOCAQEAHy1zlkvBx2w+d97WgYvLD8Ow6BPFdaJM9b863nv1Q9IiCLm2f4coKffMdQL6k4sMmJiZrLtksC+3ZGG63tHF3EEf0XwBWSTMf/KDLllgH2BgsVNr05ErJgYBkPjN6UIem8HtKOdnuwfiHIe5VTsWj4zER5p+0/scaxDaG5iVWpnIcStfIn/gqeKXzdaJ/31A+x7T/63OQP0+3OcURnvvXbWDX/qGv2Ng8xkL2M94GEiI5n+NDRD/seGV9I1wAjmNLasRibFiM9BLufw70JBR32NjDy6OJKlhi+PjYWpX4VkCtUpNnWd4T67DWSTk3ikYJB5vDcWfSDsUu0HrYKCqfA==" ] }, { "kid": "a614d6ae-e80f-469a-a304-51b9bbefc95f", "kty": "RSA", "use": "sig", "alg": "PS512", "exp": 1581478254228, "n": "xkghQQHeSXpHnBA0BTifw6uyopQv8De5y-CeS19qFJlvMGso5WyVRaV49eBd1gf4DhieLuHgO-JYQB0kkOqI1eJeHcyXjuvtUo0j3XLtnuMiLXM4Jasgr3rPftOGCTQ6Qx1QJMti1roHpi6apWSYBtqUdk6T7SZR4AMMPtvTt7cPlwmNzZzJ87hiietM_ZFAq_ASK5JRMxpfavwvJM8wiSxc8kqhGDKf9YR2y0LsAGQrZZN7cG1_elHaRKa1S8-KK6_o8_J7r5gfEvakDHQxR-5dLEG__6RO7S6ABCYuyzBsEM1v-oDjg6B9Ul4K557t1qyYCeqFBNq4bH-mn5L3Hw", "e": "AQAB", "x5c": [ "MIIDazCCAh+gAwIBAgIgI44OWPu8pHXLDij/opsABC7pkNS6VR68uDT7biYTUvQwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgMFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgMFAKIDAgFAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTkwMjEyMDMzMDQ3WhcNMjAwMjEyMDMzMDU0WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkghQQHeSXpHnBA0BTifw6uyopQv8De5y+CeS19qFJlvMGso5WyVRaV49eBd1gf4DhieLuHgO+JYQB0kkOqI1eJeHcyXjuvtUo0j3XLtnuMiLXM4Jasgr3rPftOGCTQ6Qx1QJMti1roHpi6apWSYBtqUdk6T7SZR4AMMPtvTt7cPlwmNzZzJ87hiietM/ZFAq/ASK5JRMxpfavwvJM8wiSxc8kqhGDKf9YR2y0LsAGQrZZN7cG1/elHaRKa1S8+KK6/o8/J7r5gfEvakDHQxR+5dLEG//6RO7S6ABCYuyzBsEM1v+oDjg6B9Ul4K557t1qyYCeqFBNq4bH+mn5L3HwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgMFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgMFAKIDAgFAA4IBAQAUI1JjaaYCpy5J+VvMjUfOMHO5n17pi+sgQ7z+7r1HjdS3O0cjC66ajb0fZJ+kLFs00Elm3N0M/Ep4K5ZDLOd0yafHG2pfVnhiSA7UQEtyCCtQ1M+rPC5hy8LPhyqtBPmVsiZoY3q7VWQGOVHnCo8kM8+BBJAYu+JeahaYYWiNJlwBf83E2d1I2HxlCSh2Wv4N54numgAaAvlbkXy42GJRd6ompXVrB8kTL6aWCtViRUFQn/A3pPzb+3f3Mh5ciNME/9VF70/hmR1stXq9vQ5rPaVvAcJ35mp76tiPfpBXTvWVbgmrvPluwKBHLz58THer23CObKPOlpTYWKAgqivw" ] }, { "kid": "d91db51d-0e7f-4225-99e5-164444c12d1a", "kty": "RSA", "use": "enc", "alg": "RSA-OAEP", "exp": 1581478254228, "n": "8GKujCHozYW3GEgyJhqmSjvMl7oCReEKWp8_4epnGJILsm94lAKcuGJGl6BbUInEFU4-bgmk_W8Ctx97fUbiJai6eX4jrpt3Pkhp08MDM0ioYfker_1D25Nm5i3AO6tHalyCQz5X1hlafkD0IPR1wvOexrWCKqbilBLxruaXLFgZg9i7VJCFTQqAh4mwvhwfrY4G5pdkc--OeXqaiXaH-9bosO0mwhSQjh2wt-u7sG6SGKAI8b4UzJ45ybH6NZo_tyqFiQerGLdIYlEU256QepIcaNJcmhc4-Ks9ypY6kyuEFtRDPHlm5s71LVl1sUXIXEDtAEZMog1kLRVvcoxXUQ", "e": "AQAB", "x5c": [ "MIIDAzCCAeugAwIBAgIgO5/Taz5BGl/TX3epaFhHWcykGU3lSH7EeZxV9HgUKw8wDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTAyMTIwMzMwNDlaFw0yMDAyMTIwMzMwNTRaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwYq6MIejNhbcYSDImGqZKO8yXugJF4Qpanz/h6mcYkguyb3iUApy4YkaXoFtQicQVTj5uCaT9bwK3H3t9RuIlqLp5fiOum3c+SGnTwwMzSKhh+R6v/UPbk2bmLcA7q0dqXIJDPlfWGVp+QPQg9HXC857GtYIqpuKUEvGu5pcsWBmD2LtUkIVNCoCHibC+HB+tjgbml2Rz7455epqJdof71uiw7SbCFJCOHbC367uwbpIYoAjxvhTMnjnJsfo1mj+3KoWJB6sYt0hiURTbnpB6khxo0lyaFzj4qz3KljqTK4QW1EM8eWbmzvUtWXWxRchcQO0ARkyiDWQtFW9yjFdRAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEA0FGnejiZI2i4W6B7BJOCKRDo0weuzKrS//h3GdmR4ZkQ2xC6lVEgOYCsuFNHs5KXvrsbQobZs9UdtmcbADhTwGWhyi+oVq0si2EF/KPSfYZbHzvI1VJUSX5OlWrITRIIT9dJILmXwEUBhAj7/pIg97mreWG9Qq0a0LFsmsQr3sD2QtdMfr9YQE9tDk8/4rTLHjlyjJByBhvEnVVFWz/5tx1g9dc6v3HZJvhfwbvkidF9ohtYBgIWxT6IrGQeJsH1iR2KpYD0cbnLPp2AR3gIHjmQ7/FnLMofsXrKT2MWfZqxLp4Qrril78K6t7hWOfH0UpbtJlMuB3r8uPIu1SHnuw==" ] }, { "kid": "a442f0ec-7237-40b3-b7f3-a6039f70d9bd", "kty": "RSA", "use": "enc", "alg": "RSA1_5", "exp": 1581478254228, "n": "y7_rLIQlY0MxDZlQmau79FsAXOVcQNGU7qENpCWSAbcBqOWqmUCJ81cXaw_NNUcGeLPNJC-6X6e-sxD-v7LMtb1fyEVkDjzaC28ZvvRTLLf8e6qYSV0OOghkzcK7dsAO8AvUC9EXACvinKUOZ6eUJkxiijkhhUYA1xFuuvGH1Cc9X3EvD7JrJ5QtN3EXREVFcTzy37tyZtS_yHphtIlm89mNOqhgbF_-9MLELXiKLo2DR3C-ioc50jTm5ykOVjQWMtaWbX_Z-IXQCyp-eaIohdC23EOt_zVFdUjqufDuMOSjeLUIKJqBU5odgaMlRAxFHao4kCeXcjm81mtPkjGRSQ", "e": "AQAB", "x5c": [ "MIIDBDCCAeygAwIBAgIhAKcfQSUYx4+8lf4zfxC/JQeOovLkZJaUBxappGqNALR4MA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTkwMjEyMDMzMDQ5WhcNMjAwMjEyMDMzMDU0WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7/rLIQlY0MxDZlQmau79FsAXOVcQNGU7qENpCWSAbcBqOWqmUCJ81cXaw/NNUcGeLPNJC+6X6e+sxD+v7LMtb1fyEVkDjzaC28ZvvRTLLf8e6qYSV0OOghkzcK7dsAO8AvUC9EXACvinKUOZ6eUJkxiijkhhUYA1xFuuvGH1Cc9X3EvD7JrJ5QtN3EXREVFcTzy37tyZtS/yHphtIlm89mNOqhgbF/+9MLELXiKLo2DR3C+ioc50jTm5ykOVjQWMtaWbX/Z+IXQCyp+eaIohdC23EOt/zVFdUjqufDuMOSjeLUIKJqBU5odgaMlRAxFHao4kCeXcjm81mtPkjGRSQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBAEVc/ZNZXcNKzYzBari8hyRLnkio5j6d/X6EbMtqqubaYAf2TUc1MAJXA+aB6Jc5b8JI+5gXzJv6LfFFlfP2SLu2OlSGlwPTVoTlBBHRVbCRWistY7IMrKJdkGDq9IzlrWDeoaoGHk069rpP5JyYHDko+2MuAQWH5rxryMKaMkzvRvxS4oqfYb2Na0+uDTQHc3oSFG8AOk20Ji3C6FlX6WC4AwykadGcxlgjGjcJU36XimajbsJfPcCvZCpmtdgMia09RizzARSjJWGBbEI0c137n96SGuNRYnSKO1E8K/Gsv3BU7cdhJO6jXOnCRW1HhWH3YUt6RFlqq0Dn9wPpsAo=" ] } ] } ####################################################### TEST: requestJwks ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /oxauth/restv1/jwks HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:03 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains Transfer-Encoding: chunked X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "keys" : [ { "kty" : "RSA", "e" : "AQAB", "use" : "sig", "crv" : "", "kid" : "4f8d71e0-712d-4965-b510-9f61ab7dc828_sig_rs256", "x5c" : [ "MIIDAzCCAeugAwIBAgIgKyqvp1s+YaQdjPz/bsCtgH1QzVgJGKzX1ail01mBaKswDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTMyMTExNTVaFw0yMDA5MTUyMjEyMDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCovXRgcuq3T5+e4H48Bic79uAIXzbtbWbWHGJ9ZIETcM09v8e0UNBEmO/KzyWaMIvn53wFpAVTZNs1Fs9gmlonWMlu/LYwreGnReQtESvvBeSY8S/9sG3EsXjn/3a4QxAMi5em4WA8RUBxYOXGhAitfboy8Oj7Ro2Z2R+2GRyPPxzkAUAePrWoRIv014K9SW280dY2AHrAKlkPA18n8hg0TEN+srxP88ORRB5Yn/Nw+dopIJxYmGNKD4KLeKVoUCIDYmENCTBkGdJf3tDNwqUe0OaHwyi+5Tmm01Xd7mTCFoyauss8oCGL3VzcKJvG7zemMQckmohaMhDWbw5hMjAVAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAopksnvZU9eLzAAIjDUJ1hBHAHo4CLsJ2n84MBn/x05jdhB9u/yReO2Kg8PnOHPs1BksBk9cyijjymHky5wEcm21qEa0HOIhn5e6DjGdEa7UfKdbBJgJIaNRnrVL7B+j5HokGIizxxd/xAMsgQ9NwzgLmp48UzjOblCc3LhgGX97PazqEv+RDM4nN0S+JoeB7wj/C+oKsDm1PlsQ3LkMp79ITPb8pB2PxP2+bv8I5UM0XQ0o7q8UrRhOm4gQz2B8adZgCZKLv4LeG83hN0Lw5BX5w8w+9HscSkL0SmO+mSMtVTbDPlt/0ehcKyKaWj9L76EUUt1tQ4uL+JWk8A9nFIg==" ], "exp" : 1600207925144, "alg" : "RS256", "n" : "qL10YHLqt0-fnuB-PAYnO_bgCF827W1m1hxifWSBE3DNPb_HtFDQRJjvys8lmjCL5-d8BaQFU2TbNRbPYJpaJ1jJbvy2MK3hp0XkLREr7wXkmPEv_bBtxLF45_92uEMQDIuXpuFgPEVAcWDlxoQIrX26MvDo-0aNmdkfthkcjz8c5AFAHj61qESL9NeCvUltvNHWNgB6wCpZDwNfJ_IYNExDfrK8T_PDkUQeWJ_zcPnaKSCcWJhjSg-Ci3ilaFAiA2JhDQkwZBnSX97QzcKlHtDmh8MovuU5ptNV3e5kwhaMmrrLPKAhi91c3Cibxu83pjEHJJqIWjIQ1m8OYTIwFQ" }, { "kty" : "RSA", "e" : "AQAB", "use" : "sig", "crv" : "", "kid" : "f81c8495-4b6c-4e2c-badf-d3f6b46b4820_sig_rs384", "x5c" : [ "MIIDBDCCAeygAwIBAgIhAIJDSPnR9Q/+lP62wUrVWpuuLbp/E7QWb9H8+gEoVj+gMA0GCSqGSIb3DQEBDAUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTEzMjExMTU1WhcNMjAwOTE1MjIxMjA1WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8/6w695Io2zfmrNLtZPsEjwoL1cp8nod3h55TRJrvuyJOpWOey6+YO3kxcqAh30VvL3S9vd9yJiFzXJ+XSUmf63kXBLZm3e60V/yjUGThTLhSf3/oPaFnE7QBTPKXTCvCSRIFklAzXnup/p4/2P8wMA5alPo6WBAXvbyjFxWCsFBXVIFai+X8Wp2skcHFcDxziAcDfywdzaiLX369rHkXsR7DhhcG81Ii0N+s8bm2VCqdNinqWn4QgKhnFyVG6l+n1NvMIcnL9gXH/1qHumwnZU8DSQvrNU00a7GTbwdL6elVD4VHAfVBIoGRTmnm2/VMQVn6RQpaT97gqHounh+wIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQEMBQADggEBABWLdY9Me9ji5LF8nEeA2NXFr2ZFMWeRgONEGwBBll9bqrfSeR+YdLAPbOSK+oPlyU5L3LzLrHUKCfatkW7ACOMthKCRu8Eqm7Z2/wUuenFcwJBXAIHLXqvp53K+teqUjrDvp5yy+myNNzD6bpkC676JMwe4xse2yUWASulrNwaSCi2cBJgNh17uqKSozBH8ldMKvvF5dpSXsEDlTlgwuZKyqMVDxZYGROsZOcxvfj9gYJTShz+9y5tSVqc9CiFG/fyjhWxD140kE5rqTsi8IZVLARb/E3BASlB0gsnzI2aFZdoondvUe2bIDjeM5TE+lvT3Pj6uvVk/z42oFAs+gck=" ], "exp" : 1600207925144, "alg" : "RS384", "n" : "o8_6w695Io2zfmrNLtZPsEjwoL1cp8nod3h55TRJrvuyJOpWOey6-YO3kxcqAh30VvL3S9vd9yJiFzXJ-XSUmf63kXBLZm3e60V_yjUGThTLhSf3_oPaFnE7QBTPKXTCvCSRIFklAzXnup_p4_2P8wMA5alPo6WBAXvbyjFxWCsFBXVIFai-X8Wp2skcHFcDxziAcDfywdzaiLX369rHkXsR7DhhcG81Ii0N-s8bm2VCqdNinqWn4QgKhnFyVG6l-n1NvMIcnL9gXH_1qHumwnZU8DSQvrNU00a7GTbwdL6elVD4VHAfVBIoGRTmnm2_VMQVn6RQpaT97gqHounh-w" }, { "kty" : "RSA", "e" : "AQAB", "use" : "sig", "crv" : "", "kid" : "02952a38-6bcd-4f55-95e9-b05514706218_sig_rs512", "x5c" : [ "MIIDAzCCAeugAwIBAgIgXpFlBWOaI2a/CDGtooaXBh7BepFoyUgHIW1GuxZbvaowDQYJKoZIhvcNAQENBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTMyMTExNTVaFw0yMDA5MTUyMjEyMDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDMIIjGxhH5ynJOp8X4QzL0Onl6tejiAJEmVVOIDUHO5CrvfCxwvSqV309QtUqEJ4dBjr2qbHHg7NGIAlUeXVqU1S9PBf+0X79ljJiWEBBp6+TL/5i5hGXu+rgLlshOHLwTqtnaJbiA6vKVlB6DdMKPnovGxqVECjXzyxQzVUC4tK+BwJD2MoDXWNguP981FwiW8kHO0N+e/JIVhVLJphkAfYCzdlnEXgWscD5+SpH1ZSLwbW/CM6P2vKIKyoAslW+cc7fS5tVD/9emQUZRx3v7YT7sIN0OTKyFd5U8IqJFuNmU3MzE/etxTyArF/KoUylIYmbi3LDNipRbg5J1HXlAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQ0FAAOCAQEAGIabDABrJWIQ1G/Y7qyoqejLoFQpMNmtDNOLh0iNC0eOdS7u5YVcLg8xAK36gkp5fZ6ZLCcncc9oUizum03ngPJRq3dwxwdIDIKGE/V9LPYvfxNtZyTOjakQqDfIwDkBNHqJ9SUnomwVm2D8IJM0KFQ5eDEIlDSTKaV20FmnJjauq5eFVVXCtt4n0ZRo8HmwsCsu4DB7sYZ6C2N0mgrFubeHV1rmXr/OItTeBiSEzGrUdzzu1qZfY9GofCjjd/ptjeT/FxhF5MgnvOcPwtprNsAkruSgMpCAyIwmmeSC/bDN44hG6oNCnbpEP2NL5+SRtsANd/SjCJi6BqTT7+qmjQ==" ], "exp" : 1600207925144, "alg" : "RS512", "n" : "wzCCIxsYR-cpyTqfF-EMy9Dp5erXo4gCRJlVTiA1BzuQq73wscL0qld9PULVKhCeHQY69qmxx4OzRiAJVHl1alNUvTwX_tF-_ZYyYlhAQaevky_-YuYRl7vq4C5bIThy8E6rZ2iW4gOrylZQeg3TCj56LxsalRAo188sUM1VAuLSvgcCQ9jKA11jYLj_fNRcIlvJBztDfnvySFYVSyaYZAH2As3ZZxF4FrHA-fkqR9WUi8G1vwjOj9ryiCsqALJVvnHO30ubVQ__XpkFGUcd7-2E-7CDdDkyshXeVPCKiRbjZlNzMxP3rcU8gKxfyqFMpSGJm4tywzYqUW4OSdR15Q" }, { "kty" : "EC", "use" : "sig", "crv" : "P-256", "kid" : "0aaf3ae0-9a25-409f-919f-2d8d1b6952d6_sig_es256", "x5c" : [ "MIIBdzCCAR2gAwIBAgIgT+6o0kMp/q9tit/NbxqB2/XRrJzpsbsJo6fU7oHa0r4wCgYIKoZIzj0EAwIwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTMyMTExNTVaFw0yMDA5MTUyMjEyMDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATp+04RRVBQj0KnSocOsy8WEPwcSHptCf6xpWadfMW8AEoI0y/URhrWEZbMw4UfglS0K9KZ6mg9eQhVFED8OV30oycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwIDSAAwRQIhAPa+bVI2A81E6unk4EP/5pUQPMGAtS/gUwEjMfe5OVJyAiBiEfgCIzysLKslxTNk01YtOFIt1B5+TLfHfwzEXyJGzg==" ], "x" : "6ftOEUVQUI9Cp0qHDrMvFhD8HEh6bQn-saVmnXzFvAA", "y" : "SgjTL9RGGtYRlszDhR-CVLQr0pnqaD15CFUUQPw5XfQ", "exp" : 1600207925144, "alg" : "ES256" }, { "kty" : "EC", "use" : "sig", "crv" : "P-384", "kid" : "126a25a7-51c3-457d-9cdc-01f939ad2c9a_sig_es384", "x5c" : [ "MIIBszCCATqgAwIBAgIgGvqTcFxCP3L6U/vGCqk8uFC/SfWsM7kfDHmiVPs+dV0wCgYIKoZIzj0EAwMwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTMyMTExNTVaFw0yMDA5MTUyMjEyMDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARBFg/Fk6wOpsQvdhooamuib0zGktkkSgkc/n555ZDpr09LB+BJN3O1QWWdYGxXc4UKnKPQROY+x0gJUSBEfep4VsEay/sp99XHY+w9LLH4uzCXorhfBD8H2gI29w4yU4OjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDAwNnADBkAjABxLp0e5XqZ/G9CblsjsE3aVc3Apkidp8D+1CUz2upjGTZEO6Hr4YvP4WJ2+vzxRECMB/ZAmgr6oUAkmABH8jjRTnF9m7QGEjXXb5sZ+AiUX+F5tl+sFaxkxxRjp2nZM6O4Q==" ], "x" : "QRYPxZOsDqbEL3YaKGprom9MxpLZJEoJHP5-eeWQ6a9PSwfgSTdztUFlnWBsV3OF", "y" : "Cpyj0ETmPsdICVEgRH3qeFbBGsv7KffVx2PsPSyx-Lswl6K4XwQ_B9oCNvcOMlOD", "exp" : 1600207925144, "alg" : "ES384" }, { "kty" : "EC", "use" : "sig", "crv" : "P-521", "kid" : "687829a1-eec4-41a4-8808-f11934451c8b_sig_es512", "x5c" : [ "MIIB/jCCAWCgAwIBAgIgRWhVwQZdA3mJOKKWtfZz3kAlxdR4+AF557YjrWZO05cwCgYIKoZIzj0EAwQwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTMyMTExNTVaFw0yMDA5MTUyMjEyMDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAF96bPiDIXe/MLgOtvQQ/S2nSvjP3JzKtAXxthErrNcoX7nuHx/L3JIQe2t6SG6g4uCYXb/EZz7FX9Fn/MwJ+KMZQDONeYYwyR65DAV3U7Zhi1QDEsixpWuMJ21FEopFRvVMdHBqecPhxdiAeJKbAC4hHAFRioz3LgWcTMVhsyq9dAqoqMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMEA4GLADCBhwJBOCG11xBvTBARrMap9RFOgRnFherjPspaJMVqs5Kqm6gayHsEB5CbeALpvZ7MQxpZL0CjypbVBoi2hlWOPIgm6CkCQgCjlOH/pUcTGo7W72aQydqqGIonxKIGgLti0X78Y0/THevVFS0224Hh4DJ6ndHAI1J6VdspeC5eqQThjxk5EAIqxw==" ], "x" : "AX3ps-IMhd78wuA629BD9LadK-M_cnMq0BfG2ESus1yhfue4fH8vckhB7a3pIbqDi4Jhdv8RnPsVf0Wf8zAn4oxl", "y" : "zjXmGMMkeuQwFd1O2YYtUAxLIsaVrjCdtRRKKRUb1THRwannD4cXYgHiSmwAuIRwBUYqM9y4FnEzFYbMqvXQKqI", "exp" : 1600207925144, "alg" : "ES512" }, { "kty" : "RSA", "e" : "AQAB", "use" : "sig", "crv" : "", "kid" : "bd32eaf3-79cf-43e8-9149-48b171373635_sig_ps256", "x5c" : [ "MIIDbDCCAiCgAwIBAgIhAIE1g4Gop13jzVZQwVSwvcpOvpzMQreoYmseFe8XcvXpMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMB4XDTIwMDkxMzIxMTE1NloXDTIwMDkxNTIyMTIwNVowITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPIPwIwfcIhli4DukCq3JKAvNfRC9Qd73g5738+rRH0dBASudpNQFvS9YYe66JdYOFXoTb/yR+LlsnQCRy0x4r8v8hSzmZhBQdShpRbLj6eqTWoouwSalPyHgCzuLMOaeokP9aiIiDmFobHW4vbbys6fVuVMp/ojlbP41kMgnpFT1FtzRVuIfcFNRjc12UEoSFANcXAbGH3N7I9IJcMyVQFx479QaWI8a+A6SwY8iUAjKUpSbw9C+hy37+amBvDzcHna5hagmVXpNY5WIMuPU7kgBaMHTXgrJ8RKrB0hGsH++Ll3xELHits/R50AoGMbV1UbDkfv/391ujSZjoz5Fi0CAwEAAaMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIAOCAQEAhu8DTHEHdnejGEoUe/TweOIvYT2DgjQ1Jxo/KMdUMNsNcGyCLhvzobhVbo9uptlSDFQtlAkNtP7oWkVukavn3MR++F8qchWqCFGdgvokv8/+W5U1yTztIAFVlQOTolZijsHMJHVQOikrAPHbkpadcwP6YZkPsdTmkwN4blFFBkw/OoQNcrFTaCrJd3zRS+MOsQICQSXAAPM4kOFrX8eoJFWbh+9xWe4faGqJA/sRfe/AbrfzMLfK3W9QioMVZ9ufSoYnko2A7uZ3tXGTL04iSDq/xIuEVJC6v/9E59Ck+cLv+OinTrnuyuncoY9sQSH5jmQY8UoGMqrCrbQCSJXl8w==" ], "exp" : 1600207925144, "alg" : "PS256", "n" : "8g_AjB9wiGWLgO6QKrckoC819EL1B3veDnvfz6tEfR0EBK52k1AW9L1hh7rol1g4VehNv_JH4uWydAJHLTHivy_yFLOZmEFB1KGlFsuPp6pNaii7BJqU_IeALO4sw5p6iQ_1qIiIOYWhsdbi9tvKzp9W5Uyn-iOVs_jWQyCekVPUW3NFW4h9wU1GNzXZQShIUA1xcBsYfc3sj0glwzJVAXHjv1BpYjxr4DpLBjyJQCMpSlJvD0L6HLfv5qYG8PNwedrmFqCZVek1jlYgy49TuSAFowdNeCsnxEqsHSEawf74uXfEQseK2z9HnQCgYxtXVRsOR-__f3W6NJmOjPkWLQ" }, { "kty" : "RSA", "e" : "AQAB", "use" : "sig", "crv" : "", "kid" : "a036aa4b-799c-4bb2-9dbd-cb39ca0835e2_sig_ps384", "x5c" : [ "MIIDazCCAh+gAwIBAgIgB1BQfrNF3PGaPRnGbZR5A3w08UQtITS/BsIv88pb7rEwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIDAgEwMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTEzMjExMTU3WhcNMjAwOTE1MjIxMjA1WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns0remRtUZj/p2dlqaD/rZWgehtdMrOLr2TB7u3iS5gzwe24GKJx8pt+fA//U0jegnABLonXUYUK9lgO8Wc4BmlFxaEgUPqTPr60gE9Hum6NjTnVQKIby0KWcBSrpw6x1zsaLcyiJH1gyb379vwNYGUyFDQjq4CokowXNzAlzwbQRPvO8KvFziMDSfmzUNzZh9EyAojGsmbk84lkNF65uEjj6XeUsHZiH2Dx6gyAVpUyfsY8uFK9RX50k+2fEBmDRY/0sIEO4nzg8d67bbU+zPqIPcR75OUiYM7KSwbNR8Gt/1ur+AUYz8zEUqehhRlWqhkFoBbiboDmc5g6gwCmmwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIDAgEwA4IBAQBLyUy7rs0rIYXNMzlcnh+nrxEBySKy5QqA6z7W/xm715Zlnc5qplAn71X+3QV6VU28C1K0uRaYINHHGb+OmvP9O4/HC3Zluu65A5YkC1sYhimP8AYKIrCkyRYCqsmBcD4yO11DR79jzkK0Za0FFrGLFb+8VY2kT09NpLzsZtoWT65Sslm2XrTtYSlZYV1Bg2zc7Nuy1cqaTZFtrJCZvWHFrSS2+n1YSUk4BBvXLc6zFw/gcO7ITHiQO2wRLnfKkSpLXdKMbVgafxtfU1wSyfgml3thfx0xl48J0+ZK2NAo9ZJSJZVTGlO8nGvnq6dK44QhDrOMZ/KyCIm3Zx/CS39v" ], "exp" : 1600207925144, "alg" : "PS384", "n" : "ns0remRtUZj_p2dlqaD_rZWgehtdMrOLr2TB7u3iS5gzwe24GKJx8pt-fA__U0jegnABLonXUYUK9lgO8Wc4BmlFxaEgUPqTPr60gE9Hum6NjTnVQKIby0KWcBSrpw6x1zsaLcyiJH1gyb379vwNYGUyFDQjq4CokowXNzAlzwbQRPvO8KvFziMDSfmzUNzZh9EyAojGsmbk84lkNF65uEjj6XeUsHZiH2Dx6gyAVpUyfsY8uFK9RX50k-2fEBmDRY_0sIEO4nzg8d67bbU-zPqIPcR75OUiYM7KSwbNR8Gt_1ur-AUYz8zEUqehhRlWqhkFoBbiboDmc5g6gwCmmw" }, { "kty" : "RSA", "e" : "AQAB", "use" : "sig", "crv" : "", "kid" : "42721e9a-b1fe-4c93-9e11-9410c04d74ab_sig_ps512", "x5c" : [ "MIIDbDCCAiCgAwIBAgIhAJ6S5UvObEHO4MmS7AKQQ92cX99ZS9tiuU+ozEQYbhGtMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIDBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIDBQCiAwIBQDAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMB4XDTIwMDkxMzIxMTE1N1oXDTIwMDkxNTIyMTIwNVowITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKceGZHSCX0C9x+RchD8zkpP9U4RAWICo0icCM1z5XQb+o/liAVgUROOnKBIeX1Qiw4WPHwfEFkHYEumrqqlcmvHbRwhZV//MP0ehG4xaWbY0hCcnKZbCgd00XTUmYtkMKsEhGBulO2udtJ+2rA9rqrbEMeipXNF4+niKyU2hk0n/5JFRZ+C9qTqnL0Ietc5qN37AA1usZLEP4RdhxaUGU43QuUBO6/AhVGT5HmGuXIXa/hllUER+jxgggtw3/fmaBgYIUfrOhNqAiyc5IGjf9DmTumUCf2Z72+ph3GhZbpuypxEwF10QeShfk4ANML57//Kl77tnrhjh0C9bSrZuKcCAwEAAaMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIDBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIDBQCiAwIBQAOCAQEADi168ySakmUdFvbX6xjHFFBAF/ZEQWX+uT7GE1RES4TvTykBd7hua1JlF0zuOVrx9rfy5yTVtJTVtNEPO/Q0jL8yVfnrUj4is6ooUcpoMng9W6uIOvsaWYfaxpBYXKIklA7slCcenBiML0Ji0xLnsPcFJuhrOANq9JVnO1TsuPYggiHvq3uwTcKLgw+3a/cBHSq9x+VCCHtrS0cM20OSu1XN2E6pz6OGXbtTH019TKfgPD4wp07hmshZEUuzXLOF3dOge/99x7uAbCRzlljDY6aA0U7e6OoolT0cniWhKH74nY2lTXEHbrfQXwGpzWXJ7orrlkqdYozrw8zAKYZisw==" ], "exp" : 1600207925144, "alg" : "PS512", "n" : "px4ZkdIJfQL3H5FyEPzOSk_1ThEBYgKjSJwIzXPldBv6j-WIBWBRE46coEh5fVCLDhY8fB8QWQdgS6auqqVya8dtHCFlX_8w_R6EbjFpZtjSEJycplsKB3TRdNSZi2QwqwSEYG6U7a520n7asD2uqtsQx6Klc0Xj6eIrJTaGTSf_kkVFn4L2pOqcvQh61zmo3fsADW6xksQ_hF2HFpQZTjdC5QE7r8CFUZPkeYa5chdr-GWVQRH6PGCCC3Df9-ZoGBghR-s6E2oCLJzkgaN_0OZO6ZQJ_Znvb6mHcaFlum7KnETAXXRB5KF-TgA0wvnv_8qXvu2euGOHQL1tKtm4pw" }, { "kty" : "RSA", "e" : "AQAB", "use" : "sig", "crv" : "", "kid" : "3db9b82e-2410-4ec2-a761-65a3f86c53e7_sig_rsa1_5", "x5c" : [ "MIIDAzCCAeugAwIBAgIgV+K/5HbJSYJFmVgz9MsS+O05JqyyElV+a77CPnxNF0YwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTMyMTExNTdaFw0yMDA5MTUyMjEyMDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt188umdDJfumFRcJo1ImILFIZmmb+ckjFrKCWHnCWcp/s27NbjH9WDaON7HMGaELCipuM3UHZTIt0SkP+zhs+ttfogDUny+FayKN55U5HU0xw2afsWQvyCVKonlHmxzQF+WRI/MV/JCOEBH0HF5Y83unwCikNPqnqXDNFRFNNnS0F6Uunb//EtBT7+X6vp76I/CGGZr/U0vJTC+3GMjeLEeE76jzM6RJTrP4jytHiyt16+mMuRQ8Ghu5yyNCpMmznHCUD8vyME0W1D5BiQLQnkRHDLCzeuix4FMmGdLQcy4tFlp40Skwlr2L+l+NtYUsHuew8ymhjO3wAFAHvww6/AgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAH3qsb7lcbcxcZIbfmWeYNDsyYKmy2fx/rBI8MCHaMZxmrK3lxuKCy1pU8KYzDBunlcBMzAfudOSahTeaggFoq+Ofx4EgT2fmwhVmUwzc3qv67/OXq9aQ245AqIi432P57hPYT1fpHW+24sjm/S+L18iP266+c2Qm8SHBFkn3wQzxyqKmhb2C+9liaQjaj5fIuZ5xnE0VnDpQ7H22XHxvVdAdhL3wLo49yRMGzHWpszlcHWxcGqyID0+FBiwc4BHfB6qE31f2y6hNQWodCTfUR0MDmDjjrXyxjkzQRHHJgFZzt4n36B6uWcYsK5mtzIl7A4zwWgIqRXGWqAkvAS/8Sg==" ], "exp" : 1600207925144, "alg" : "RSA1_5", "n" : "rdfPLpnQyX7phUXCaNSJiCxSGZpm_nJIxayglh5wlnKf7NuzW4x_Vg2jjexzBmhCwoqbjN1B2UyLdEpD_s4bPrbX6IA1J8vhWsijeeVOR1NMcNmn7FkL8glSqJ5R5sc0BflkSPzFfyQjhAR9BxeWPN7p8AopDT6p6lwzRURTTZ0tBelLp2__xLQU-_l-r6e-iPwhhma_1NLyUwvtxjI3ixHhO-o8zOkSU6z-I8rR4srdevpjLkUPBobucsjQqTJs5xwlA_L8jBNFtQ-QYkC0J5ERwyws3roseBTJhnS0HMuLRZaeNEpMJa9i_pfjbWFLB7nsPMpoYzt8ABQB78MOvw" }, { "kty" : "RSA", "e" : "AQAB", "use" : "sig", "crv" : "", "kid" : "3ad5560e-3492-454f-8e11-5a0089cd648c_sig_rsa-oaep", "x5c" : [ "MIIDAzCCAeugAwIBAgIganPAbBNjI0DELVVAAgx8srpxoRtf+OaR7tf+Dqm0wukwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTMyMTExNTdaFw0yMDA5MTUyMjEyMDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCszGExDye/tvHjG0Lm69n5fTIL5pAOFM4dX/rkTohziK/D7e74G27RRhImPFk5wSfBmWPQybdh+i48c39zNc9YjOHCoLsPozMD0cyvy1o8nU/OFN+6chFh3Fo51LAmo/FWUY5perglQ92C4t3pvKfjjbUDeiExY2o0fVS/hCO454CibXl+JC95AQPCeaE4VLapi4Q+qJ7jf5RiJ1wTvWy52ZE6Sra8s2C+9RHNzKmOXBh8TWRI8Ao/4gBNdDZjoXjRnJ11ZkouK9HKWgy3weHp3VcwR6iSGEAHo+9ADbOTwREzH1ovOHbsf4lTED1A4ZD5JsZLE6g2w70cjkZEEOLXAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAU9WmZgb82t+6LI/qE2pTLjXeXGNIteNthiwm94a32QAREWrY0cpurPSB5LS3VryRORwRp24E9mZuKAKbluO4xAiXWDQgBrF8Ozm87116RGHTRD33KNU9/4Da10J1kcvvpyendrMa0s89m4PsYvuqLvUISqUBvw6D+TcB0Xch0JY8NDYDdv8zMAxQspyhhZGwTzhhy5XqxS5Xq0V5CL568RYVzLGFdmYumFUKRwK+Rt+JbiY5jIlC+sy4QSpYm1ZZiSgv+bgUnKNEU44479QrvcVgGjdtUZDtsj7osIituFYl3vrflR30TUfPr/lqe2qvkarV+G1U5MLwXeJLZB16eQ==" ], "exp" : 1600207925144, "alg" : "RSA-OAEP", "n" : "rMxhMQ8nv7bx4xtC5uvZ-X0yC-aQDhTOHV_65E6Ic4ivw-3u-Btu0UYSJjxZOcEnwZlj0Mm3YfouPHN_czXPWIzhwqC7D6MzA9HMr8taPJ1PzhTfunIRYdxaOdSwJqPxVlGOaXq4JUPdguLd6byn4421A3ohMWNqNH1Uv4QjuOeAom15fiQveQEDwnmhOFS2qYuEPqie43-UYidcE71sudmROkq2vLNgvvURzcypjlwYfE1kSPAKP-IATXQ2Y6F40ZyddWZKLivRyloMt8Hh6d1XMEeokhhAB6PvQA2zk8ERMx9aLzh27H-JUxA9QOGQ-SbGSxOoNsO9HI5GRBDi1w" }, { "kty" : "RSA", "e" : "AQAB", "use" : "enc", "crv" : "", "kid" : "3b0cfe98-84aa-4dca-977f-b0ea34fe426a_enc_rs256", "x5c" : [ "MIIDBDCCAeygAwIBAgIhAJqQQ0ZuGoB8Zcap3soGaKtcVAUX2CLPIDJiWUmcdorJMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTEzMjExMTU4WhcNMjAwOTE1MjIxMjA3WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7VBv7FdinTsld+zMmAwlQdG4souT+C4w+t+rcstbEZwzFGXlNLOiyM4bfpxXEj3x62YNK8dJ9Equ0JjoUSdER1iioO2IVbpGcTXjLsHJYkj7AgVnz52Srnk13KoBakJlOAX4WTf9T0qAwlZYAGZemslDt3jgTRpJqESgMmA6JAhmc/qcyEvYkhspFqT1CfyT6u8XHFix2rrmdtxL5Hai1zOdHhe4BGR2bSjxiDRFYDhpiBjIahv25vYWwCu2UJE1vYCPUqZqjju4Lhbj05fzOOSSBLgA/3UkYznt5VgdrSRT14olfregxIPyxPbMfAsISj0fJa4B3dwFu9Si3dDSFQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBANEBRUUS89boZ+JNn7yYGDjs5kIseKzVKlXZMZ/tn2HASFY7OUMaOjtflbQqAbJ7xeBgqtjGXDbfMm04mOqipmmCjv+mQMlGljRY7REXgHRdc0NYMbwU+hY8FBg+CfTxcOSLsNRlhvuzU4Piw3NUAdln2f6laV9YVL9cAJB/X6KaLKCp9iaJ2+IFZH6nSGRXSTNxQHaZK9g0mD1lznaSyI4zKMlvYtwUrQaQPsqj12lrGhTcs5cXW7R0xtqftl9aXlWCQOVcfXIXmpv/uqRB1NuTx5zU0Ksv1wWoJYF++RpDv3Hll6Uucob+Md69DnK/h5H4YwIvJZBU99Hk7tp3KxQ=" ], "exp" : 1600207927861, "alg" : "RS256", "n" : "7VBv7FdinTsld-zMmAwlQdG4souT-C4w-t-rcstbEZwzFGXlNLOiyM4bfpxXEj3x62YNK8dJ9Equ0JjoUSdER1iioO2IVbpGcTXjLsHJYkj7AgVnz52Srnk13KoBakJlOAX4WTf9T0qAwlZYAGZemslDt3jgTRpJqESgMmA6JAhmc_qcyEvYkhspFqT1CfyT6u8XHFix2rrmdtxL5Hai1zOdHhe4BGR2bSjxiDRFYDhpiBjIahv25vYWwCu2UJE1vYCPUqZqjju4Lhbj05fzOOSSBLgA_3UkYznt5VgdrSRT14olfregxIPyxPbMfAsISj0fJa4B3dwFu9Si3dDSFQ" }, { "kty" : "RSA", "e" : "AQAB", "use" : "enc", "crv" : "", "kid" : "cedb31ce-5898-496a-bc0d-84feb67162b4_enc_rs384", "x5c" : [ "MIIDAzCCAeugAwIBAgIgFWE9CFggSv+4oyEBSgNvO1TIJaJipNnIw8zIksAtbX4wDQYJKoZIhvcNAQEMBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTMyMTExNTlaFw0yMDA5MTUyMjEyMDdaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD22ahXLQpECPGemmYCcp57huraxgjlIID4Vo3d1w7CrbuG6J6fiCjeMeBg8m2gked3jGRN71o6mW3shLAsOyRty7GKAKi5HYXKeX8IIBFho/exDKw5BKccobYwjiQxfR4HPXg+f9SQ4rUZIZQBeFkGkHVEyTjVwrsLlQlpnJhnu3v9iVlc+BD5VUkM/BOpGGSBKZdPnPbSNoigQoaDAIadzey6OQN+z2eLaBsDroyYwim9nNGyV0WG7jec2wSoHxjqz9C6XAMOQoFShE/y5cIhQnqthWZAYOOrUCpzrYm2Ypd+tE1zEDm2uEEk2+vIzcK+iGMKt/0ZGuI2gGkW5rBpAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQwFAAOCAQEAB3LNywbcaNLb/R7ha4bIVFZJHDKVXPpKQBvp4C6XlrM7hRwj+/yF+lmBKpr6N7iHm7fDjCZ6q0USZ8pucqHBFxURhjx6AFe3kfbyapYc3p0booAGQ8I2n9AywMsitcH4GlwqKlgDIzxeW4cfPvDavuErQxdShuRYO7Hid4Q6iqE51LP5sQv6x5SBK2OkQK1/UR3YgXdVIg9D0haUV2Dmq6l0zk4YcX2mmpNps55UwVHywO29+qILqHBs5Nk/Tc6kD7ZCb6PkuKIolWsR2dL0sjsUkrOUSQYjkWsaQt05IA42DFKpPomp6UAjTDGf62uyDaIYatMLiJuT0MROv8kKcQ==" ], "exp" : 1600207927861, "alg" : "RS384", "n" : "9tmoVy0KRAjxnppmAnKee4bq2sYI5SCA-FaN3dcOwq27huien4go3jHgYPJtoJHnd4xkTe9aOplt7ISwLDskbcuxigCouR2Fynl_CCARYaP3sQysOQSnHKG2MI4kMX0eBz14Pn_UkOK1GSGUAXhZBpB1RMk41cK7C5UJaZyYZ7t7_YlZXPgQ-VVJDPwTqRhkgSmXT5z20jaIoEKGgwCGnc3sujkDfs9ni2gbA66MmMIpvZzRsldFhu43nNsEqB8Y6s_QulwDDkKBUoRP8uXCIUJ6rYVmQGDjq1Aqc62JtmKXfrRNcxA5trhBJNvryM3CvohjCrf9GRriNoBpFuawaQ" }, { "kty" : "RSA", "e" : "AQAB", "use" : "enc", "crv" : "", "kid" : "18c67d79-657e-420a-98ef-55a27908adb1_enc_rs512", "x5c" : [ "MIIDBDCCAeygAwIBAgIhAJrzmdamSolsEWGpHWO1LvQz02CFL0i5vlRX6Gqwk//9MA0GCSqGSIb3DQEBDQUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTEzMjExMTU5WhcNMjAwOTE1MjIxMjA3WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/Umq9QSpNVOGTzev7p0JtWXCzPNsPrzoFXBZRzfa04erMVv0s7SQ885+uc+q4mM2t3FbhbSqw47/NKQJk+vOF7UdEklmk5DraZhR28A89EhDlg0LQenNMUjpKsrlvSQZRgol3rgCEacLpdZ6q+EYMnu9Ldfe/1svEy8zxb74ZkjhdTq00y0FVazwY2+RQAAwSnFB76O7Jtk4s+mye8e5N6nYxf0B4p02QFtyLITc1AKV7SypXStpZcnaXGBLOFSFztyh20B+PIqpjMQsg8pxpBDq+DDAekNm4EqwTWWmdvLrAux4LNtQVSofdrcbwxraWBwfIBycc4N2VkR2vj3QwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQENBQADggEBAFAKpYgIKoyhiaWU/mSYVRzHR4/OYGFkwPbtMXddObp7StecGVoNAiS6ehigCGWgLK//x/op2a8MhtbhqaYBhFth67wsvOOXSR/lC2tRqOs/rQeccT1ec3eYPni7qn2xwnCSDTcLfMyl5srS+iPxaUFy6/MmDyGv3Sih4LtrGEuV3GAc3+fRP3itnksmvbUhXivSbA+pS0etGX6wI+M5pWhpax0KLg+QZlmZ82C3u3DatVfs1Ub3BFosJs2kyGMvt8vrrrGuTcdVUwbhoYy04jt8m9EdZT7Lq++PboBGl2BFmY1eXWu0ompyTixlhW7rvMhd0oukXd+A2TOwI17bZ60=" ], "exp" : 1600207927861, "alg" : "RS512", "n" : "z_Umq9QSpNVOGTzev7p0JtWXCzPNsPrzoFXBZRzfa04erMVv0s7SQ885-uc-q4mM2t3FbhbSqw47_NKQJk-vOF7UdEklmk5DraZhR28A89EhDlg0LQenNMUjpKsrlvSQZRgol3rgCEacLpdZ6q-EYMnu9Ldfe_1svEy8zxb74ZkjhdTq00y0FVazwY2-RQAAwSnFB76O7Jtk4s-mye8e5N6nYxf0B4p02QFtyLITc1AKV7SypXStpZcnaXGBLOFSFztyh20B-PIqpjMQsg8pxpBDq-DDAekNm4EqwTWWmdvLrAux4LNtQVSofdrcbwxraWBwfIBycc4N2VkR2vj3Qw" }, { "kty" : "EC", "use" : "enc", "crv" : "P-256", "kid" : "1fbc298b-2de2-4cf2-84c2-0d4546294570_enc_es256", "x5c" : [ "MIIBeDCCAR2gAwIBAgIgOAMTnatcEdpaUacS7NiQJOPsSYIvAEA/0JR2DuoE84YwCgYIKoZIzj0EAwIwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTMyMTExNTlaFw0yMDA5MTUyMjEyMDdaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATG76wx5r6z2uXHQ6NAhGA48oVpJg6aRTYlc8q3r4S0UxW2A3327+893wvpJi6RDMXJ96VtqYD8p8iu/Ry56INmoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwIDSQAwRgIhAIO+hbmoyVLXl4Lp27M/4ZfF8tRRbsbBRdnWYEhX9fmOAiEA35/TRRtjKY6EzrEqZ30TQEeazcNrF/dJy05jaHYXXZ0=" ], "x" : "xu-sMea-s9rlx0OjQIRgOPKFaSYOmkU2JXPKt6-EtFM", "y" : "FbYDffbv7z3fC-kmLpEMxcn3pW2pgPynyK79HLnog2Y", "exp" : 1600207927861, "alg" : "ES256" }, { "kty" : "EC", "use" : "enc", "crv" : "P-384", "kid" : "b14a8e46-c2d5-45e8-b3a9-e7defa467847_enc_es384", "x5c" : [ "MIIBtjCCATugAwIBAgIhAP7kUJG/D02iIU3VHe4xW0Eq0U6MwW5CIEXMEzYLjKsOMAoGCCqGSM49BAMDMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTEzMjExMTU5WhcNMjAwOTE1MjIxMjA3WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEjplQkmNKMcxKhXfIGdLtUCuXwCFFk9ddww3erjlWIQ3IP6XHJR5COeLKmarhB8Sr9W3wM9dFFvtgukmUssGblbN6zFjH2BzKx1USX+BsSmG2qs3BsyJ9nJn4d/UE1t3WoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwMDaQAwZgIxAMwdiiM2713Z54UhVNrbgO/wbu/vx9am+nnR2+mv33KXYQEKXlbRhquniANOPFgCoAIxAPJDQc0XtE+cXzXUIv5g1tPN8+UBIKdhuXkHj9nK+v9p+sNm/9CT3wxR9/IsafJhZA==" ], "x" : "jplQkmNKMcxKhXfIGdLtUCuXwCFFk9ddww3erjlWIQ3IP6XHJR5COeLKmarhB8Sr", "y" : "9W3wM9dFFvtgukmUssGblbN6zFjH2BzKx1USX-BsSmG2qs3BsyJ9nJn4d_UE1t3W", "exp" : 1600207927861, "alg" : "ES384" }, { "kty" : "EC", "use" : "enc", "crv" : "P-521", "kid" : "95a9f380-5bbf-483e-a933-d5747c53bbd1_enc_es512", "x5c" : [ "MIIB/jCCAWCgAwIBAgIgNWIAOsw4JUm/5+aFed6qQt5AcrtBjfG+AkYqBDoT7eAwCgYIKoZIzj0EAwQwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTMyMTExNTlaFw0yMDA5MTUyMjEyMDdaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAHUg4iHuTqFmqF4Yr7HKGu3O4TRZEAJLL0BgekjqD+T5zQfxVw8IGsZ/4A/NLCj/sIV7zB1khYzsaDhi8GMIMFUBQF+6Ef7NLNbIbEaj35/3vLaSkfxcJtO8NRQzsrFm9RqI9jL1RVoY7Q4GzHafs/fWEN4FczOywy2t3qArEgE93wyO6MnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMEA4GLADCBhwJBAIGM0uTwlMwZ7CMmsSmC0LGyZvE/vVkKfVOAYtoCm8wSFNExspoM/RuxtNUH7/SyocCdVFgKquFZ1r5RELBZcvQCQgEqtHiCp32nCOL8phEJeQT7d5puuPdsfdtEMSFGGwElmWW8t2h/+mxn4eYOUuPWqRcQm46qMRapdtBKWn8GUnl4Vw==" ], "x" : "AdSDiIe5OoWaoXhivscoa7c7hNFkQAksvQGB6SOoP5PnNB_FXDwgaxn_gD80sKP-whXvMHWSFjOxoOGLwYwgwVQF", "y" : "AX7oR_s0s1shsRqPfn_e8tpKR_Fwm07w1FDOysWb1Goj2MvVFWhjtDgbMdp-z99YQ3gVzM7LDLa3eoCsSAT3fDI7", "exp" : 1600207927861, "alg" : "ES512" }, { "kty" : "RSA", "e" : "AQAB", "use" : "enc", "crv" : "", "kid" : "01f36b1b-b345-4831-ac76-cc6ca457d4f3_enc_ps256", "x5c" : [ "MIIDbDCCAiCgAwIBAgIhALyWAIcg6EFnJSYm50ABs3cJDQCs0m1q1E1kDG/s0tksMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMB4XDTIwMDkxMzIxMTE1OVoXDTIwMDkxNTIyMTIwN1owITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyfez07Wzgqs4iQPeakXFHPJbxADH8ov5Hx5Y+cPoz31MtkAUFQvQMr9yOJRth68D2D5/nosthKDNwG/IlRnwTICc6CQdWCxO7z+Z3KX5QfRJ+pLcbBA093fepyY69yYNyxFdzN+QCEi2zUPb5L1KdUf54TVAx8L8k7OZy9uvS49RAf1NSyNImahO4B4KnmqlrVdl7rg3MVm3ArdhDoN/i0yIyVK7vVSMvvfYITItJpWCmNvUK+L3Q/OwsH1UR0yUsFFIqVtUE5DgP04ksoHqPLXmgfVbKU1pCDxSPQfAjCa6Q6dTept7vTFRleh8PuwJb1cysijXA3Z41l4RV+hu8CAwEAAaMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIAOCAQEACmfLShA4s+YucWcvs6uq67FibgkM4JaOhWsqKhKkxnYHYSQetguLmVDzUjtwunDKhgSjmq0ozbYMCQZtjpVAqsF0nLeQAvd7KTGc8nSSA7XTdzCRXhpcY2KdU0oIwD0aEZnlkthaZmqOdHHhozDM8HOYC5vkKU4Wd0H2t4ZjqcBEtIPUq6qAGiL+7upJZbT9es67widkgJH3FYZfxGbGVUplDNbDQyCpwW519uJy6v0FKX9yHlF58IkviVDAB9ewGndwOruSy7RZxUQb/5lPKalr12IEeO9gKURn44CQgsaek89V3EnqvI8kUpXGKkzAibt4xgZ1b4ae1DzHWmH4/g==" ], "exp" : 1600207927861, "alg" : "PS256", "n" : "vJ97PTtbOCqziJA95qRcUc8lvEAMfyi_kfHlj5w-jPfUy2QBQVC9Ayv3I4lG2HrwPYPn-eiy2EoM3Ab8iVGfBMgJzoJB1YLE7vP5ncpflB9En6ktxsEDT3d96nJjr3Jg3LEV3M35AISLbNQ9vkvUp1R_nhNUDHwvyTs5nL269Lj1EB_U1LI0iZqE7gHgqeaqWtV2XuuDcxWbcCt2EOg3-LTIjJUru9VIy-99ghMi0mlYKY29Qr4vdD87CwfVRHTJSwUUipW1QTkOA_TiSygeo8teaB9VspTWkIPFI9B8CMJrpDp1N6m3u9MVGV6Hw-7AlvVzKyKNcDdnjWXhFX6G7w" }, { "kty" : "RSA", "e" : "AQAB", "use" : "enc", "crv" : "", "kid" : "4fbfb6c3-7db9-4998-b8ea-94199431dcd0_enc_ps384", "x5c" : [ "MIIDbDCCAiCgAwIBAgIhAMos5tMNmX4ofHfA/e7YbPV6uueMd2mJstOFmeraU7O/MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMDAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMB4XDTIwMDkxMzIxMTIwMFoXDTIwMDkxNTIyMTIwN1owITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKSdJQ09Y3B09cRakhx/YeBFHWrE4wD2dFIWUJDMVIZDKtWKQ4DBGY/+Q8CiuidLHify1j2Akv/scmTSJhajK+RatQZr0yWkRERIRlGRf58hwH/IE7/1LsLpJJpdMxm+1G7ZvikzR+noEipHqu9kTaqJges18os7CNr+MDkqEPKFzpfgZdlcnckqUXQHvmFVpbC6Xgg9jitDOE6RA5qOy8OvroOYPPMD6yRnU7zUhvBrWRz5N0bCTCAmVn2NBdFPDpCDZyZP/wV8OE0Q5+Ib0cs/nC4l5DoRIEuSIKI4soZXHxIY9SE8swjmrkDCiMmbHNd1vNEWEtI/bt48NJkhtuUCAwEAAaMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMAOCAQEAd0zY0Esp0I7AiYnXB0b+n54qTj2huuPMlOpGpeX6mBTdsPGlYm2OhiGzPW3/eArjhy4f8i1GFa5gkJI7zvsItKrVxFBKxjT2Cz0sXAkvUOypTCahlBtOGvFPoImwk+7Ne9KdA2wm8HcLSHhnuypx3rPi+dNgR9P/8PtljS8nRFYeG/C+0ZRSICk7yTaLwPXULYU81Bm1UobFu8zzAhffZy/xnxN+zec/IF/so1i7dIvkVmcCL9WvyM/9LueXLn//LC8qadALCKAbjMY4ZQtywsO1RIZzX/CfAZVjKpbMTkqS7TSD5yxNS9MIGMFx1QUC2ZUPwgspGPhgsQi1ot9aAw==" ], "exp" : 1600207927861, "alg" : "PS384", "n" : "pJ0lDT1jcHT1xFqSHH9h4EUdasTjAPZ0UhZQkMxUhkMq1YpDgMEZj_5DwKK6J0seJ_LWPYCS_-xyZNImFqMr5Fq1BmvTJaREREhGUZF_nyHAf8gTv_Uuwukkml0zGb7Ubtm-KTNH6egSKkeq72RNqomB6zXyizsI2v4wOSoQ8oXOl-Bl2VydySpRdAe-YVWlsLpeCD2OK0M4TpEDmo7Lw6-ug5g88wPrJGdTvNSG8GtZHPk3RsJMICZWfY0F0U8OkINnJk__BXw4TRDn4hvRyz-cLiXkOhEgS5IgojiyhlcfEhj1ITyzCOauQMKIyZsc13W80RYS0j9u3jw0mSG25Q" }, { "kty" : "RSA", "e" : "AQAB", "use" : "enc", "crv" : "", "kid" : "4b4a1359-20f3-42c7-b733-3d2941975c15_enc_ps512", "x5c" : [ "MIIDbDCCAiCgAwIBAgIhAIML+2BiRxQ7Z2431LoIi0cWbyNUVCSBgUrChJn6sOUCMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIDBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIDBQCiAwIBQDAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMB4XDTIwMDkxMzIxMTIwMFoXDTIwMDkxNTIyMTIwN1owITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQtc+5ufMt4KXfVcPdt5Os8NBifIZYY2lD8We6FUVOas9v+HzDLs36Rh1Bach1reXRh/GYk0GCIwjG6OSYI5mpJSOYBEsC/u1JSg/uEWRCd5gtr6HB1zbAEzjgUtQAelvo9ci+WzgUEYka82SqCS64VvN67fzEuTQ9LyUqabs6XlTTM6EdZjI/WwNIJY7r9sRJc4uHoiZTtYdM9pPMmL5SnjUW61hlL/YhmgxFRh5TCzWl4UGh2V/YixWpEOrAc6jt2NeJStzssnIV5zIM0LbH9xzrgaVva9/g2GE5sUzwomj9hOtk+A1q3r0zoysVHH1d9Acu8UVXkAgUF7OzrllECAwEAAaMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIDBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIDBQCiAwIBQAOCAQEAJUx8M3n+fA/T9L81qiPuPEDvAfA/69Z8zaNutPAha274//cqTaUpDdiYX7Uq3gtOWyHLWQYoLWI2vduzrlhDoskP8g9il+mk6hYTYcvKdXaj9LwgM/tQJN40EfC7DDZpOGutHZwjfYVvxLX5NVBkJkqcu3IVHD7+JFEeBkD3zQOGT9WvpxU/xfhqYr+cxt6oB2te6SH4m2qTsdNzf2A62xieNNHE04GJP5iP9R60PlSh+RwuusA9PNdAupSlzGg25wig34mqGfZAYCK7NkyTp4C1t0YR6C7CpcKgMrPtL686jZSIqZ6AGSDmF45hQFzNQYBIEIFibsQ9F79gX1mywQ==" ], "exp" : 1600207927861, "alg" : "PS512", "n" : "5C1z7m58y3gpd9Vw923k6zw0GJ8hlhjaUPxZ7oVRU5qz2_4fMMuzfpGHUFpyHWt5dGH8ZiTQYIjCMbo5JgjmaklI5gESwL-7UlKD-4RZEJ3mC2vocHXNsATOOBS1AB6W-j1yL5bOBQRiRrzZKoJLrhW83rt_MS5ND0vJSppuzpeVNMzoR1mMj9bA0gljuv2xElzi4eiJlO1h0z2k8yYvlKeNRbrWGUv9iGaDEVGHlMLNaXhQaHZX9iLFakQ6sBzqO3Y14lK3OyychXnMgzQtsf3HOuBpW9r3-DYYTmxTPCiaP2E62T4DWrevTOjKxUcfV30By7xRVeQCBQXs7OuWUQ" }, { "kty" : "RSA", "e" : "AQAB", "use" : "enc", "crv" : "", "kid" : "4ef25833-1fba-4ef5-b1e9-ca2d90b7ba56_enc_rsa1_5", "x5c" : [ "MIIDBDCCAeygAwIBAgIhAJxQmr/V8psW8GT7dhZ8A5MYG7ji4SeHRiXtN+s/fkcUMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTEzMjExMjAwWhcNMjAwOTE1MjIxMjA3WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkWVi1dUEzsiPEqXMG9NIoDwB45MMLALxR2JD4WbNAy7CBzf5lMGCZAROYAQrTkQMFN+LrbRTqyxuzXfPlZl7nSjugzKVItZPji3PorV9pZF8heFnthQnOeg5BZGz8EG3sBuKehGndiaR113z/1tmtIqjN7bITmc47qewJVo1DbFJxfwjzovh0kjWi3Oma3RgcsUIj/nMDk1Gc1mZC4AY9eDe+PSDIsIye5/veKUhGooXd9wcZl3Lyk50cCU5SgYlGy/xcofKdWvU5A1Q/XCF61Q+hopqJxIUPWZF5Xd8W+jXoLRsCs3BpgQxq7RVQxRxzSZVZM1/fNqf34ee4uKRwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBADCH9jGigsCTindERUkTUYhfsIEK2Uk9kfWR5z7Tn9y2RZ0GS9IY4Ew3Z+jdtIapxyA63YzP5QPl5HWeLlAtK+SRKTnI3ktDLEWitLA4zhdba8Yg6c5PkIh8PhiS8A2eDrMvKIhe5nbKmiFdNoqDgh1+3lTVIuYbvOox+aB/XN8gVvm6LCYlD8HwSPq43SnbOV43fb+SaesazYJ2zKpIMur4tCzLf95t5VisJuIfEhrUD6Fs7D18iEugfn4p/66R+NnQfqu1uK5uPtrvHQlo/c55m5MmqxRPc5o2jWtkKsiAvwY+HbrobVpvP/CDJfPozK/bBJb9BtJgr/px697krHA=" ], "exp" : 1600207927861, "alg" : "RSA1_5", "n" : "pkWVi1dUEzsiPEqXMG9NIoDwB45MMLALxR2JD4WbNAy7CBzf5lMGCZAROYAQrTkQMFN-LrbRTqyxuzXfPlZl7nSjugzKVItZPji3PorV9pZF8heFnthQnOeg5BZGz8EG3sBuKehGndiaR113z_1tmtIqjN7bITmc47qewJVo1DbFJxfwjzovh0kjWi3Oma3RgcsUIj_nMDk1Gc1mZC4AY9eDe-PSDIsIye5_veKUhGooXd9wcZl3Lyk50cCU5SgYlGy_xcofKdWvU5A1Q_XCF61Q-hopqJxIUPWZF5Xd8W-jXoLRsCs3BpgQxq7RVQxRxzSZVZM1_fNqf34ee4uKRw" }, { "kty" : "RSA", "e" : "AQAB", "use" : "enc", "crv" : "", "kid" : "3364be63-de05-423c-b667-064cb26d29b8_enc_rsa-oaep", "x5c" : [ "MIIDAzCCAeugAwIBAgIgPbvrgP9S36B8A43icBY9fkSzRibXykOkS+dpeLH+mRUwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTMyMTEyMDFaFw0yMDA5MTUyMjEyMDdaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLMeXEqb3hhf2n/2TZrIm2kqHk2jtm9hLrvBs+cuSQL+VWBFb1udlxuMHzUio8OncVARetekx6s2Mvs2F+atWRzBv0ZfdqjMteMx5tUcARG6P8xt8JPR68l6qczFsuqmIFouxnJW8qJGeKsgGkv/5+WHoh9N+SzyB/xMmcbGMZumeODmbNi5CsbRnZQ/Oo7L7l7BNcvNMSIj+Rzn4LC4JmO2dFHFyjPTcVJv6cXCAD6FLab1cTAVduFPFqNXrRnOOQcNFvjZeKSR0YQ/i5omCqArhqfUSs3vjUblR6FwXyzSHuNKzm61lSwRwb77vIbI2seSJhkJ1Mf/Fbywl3MLnHAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAweRJ12GWI9ZLO+R5uaHPlikyWDboKEiNMxIqe/ANS6YxshqrTTlg2oHY3MnF6ZSxO+csmRAqj3l2ae8furic8I+R67EcEemV5LLonmP14Lc7IMOLQmgGS12kHONpias3EvPNrUH8dSfw/XtCjOU4Qd8V9PAVPup+z/UENmLIKKP/7eDdHyx1TpIXmGeBSRJoQys4ZmZnYqEqtf1o56GQMLRkcC2xSQXC2+78jp13fN5CRoeE+zpfL1IKyLkMVW6RAe/oiYVEOtJuEN8Hy2q2NszWsTmSPlE29OQzQNCjAaX1xYIST4fcqWRzla7/r0PAYC4ebGQfvArnxWviQOXUKA==" ], "exp" : 1600207927861, "alg" : "RSA-OAEP", "n" : "yzHlxKm94YX9p_9k2ayJtpKh5No7ZvYS67wbPnLkkC_lVgRW9bnZcbjB81IqPDp3FQEXrXpMerNjL7NhfmrVkcwb9GX3aozLXjMebVHAERuj_MbfCT0evJeqnMxbLqpiBaLsZyVvKiRnirIBpL_-flh6IfTfks8gf8TJnGxjGbpnjg5mzYuQrG0Z2UPzqOy-5ewTXLzTEiI_kc5-CwuCZjtnRRxcoz03FSb-nFwgA-hS2m9XEwFXbhTxajV60ZzjkHDRb42XikkdGEP4uaJgqgK4an1ErN741G5UehcF8s0h7jSs5utZUsEcG--7yGyNrHkiYZCdTH_xW8sJdzC5xw" } ] } ####################################################### TEST: OpenID Connect Discovery ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 181 Content-Type: application/jrd+json;charset=iso-8859-1 Date: Tue, 15 Sep 2020 17:03:03 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "subject": "acct:test_user@ce-dev5.gluu.org", "links": [{ "rel": "http://openid.net/specs/connect/1.0/issuer", "href": "https://ce-dev5.gluu.org" }] } OpenID Connect Configuration ------------------------------------------------------- REQUEST: ------------------------------------------------------- GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1 Host: ce-dev5.gluu.org ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Connection: Keep-Alive Content-Length: 7237 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:03 GMT Keep-Alive: timeout=5, max=100 Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "request_parameter_supported" : true, "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection", "claims_parameter_supported" : true, "issuer" : "https://ce-dev5.gluu.org", "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize", "service_documentation" : "http://gluu.org/docs", "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id", "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ], "scope_to_claims_mapping" : [ { "http://photoz.example.com/dev/actions/a3" : [ ] }, { "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "http://photoz.example.com/dev/actions/internalClient" : [ ] }, { "http://photoz.example.com/dev/actions/see" : [ ] }, { "openid" : [ ] }, { "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ] }, { "http://photoz.example.com/dev/actions/view" : [ ] }, { "permission" : [ ] }, { "/user" : [ ] }, { "http://photoz.example.com/dev/scopes/all" : [ ] }, { "super_gluu_ro_session" : [ ] }, { "work_phone" : [ "work_phone" ] }, { "http://photoz.example.com/dev/scopes/view" : [ ] }, { "http://photoz.example.com/dev/actions/all" : [ ] }, { "phone" : [ "phone_number_verified", "phone_number" ] }, { "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "^/user/[^/]+$" : [ ] }, { "org_name" : [ "org_name" ] }, { "http://photoz.example.com/dev/actions/remove" : [ ] }, { "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ] }, { "mobile_phone" : [ "phone_mobile_number" ] }, { "http://photoz.example.com/dev/actions/a1" : [ ] }, { "email" : [ "email_verified", "email" ] }, { "user_name" : [ "user_name" ] }, { "http://photoz.example.com/dev/actions/a2" : [ ] }, { "test" : [ "member_of" ] }, { "http://photoz.example.com/dev/actions/walk" : [ ] }, { "oxtrust-api-write" : [ ] }, { "oxd" : [ ] }, { "uma_protection" : [ ] }, { "oxtrust-api-read" : [ ] }, { "^/user/.+$" : [ ] }, { "modify" : [ ] }, { "http://photoz.example.com/dev/actions/add" : [ ] } ], "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy", "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "tls_client_certificate_bound_access_tokens" : true, "response_modes_supported" : [ "fragment", "form_post", "query" ], "backchannel_logout_session_supported" : true, "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token", "response_types_supported" : [ "token code", "token id_token code", "token", "id_token code", "id_token", "token id_token", "code" ], "request_uri_parameter_supported" : true, "grant_types_supported" : [ "password", "refresh_token", "client_credentials", "implicit", "urn:ietf:params:oauth:grant-type:uma-ticket", "authorization_code" ], "ui_locales_supported" : [ "en", "es" ], "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo", "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos", "auth_level_mapping" : { "-1" : [ "auth_ldap_server" ], "60" : [ "super_gluu" ], "20" : [ "basic_lock" ], "10" : [ "basic" ] }, "require_request_uri_registration" : false, "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "frontchannel_logout_session_supported" : true, "claims_locales_supported" : [ "en" ], "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo", "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session", "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm", "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ], "backchannel_logout_supported" : true, "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ], "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "display_values_supported" : [ "page", "popup" ], "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "claim_types_supported" : [ "normal" ], "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session", "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke", "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "frontchannel_logout_supported" : true, "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks", "subject_types_supported" : [ "public", "pairwise" ], "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register", "id_token_token_binding_cnf_values_supported" : [ "tbh" ] } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimAlgA128KWEncA128GCM ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "request_object_encryption_alg" : "A128KW", "application_type" : "web", "userinfo_encrypted_response_enc" : "A128GCM", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "userinfo_encrypted_response_alg" : "A128KW", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "additional_audience" : [ ], "id_token_encrypted_response_alg" : "A128KW", "id_token_encrypted_response_enc" : "A128GCM", "claims" : "member_of", "client_name" : "oxAuth test app", "request_object_encryption_enc" : "A128GCM", "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:03 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimAlgA256KWEncA256GCM ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "request_object_encryption_alg" : "A256KW", "application_type" : "web", "userinfo_encrypted_response_enc" : "A256GCM", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "userinfo_encrypted_response_alg" : "A256KW", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "additional_audience" : [ ], "id_token_encrypted_response_alg" : "A256KW", "id_token_encrypted_response_enc" : "A256GCM", "claims" : "member_of", "client_name" : "oxAuth test app", "request_object_encryption_enc" : "A256GCM", "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:03 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimAlgRSA15EncA128CBCPLUSHS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "request_object_encryption_alg" : "RSA1_5", "application_type" : "web", "userinfo_encrypted_response_enc" : "A128CBC+HS256", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "userinfo_encrypted_response_alg" : "RSA1_5", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "additional_audience" : [ ], "id_token_encrypted_response_alg" : "RSA1_5", "id_token_encrypted_response_enc" : "A128CBC+HS256", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "member_of", "client_name" : "oxAuth test app", "request_object_encryption_enc" : "A128CBC+HS256", "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:03 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimAlgRSA15EncA256CBCPLUSHS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "request_object_encryption_alg" : "RSA1_5", "application_type" : "web", "userinfo_encrypted_response_enc" : "A256CBC+HS512", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "userinfo_encrypted_response_alg" : "RSA1_5", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "additional_audience" : [ ], "id_token_encrypted_response_alg" : "RSA1_5", "id_token_encrypted_response_enc" : "A256CBC+HS512", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "member_of", "client_name" : "oxAuth test app", "request_object_encryption_enc" : "A256CBC+HS512", "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:03 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimAlgRSAOAEPEncA256GCM ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "request_object_encryption_alg" : "RSA-OAEP", "application_type" : "web", "userinfo_encrypted_response_enc" : "A256GCM", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "userinfo_encrypted_response_alg" : "RSA-OAEP", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "additional_audience" : [ ], "id_token_encrypted_response_alg" : "RSA-OAEP", "id_token_encrypted_response_enc" : "A256GCM", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "member_of", "client_name" : "oxAuth test app", "request_object_encryption_enc" : "A256GCM", "response_types" : [ "token", "id_token" ] } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:03 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimES256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "member_of", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "ES256", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "ES256", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "ES256" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:03 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimES384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "member_of", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "ES384", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "ES384", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "ES384" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:03 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimES512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "member_of", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "ES512", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "ES512", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "ES512" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:04 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimHS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "claims" : "member_of", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "HS256", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "HS256", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "HS256" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:04 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimHS384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "claims" : "member_of", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "HS384", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "HS384", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "HS384" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:04 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimHS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "claims" : "member_of", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "HS512", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "HS512", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "HS512" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 500 Cache-Control: no-store Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:04 GMT Pragma: no-cache Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimNone ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "claims" : "member_of", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "none", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "none", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "none" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:04 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimPS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "member_of", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "PS256", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "PS256", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "PS256" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:04 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimPS384 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "member_of", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "PS384", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "PS384", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "PS384" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:04 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimPS512 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json", "claims" : "member_of", "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ], "request_object_signing_alg" : "PS512", "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5", "client_name" : "oxAuth test app", "additional_audience" : [ ], "userinfo_signed_response_alg" : "PS512", "response_types" : [ "token", "id_token" ], "id_token_signed_response_alg" : "PS512" } ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 400 Connection: close Content-Length: 295 Content-Type: application/json Date: Tue, 15 Sep 2020 17:03:04 GMT Server: Apache/2.4.29 (Ubuntu) Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block { "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.", "error": "invalid_client_metadata" } ####################################################### TEST: authorizationRequestObjectWithMultivaluedClaimRS256 ####################################################### ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/restv1/register HTTP/1.1 Content-Type: application/json Accept: application/json Host: ce-dev5.gluu.org { "application_type" : "web", "jwks_uri" : "