FailedConsole Output

Started by an SCM change
Running as SYSTEM
Building on master in workspace /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace
The recommended git tool is: NONE
No credentials specified
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/GluuFederation/oxAuth # timeout=10
Fetching upstream changes from https://github.com/GluuFederation/oxAuth
 > git --version # timeout=10
 > git --version # 'git version 1.8.3.1'
 > git fetch --tags --progress https://github.com/GluuFederation/oxAuth +refs/heads/*:refs/remotes/origin/* # timeout=10
 > git rev-parse refs/remotes/origin/version_4.2.1^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/version_4.2.1^{commit} # timeout=10
Checking out Revision 130ac8a1ea337c597b5467366bb31bafb2438cd7 (refs/remotes/origin/version_4.2.1)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 130ac8a1ea337c597b5467366bb31bafb2438cd7 # timeout=10
Commit message: "Add db status to health check"
 > git rev-list --no-walk 440201882b5bce05d22cc4485582d92b46490893 # timeout=10
Run condition [Boolean condition] enabling prebuild for step [Trigger/call builds on other projects]
[workspace] $ /bin/bash /opt/jetty/temp/jenkins293305230636561083.sh
Cloning into 'oxHudsonProfiles'...
[workspace] $ /home/jenkins/.jenkins/tools/hudson.tasks.Maven_MavenInstallation/maven_3.3.9/bin/mvn -DDEPLOY_BUILD=true -DVERSION_NAME=version_4.2.1 -DPROFILE_NAME=ce-dev5.gluu.org -DDEVELOPMENT_BUILD=false -DMAVEN_SKIP_TESTS=false -Dpython.import.site=false -DPYTHON_HOME=/opt/jython -Dcfg=ce-dev5.gluu.org -Dmaven.test.skip=false -Ddevelopment-build=false clean compile test-compile install javadoc:javadoc site
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO] 
[INFO] oxAuth
[INFO] oxAuth Model
[INFO] Persistence model
[INFO] oxAuth Client
[INFO] oxauth-static
[INFO] oxAuth RP
[INFO] oxAuth RP Demo
[INFO] oxAuth Common
[INFO] oxAuth Server
[INFO] rp-spring-boot
[INFO]                                                                         
[INFO] ------------------------------------------------------------------------
[INFO] Building oxAuth 4.2.1.Final
[INFO] ------------------------------------------------------------------------
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ oxauth ---
[INFO] Deleting /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/target
[INFO] 
[INFO] --- maven-install-plugin:2.3.1:install (default-install) @ oxauth ---
[INFO] Installing /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/pom.xml to /var/www/html/maven/org/gluu/oxauth/4.2.1.Final/oxauth-4.2.1.Final.pom
[INFO] 
[INFO] >>> maven-javadoc-plugin:3.0.1:javadoc (default-cli) > generate-sources @ oxauth >>>
[INFO] 
[INFO] <<< maven-javadoc-plugin:3.0.1:javadoc (default-cli) < generate-sources @ oxauth <<<
[INFO] 
[INFO] --- maven-javadoc-plugin:3.0.1:javadoc (default-cli) @ oxauth ---
[INFO] 
[INFO] --- maven-site-plugin:2.1.1:site (default-site) @ oxauth ---
Downloading: https://repo2.maven.org/maven2/org/bouncycastle/org/apache/maven/skins/maven-default-skin/maven-metadata.xml

[WARNING] Could not transfer metadata org.apache.maven.skins:maven-default-skin/maven-metadata.xml from/to bouncycastle (https://repo2.maven.org/maven2/org/bouncycastle): repo2.maven.org: Name or service not known
[INFO]                                                                         
[INFO] ------------------------------------------------------------------------
[INFO] Building oxAuth Model 4.2.1.Final
[INFO] ------------------------------------------------------------------------
Downloading: https://repo2.maven.org/maven2/org/bouncycastle/net/minidev/json-smart/maven-metadata.xml

[WARNING] Could not transfer metadata net.minidev:json-smart/maven-metadata.xml from/to bouncycastle (https://repo2.maven.org/maven2/org/bouncycastle): repo2.maven.org
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ oxauth-model ---
[INFO] Deleting /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-model ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-model ---
[INFO] Compiling 194 source files to /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/classes
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-model ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-model ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ oxauth-model ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ oxauth-model ---
[INFO] Compiling 9 source files to /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/test-classes
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-model ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-model ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ oxauth-model ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ oxauth-model ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-surefire-plugin:2.19.1:test (default-test) @ oxauth-model ---

-------------------------------------------------------
 T E S T S
-------------------------------------------------------
Running TestSuite
CodeVerifier{codeVerifier='_Fo0XD4Eh8oy3CpyzJAxM8JstZghbcLOEbjaR4To7-GxdWoAux2Nuv-xvXnNN1oPDtcJlyDZCUX2OJEB9QdCNRdVfcW2fLBHKlZt3tor4AZvqF57Py9.ZY--LOTED9jW', codeChallenge='_Fo0XD4Eh8oy3CpyzJAxM8JstZghbcLOEbjaR4To7-GxdWoAux2Nuv-xvXnNN1oPDtcJlyDZCUX2OJEB9QdCNRdVfcW2fLBHKlZt3tor4AZvqF57Py9.ZY--LOTED9jW', transformationType=PLAIN}
CodeVerifier{codeVerifier='vtbTJiskQSndmlwvYj7M4VpKNPB9o9lkn~Sf~PWG-8LA798gwET1vIgNkBTy9dnNl85ra~btx2VXvI_gkDf84hHfENIzHLzGdluELasN9IDPoJOlT3otc.2IhM6l1.yH', codeChallenge='vL0kavkUN3zsju5F2eTB3MUtzoTIcm6Sd1zBRSWcFEs', transformationType=S256}
Hi there from Javascript, 
Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 4.144 sec - in TestSuite

Results :

Tests run: 8, Failures: 0, Errors: 0, Skipped: 0

[INFO] 
[INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ oxauth-model ---
[INFO] Building jar: /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/oxauth-model.jar
[INFO] 
[INFO] --- maven-jar-plugin:2.4:test-jar (default) @ oxauth-model ---
[INFO] Building jar: /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/oxauth-model-tests.jar
[INFO] 
[INFO] --- maven-install-plugin:2.3.1:install (default-install) @ oxauth-model ---
[INFO] Installing /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/oxauth-model.jar to /var/www/html/maven/org/gluu/oxauth-model/4.2.1.Final/oxauth-model-4.2.1.Final.jar
[INFO] Installing /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/pom.xml to /var/www/html/maven/org/gluu/oxauth-model/4.2.1.Final/oxauth-model-4.2.1.Final.pom
[INFO] Installing /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/oxauth-model-tests.jar to /var/www/html/maven/org/gluu/oxauth-model/4.2.1.Final/oxauth-model-4.2.1.Final-tests.jar
[INFO] 
[INFO] >>> maven-javadoc-plugin:3.0.1:javadoc (default-cli) > generate-sources @ oxauth-model >>>
[INFO] 
[INFO] <<< maven-javadoc-plugin:3.0.1:javadoc (default-cli) < generate-sources @ oxauth-model <<<
[INFO] 
[INFO] --- maven-javadoc-plugin:3.0.1:javadoc (default-cli) @ oxauth-model ---
[INFO] 
Loading source files for package org.gluu.oxauth.model.authorize...
Loading source files for package org.gluu.oxauth.model.common...
Loading source files for package org.gluu.oxauth.model.configuration...
Loading source files for package org.gluu.oxauth.model.crypto...
Loading source files for package org.gluu.oxauth.model.crypto.binding...
Loading source files for package org.gluu.oxauth.model.crypto.encryption...
Loading source files for package org.gluu.oxauth.model.crypto.signature...
Loading source files for package org.gluu.oxauth.model.discovery...
Loading source files for package org.gluu.oxauth.model.error...
Loading source files for package org.gluu.oxauth.model.exception...
Loading source files for package org.gluu.oxauth.model.fido.u2f...
Loading source files for package org.gluu.oxauth.model.fido.u2f.exception...
Loading source files for package org.gluu.oxauth.model.fido.u2f.message...
Loading source files for package org.gluu.oxauth.model.fido.u2f.protocol...
Loading source files for package org.gluu.oxauth.model.gluu...
Loading source files for package org.gluu.oxauth.model.jwe...
Loading source files for package org.gluu.oxauth.model.jwk...
Loading source files for package org.gluu.oxauth.model.jws...
Loading source files for package org.gluu.oxauth.model.jwt...
Loading source files for package org.gluu.oxauth.model.register...
Loading source files for package org.gluu.oxauth.model.session...
Loading source files for package org.gluu.oxauth.model.token...
Loading source files for package org.gluu.oxauth.model.uma...
Loading source files for package org.gluu.oxauth.model.uma.persistence...
Loading source files for package org.gluu.oxauth.model.uma.wrapper...
Loading source files for package org.gluu.oxauth.model.userinfo...
Loading source files for package org.gluu.oxauth.model.util...
Loading source files for package org.gluu.oxauth.model.ciba...
Loading source files for package org.gluu.oxauth.model.json...
Constructing Javadoc information...
Standard Doclet version 1.8.0_221
Building tree for all the packages and classes...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/AuthorizeErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/AuthorizeRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/AuthorizeResponseParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/CodeVerifier.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/CodeVerifier.CodeChallengeMethod.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/DeviceAuthorizationRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/DeviceAuthorizationResponseParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/DeviceAuthzErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/AuthenticationMethod.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/AuthorizationMethod.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/BackchannelTokenDeliveryMode.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/Display.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/GrantType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/HasParamName.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/Holder.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/Id.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/IdType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/IntrospectionResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/JSONable.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/PairwiseIdType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/ProgrammingLanguage.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/Prompt.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/ResponseMode.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/ResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/ScopeConstants.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/ScopeType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/SoftwareStatementValidationType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/SubjectType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/TokenType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/TokenTypeHint.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/WebKeyStorage.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/AppConfiguration.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/AuthenticationFilter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/AuthenticationProtectionConfiguration.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/BaseFilter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/CIBAEndUserNotificationConfig.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/ClientAuthenticationFilter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/Configuration.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/ConfigurationResponseClaim.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/CorsConfigurationFilter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/AbstractCryptoProvider.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/Certificate.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/CryptoProviderFactory.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/Key.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/KeyFactory.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/OxAuthCryptoProvider.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/OxElevenCryptoProvider.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/PrivateKey.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/PublicKey.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBinding.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingExtension.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingExtensionType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingID.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingKeyParameters.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingMessage.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingMessageParser.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingParseException.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingStream.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/TokenBindingType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/BlockEncryptionAlgorithm.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/KeyEncryptionAlgorithm.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/AbstractSigner.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/AlgorithmFamily.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/AsymmetricSignatureAlgorithm.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/ECDSAKeyFactory.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/ECDSAPrivateKey.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/ECDSAPublicKey.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/ECEllipticCurve.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/RSAKeyFactory.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/RSAPrivateKey.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/RSAPublicKey.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/SignatureAlgorithm.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/Signer.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/OAuth2Discovery.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/WebFingerLink.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/WebFingerParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/DefaultErrorResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/ErrorHandlingMethod.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/ErrorResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/IErrorType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/InvalidClaimException.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/InvalidJweException.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/InvalidJwtException.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/InvalidParameterException.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/SignatureException.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/DeviceRegistrationStatus.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/U2fConfiguration.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/U2fConstants.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/U2fErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/BadInputException.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/RegistrationNotAllowed.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/RawAuthenticateResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/RawRegisterResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/AuthenticateRequest.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/AuthenticateRequestMessage.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/AuthenticateResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/AuthenticateStatus.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/ClientData.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/DeviceData.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/RegisterRequest.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/RegisterRequestMessage.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/RegisterResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/RegisterStatus.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/GluuConfiguration.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/GluuErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/AbstractJweDecrypter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/AbstractJweEncrypter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/Jwe.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/JweDecrypter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/JweDecrypterImpl.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/JweEncrypter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/JweEncrypterImpl.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/KeyDerivationFunction.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/Algorithm.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/JSONWebKey.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/JSONWebKeySet.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/JWKParameter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/KeyType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/Use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/AbstractJwsSigner.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/ECDSASigner.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/HMACSigner.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/JwsSigner.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/PlainTextSignature.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/RSASigner.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/Jwt.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtClaimName.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtClaims.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtClaimSet.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtHeader.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtHeaderName.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtStateClaimName.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtSubClaimObject.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/JwtType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/PureJwt.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/ApplicationType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/RegisterErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/RegisterRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/RegisterResponseParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/EndSessionErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/EndSessionRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/EndSessionResponseParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/ClientAssertionType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/JsonWebResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/TokenErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/TokenRevocationErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/TokenRevocationRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/ClaimTokenFormatType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/JsonLogic.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/JsonLogicNode.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/JsonLogicNodeParser.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/PermissionTicket.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/RptIntrospectionResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/RptProfiles.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/RPTResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaConstants.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaMetadata.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaNeedInfoResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaPermission.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaPermissionList.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaResource.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaResourceResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaResourceWithId.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaScopeDescription.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaScopeType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/UmaTokenResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/UmaPermission.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/UmaResource.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/wrapper/Token.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/Schema.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/UserInfoErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/Base64Util.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/ByteUtils.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/CertUtils.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/HashUtil.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/JwtUtil.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/Pair.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/QueryBuilder.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/SecurityProviderUtility.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/StringUtils.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/SubjectIdentifierGenerator.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/URLPatternList.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/Util.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/BackchannelAuthenticationErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/BackchannelAuthenticationRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/BackchannelAuthenticationResponseParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/BackchannelDeviceRegistrationErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/FirebaseCloudMessagingRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/FirebaseCloudMessagingResponseParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/PushErrorRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/PushErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/PushTokenDeliveryRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/JsonApplier.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/PropertyDefinition.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/PropertyDefinition.ClassNames.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/overview-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/wrapper/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/wrapper/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/wrapper/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/constant-values.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/serialized-form.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/DeviceAuthzErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/DeviceAuthorizationResponseParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/DeviceAuthorizationRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/AuthorizeRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/AuthorizeErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/CodeVerifier.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/CodeVerifier.CodeChallengeMethod.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/class-use/AuthorizeResponseParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/SoftwareStatementValidationType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/ScopeType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/ScopeConstants.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/ResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/IntrospectionResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/GrantType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/BackchannelTokenDeliveryMode.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/WebKeyStorage.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/TokenTypeHint.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/TokenType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/SubjectType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/ResponseMode.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/Prompt.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/ProgrammingLanguage.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/PairwiseIdType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/JSONable.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/IdType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/Id.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/Holder.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/HasParamName.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/Display.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/AuthorizationMethod.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/class-use/AuthenticationMethod.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/ConfigurationResponseClaim.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/CIBAEndUserNotificationConfig.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/CorsConfigurationFilter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/Configuration.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/ClientAuthenticationFilter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/BaseFilter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/AuthenticationProtectionConfiguration.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/AuthenticationFilter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/class-use/AppConfiguration.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/CryptoProviderFactory.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/AbstractCryptoProvider.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/Certificate.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/PublicKey.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/PrivateKey.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/KeyFactory.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/Key.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/OxElevenCryptoProvider.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/class-use/OxAuthCryptoProvider.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingStream.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingParseException.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingMessageParser.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingMessage.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingKeyParameters.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingID.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingExtensionType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBindingExtension.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/class-use/TokenBinding.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/class-use/KeyEncryptionAlgorithm.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/class-use/BlockEncryptionAlgorithm.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/SignatureAlgorithm.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/AsymmetricSignatureAlgorithm.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/ECDSAKeyFactory.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/ECEllipticCurve.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/Signer.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/RSAPublicKey.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/RSAPrivateKey.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/RSAKeyFactory.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/ECDSAPublicKey.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/ECDSAPrivateKey.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/AlgorithmFamily.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/class-use/AbstractSigner.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/class-use/OAuth2Discovery.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/class-use/WebFingerParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/class-use/WebFingerLink.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/class-use/ErrorResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/class-use/DefaultErrorResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/class-use/IErrorType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/class-use/ErrorHandlingMethod.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/class-use/SignatureException.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/class-use/InvalidParameterException.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/class-use/InvalidJwtException.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/class-use/InvalidJweException.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/class-use/InvalidClaimException.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/class-use/U2fConfiguration.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/class-use/DeviceRegistrationStatus.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/class-use/U2fErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/class-use/U2fConstants.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/class-use/RegistrationNotAllowed.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/class-use/BadInputException.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/class-use/RawRegisterResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/class-use/RawAuthenticateResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/AuthenticateResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/RegisterStatus.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/RegisterResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/RegisterRequestMessage.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/RegisterRequest.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/DeviceData.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/ClientData.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/AuthenticateStatus.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/AuthenticateRequestMessage.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/class-use/AuthenticateRequest.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/class-use/GluuConfiguration.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/class-use/GluuErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/KeyDerivationFunction.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/JweEncrypterImpl.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/JweEncrypter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/JweDecrypterImpl.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/JweDecrypter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/Jwe.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/AbstractJweEncrypter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/class-use/AbstractJweDecrypter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/class-use/JSONWebKeySet.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/class-use/JSONWebKey.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/class-use/Use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/class-use/KeyType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/class-use/JWKParameter.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/class-use/Algorithm.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/class-use/ECDSASigner.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/class-use/RSASigner.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/class-use/PlainTextSignature.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/class-use/JwsSigner.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/class-use/HMACSigner.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/class-use/AbstractJwsSigner.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtHeader.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtClaims.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtClaimSet.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtClaimName.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/PureJwt.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtSubClaimObject.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtStateClaimName.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/JwtHeaderName.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/class-use/Jwt.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/class-use/RegisterRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/class-use/RegisterErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/class-use/RegisterResponseParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/class-use/ApplicationType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/class-use/EndSessionResponseParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/class-use/EndSessionRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/class-use/EndSessionErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/class-use/TokenErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/class-use/JsonWebResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/class-use/TokenRevocationRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/class-use/TokenRevocationErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/class-use/ClientAssertionType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaScopeDescription.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaMetadata.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaTokenResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaResource.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaPermission.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/JsonLogic.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaScopeType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaResourceWithId.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaResourceResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaPermissionList.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaNeedInfoResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/UmaConstants.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/RptProfiles.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/RptIntrospectionResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/RPTResponse.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/PermissionTicket.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/JsonLogicNodeParser.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/JsonLogicNode.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/class-use/ClaimTokenFormatType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/class-use/UmaResource.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/class-use/UmaPermission.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/wrapper/class-use/Token.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/class-use/UserInfoErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/class-use/Schema.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/QueryBuilder.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/CertUtils.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/HashUtil.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/JwtUtil.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/URLPatternList.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/SubjectIdentifierGenerator.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/SecurityProviderUtility.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/Pair.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/Util.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/StringUtils.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/ByteUtils.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/class-use/Base64Util.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/PushTokenDeliveryRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/PushErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/PushErrorRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/FirebaseCloudMessagingResponseParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/FirebaseCloudMessagingRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/BackchannelDeviceRegistrationErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/BackchannelAuthenticationResponseParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/BackchannelAuthenticationRequestParam.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/class-use/BackchannelAuthenticationErrorResponseType.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/class-use/PropertyDefinition.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/class-use/PropertyDefinition.ClassNames.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/class-use/JsonApplier.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/authorize/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/ciba/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/common/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/configuration/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/binding/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/encryption/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/crypto/signature/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/discovery/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/error/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/exception/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/exception/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/message/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/fido/u2f/protocol/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/gluu/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/json/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwe/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwk/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jws/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/jwt/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/register/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/session/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/token/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/persistence/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/uma/wrapper/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/userinfo/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/org/gluu/oxauth/model/util/package-use.html...
Building index for all the packages and classes...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/overview-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/index-all.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/deprecated-list.html...
Building index for all classes...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/allclasses-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/allclasses-noframe.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/index.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/overview-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs/help-doc.html...
8 errors
16 warnings
[ERROR] Error while creating javadoc report: 
Exit code: 1 - /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/common/ScopeType.java:33: warning: empty <p> tag
     * <p>
       ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:9: error: malformed HTML
 *    opaque signature<64..2^16-1>;  Signature over the concatenation
                      ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:9: error: bad use of '>'
 *    opaque signature<64..2^16-1>;  Signature over the concatenation
                                 ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:13: error: malformed HTML
 *    TB_Extension extensions<0..2^16-1>;
                             ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:13: error: bad use of '>'
 *    TB_Extension extensions<0..2^16-1>;
                                       ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingExtension.java:8: error: malformed HTML
 *     opaque extension_data<0..2^16-1>;
                            ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingExtension.java:8: error: bad use of '>'
 *     opaque extension_data<0..2^16-1>;
                                      ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingMessage.java:16: error: malformed HTML
 *     TokenBinding tokenbindings<132..2^16-1>;
                                 ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingMessage.java:16: error: bad use of '>'
 *     TokenBinding tokenbindings<132..2^16-1>;
                                             ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/fido/u2f/message/RawAuthenticateResponse.java:37: warning: no @return
	public byte getUserPresence() {
	            ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/fido/u2f/message/RawAuthenticateResponse.java:45: warning: no @return
	public long getCounter() {
	            ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/fido/u2f/message/RawAuthenticateResponse.java:52: warning: no @return
	public byte[] getSignature() {
	              ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:44: warning: no @return
    public JwtHeader setType(JwtType type) {
                     ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:63: warning: no @return
    public JwtHeader setAlgorithm(SignatureAlgorithm algorithm) {
                     ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:77: warning: no @return
    public JwtHeader setAlgorithm(KeyEncryptionAlgorithm algorithm) {
                     ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:96: warning: no @return
    public JwtHeader setKeyId(String keyId) {
                     ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/uma/UmaNeedInfoResponse.java:66: warning: no @param for clientId
    public String buildClaimsGatheringUrl(String clientId, String claimsRedirectUri) {
                  ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/uma/UmaNeedInfoResponse.java:66: warning: no @param for claimsRedirectUri
    public String buildClaimsGatheringUrl(String clientId, String claimsRedirectUri) {
                  ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/StringUtils.java:181: warning: no @param for length
    public static String generateRandomReadableCode(byte length) {
                         ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/StringUtils.java:181: warning: no @return
    public static String generateRandomReadableCode(byte length) {
                         ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/StringUtils.java:198: warning: no @return
    public static String generateRandomCode(byte seedLength) {
                         ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/Util.java:215: warning: no description for @return
     * @return
       ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/json/JsonApplier.java:152: warning: no @param for source
    public void transfer(Object source, Object target) {
                ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/json/JsonApplier.java:152: warning: no @param for target
    public void transfer(Object source, Object target) {
                ^

Command line was: /opt/java/jdk1.8.0_221/jre/../bin/javadoc @options @packages

Refer to the generated Javadoc files in '/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs' dir.

org.apache.maven.reporting.MavenReportException: 
Exit code: 1 - /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/common/ScopeType.java:33: warning: empty <p> tag
     * <p>
       ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:9: error: malformed HTML
 *    opaque signature<64..2^16-1>;  Signature over the concatenation
                      ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:9: error: bad use of '>'
 *    opaque signature<64..2^16-1>;  Signature over the concatenation
                                 ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:13: error: malformed HTML
 *    TB_Extension extensions<0..2^16-1>;
                             ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBinding.java:13: error: bad use of '>'
 *    TB_Extension extensions<0..2^16-1>;
                                       ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingExtension.java:8: error: malformed HTML
 *     opaque extension_data<0..2^16-1>;
                            ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingExtension.java:8: error: bad use of '>'
 *     opaque extension_data<0..2^16-1>;
                                      ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingMessage.java:16: error: malformed HTML
 *     TokenBinding tokenbindings<132..2^16-1>;
                                 ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/crypto/binding/TokenBindingMessage.java:16: error: bad use of '>'
 *     TokenBinding tokenbindings<132..2^16-1>;
                                             ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/fido/u2f/message/RawAuthenticateResponse.java:37: warning: no @return
	public byte getUserPresence() {
	            ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/fido/u2f/message/RawAuthenticateResponse.java:45: warning: no @return
	public long getCounter() {
	            ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/fido/u2f/message/RawAuthenticateResponse.java:52: warning: no @return
	public byte[] getSignature() {
	              ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:44: warning: no @return
    public JwtHeader setType(JwtType type) {
                     ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:63: warning: no @return
    public JwtHeader setAlgorithm(SignatureAlgorithm algorithm) {
                     ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:77: warning: no @return
    public JwtHeader setAlgorithm(KeyEncryptionAlgorithm algorithm) {
                     ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/jwt/JwtHeader.java:96: warning: no @return
    public JwtHeader setKeyId(String keyId) {
                     ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/uma/UmaNeedInfoResponse.java:66: warning: no @param for clientId
    public String buildClaimsGatheringUrl(String clientId, String claimsRedirectUri) {
                  ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/uma/UmaNeedInfoResponse.java:66: warning: no @param for claimsRedirectUri
    public String buildClaimsGatheringUrl(String clientId, String claimsRedirectUri) {
                  ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/StringUtils.java:181: warning: no @param for length
    public static String generateRandomReadableCode(byte length) {
                         ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/StringUtils.java:181: warning: no @return
    public static String generateRandomReadableCode(byte length) {
                         ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/StringUtils.java:198: warning: no @return
    public static String generateRandomCode(byte seedLength) {
                         ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/util/Util.java:215: warning: no description for @return
     * @return
       ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/json/JsonApplier.java:152: warning: no @param for source
    public void transfer(Object source, Object target) {
                ^
/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/src/main/java/org/gluu/oxauth/model/json/JsonApplier.java:152: warning: no @param for target
    public void transfer(Object source, Object target) {
                ^

Command line was: /opt/java/jdk1.8.0_221/jre/../bin/javadoc @options @packages

Refer to the generated Javadoc files in '/home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Model/target/site/apidocs' dir.

	at org.apache.maven.plugins.javadoc.AbstractJavadocMojo.executeJavadocCommandLine(AbstractJavadocMojo.java:5298)
	at org.apache.maven.plugins.javadoc.AbstractJavadocMojo.executeReport(AbstractJavadocMojo.java:2134)
	at org.apache.maven.plugins.javadoc.JavadocReport.generate(JavadocReport.java:134)
	at org.apache.maven.plugins.javadoc.JavadocReport.doExecute(JavadocReport.java:329)
	at org.apache.maven.plugins.javadoc.AbstractJavadocMojo.execute(AbstractJavadocMojo.java:1912)
	at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
	at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
	at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)
	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)
	at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
	at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)
	at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
	at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
	at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
	at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
	at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
[INFO] 
[INFO] --- maven-site-plugin:2.1.1:site (default-site) @ oxauth-model ---
[INFO]                                                                         
[INFO] ------------------------------------------------------------------------
[INFO] Building Persistence model 4.2.1.Final
[INFO] ------------------------------------------------------------------------
[WARNING] Failure to transfer net.minidev:json-smart/maven-metadata.xml from https://repo2.maven.org/maven2/org/bouncycastle was cached in the local repository, resolution will not be reattempted until the update interval of bouncycastle has elapsed or updates are forced. Original error: Could not transfer metadata net.minidev:json-smart/maven-metadata.xml from/to bouncycastle (https://repo2.maven.org/maven2/org/bouncycastle): repo2.maven.org
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ oxauth-persistence-model ---
[INFO] Deleting /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-persistence-model ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-persistence-model ---
[INFO] Compiling 10 source files to /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/classes
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-persistence-model ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-persistence-model ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ oxauth-persistence-model ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/src/test/resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ oxauth-persistence-model ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-persistence-model ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-persistence-model ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ oxauth-persistence-model ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/src/test/resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ oxauth-persistence-model ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-surefire-plugin:2.19.1:test (default-test) @ oxauth-persistence-model ---
[INFO] Tests are skipped.
[INFO] 
[INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ oxauth-persistence-model ---
[INFO] Building jar: /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/oxauth-persistence-model.jar
[INFO] 
[INFO] --- maven-jar-plugin:2.4:test-jar (default) @ oxauth-persistence-model ---
[WARNING] JAR will be empty - no content was marked for inclusion!
[INFO] Building jar: /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/oxauth-persistence-model-tests.jar
[INFO] 
[INFO] --- maven-install-plugin:2.3.1:install (default-install) @ oxauth-persistence-model ---
[INFO] Installing /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/oxauth-persistence-model.jar to /var/www/html/maven/org/gluu/oxauth-persistence-model/4.2.1.Final/oxauth-persistence-model-4.2.1.Final.jar
[INFO] Installing /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/pom.xml to /var/www/html/maven/org/gluu/oxauth-persistence-model/4.2.1.Final/oxauth-persistence-model-4.2.1.Final.pom
[INFO] Installing /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/oxauth-persistence-model-tests.jar to /var/www/html/maven/org/gluu/oxauth-persistence-model/4.2.1.Final/oxauth-persistence-model-4.2.1.Final-tests.jar
[INFO] 
[INFO] >>> maven-javadoc-plugin:3.0.1:javadoc (default-cli) > generate-sources @ oxauth-persistence-model >>>
[INFO] 
[INFO] <<< maven-javadoc-plugin:3.0.1:javadoc (default-cli) < generate-sources @ oxauth-persistence-model <<<
[INFO] 
[INFO] --- maven-javadoc-plugin:3.0.1:javadoc (default-cli) @ oxauth-persistence-model ---
[INFO] 
Loading source files for package org.oxauth.persistence.model...
Loading source files for package org.oxauth.persistence.model.base...
Loading source files for package org.oxauth.persistence.model.configuration...
Constructing Javadoc information...
Standard Doclet version 1.8.0_221
Building tree for all the packages and classes...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/ClientAttributes.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/PairwiseIdentifier.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/Scope.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/ScopeAttributes.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/SectorIdentifier.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/base/Entry.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/CustomProperty.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/GluuConfiguration.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/InumEntry.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/oxIDPAuthConf.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/overview-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/base/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/base/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/base/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/package-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/package-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/package-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/constant-values.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/serialized-form.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/class-use/ScopeAttributes.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/class-use/Scope.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/class-use/ClientAttributes.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/class-use/PairwiseIdentifier.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/class-use/SectorIdentifier.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/base/class-use/Entry.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/class-use/GluuConfiguration.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/class-use/oxIDPAuthConf.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/class-use/InumEntry.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/class-use/CustomProperty.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/base/package-use.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/org/oxauth/persistence/model/configuration/package-use.html...
Building index for all the packages and classes...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/overview-tree.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/index-all.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/deprecated-list.html...
Building index for all classes...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/allclasses-frame.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/allclasses-noframe.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/index.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/overview-summary.html...
Generating /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/persistence-model/target/site/apidocs/help-doc.html...
[INFO] 
[INFO] --- maven-site-plugin:2.1.1:site (default-site) @ oxauth-persistence-model ---
[INFO]                                                                         
[INFO] ------------------------------------------------------------------------
[INFO] Building oxAuth Client 4.2.1.Final
[INFO] ------------------------------------------------------------------------
[WARNING] Failure to transfer net.minidev:json-smart/maven-metadata.xml from https://repo2.maven.org/maven2/org/bouncycastle was cached in the local repository, resolution will not be reattempted until the update interval of bouncycastle has elapsed or updates are forced. Original error: Could not transfer metadata net.minidev:json-smart/maven-metadata.xml from/to bouncycastle (https://repo2.maven.org/maven2/org/bouncycastle): repo2.maven.org
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ oxauth-client ---
[INFO] Deleting /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/target
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-client ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/src/main/resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-client ---
[INFO] Compiling 87 source files to /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/target/classes
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-client ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/src/main/resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-client ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ oxauth-client ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 15 resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ oxauth-client ---
[INFO] Compiling 178 source files to /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/target/test-classes
[WARNING] /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/src/test/java/org/gluu/oxauth/ws/rs/WebKeysTest.java:[15,24] X509CertImpl is internal proprietary API and may be removed in a future release
[WARNING] /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/src/test/java/org/gluu/oxauth/ws/rs/WebKeysTest.java:[15,24] X509CertImpl is internal proprietary API and may be removed in a future release
[WARNING] /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/src/test/java/org/gluu/oxauth/ws/rs/WebKeysTest.java:[15,24] X509CertImpl is internal proprietary API and may be removed in a future release
[WARNING] /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/src/test/java/org/gluu/oxauth/ws/rs/WebKeysTest.java:[48,35] X509CertImpl is internal proprietary API and may be removed in a future release
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ oxauth-client ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /home/jenkins/.jenkins/jobs/oxAuth_4.2.1_LDAP/workspace/Client/src/main/resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ oxauth-client ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ oxauth-client ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 15 resources
[INFO] 
[INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @ oxauth-client ---
[INFO] Nothing to compile - all classes are up to date
[INFO] 
[INFO] --- maven-surefire-plugin:2.19.1:test (default-test) @ oxauth-client ---

-------------------------------------------------------
 T E S T S
-------------------------------------------------------
Running TestSuite
Invoked init test suite method 

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:13 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:14 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: authorizationRequestAlgA128KWEncA128GCM
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "request_object_encryption_alg" : "A128KW",
  "application_type" : "web",
  "userinfo_encrypted_response_enc" : "A128GCM",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "userinfo_encrypted_response_alg" : "A128KW",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "additional_audience" : [ ],
  "id_token_encrypted_response_alg" : "A128KW",
  "id_token_encrypted_response_enc" : "A128GCM",
  "oxIncludeClaimsInIdToken" : "true",
  "client_name" : "oxAuth test app",
  "request_object_encryption_enc" : "A128GCM",
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:14 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestAlgA256KWEncA256GCM
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "request_object_encryption_alg" : "A256KW",
  "application_type" : "web",
  "userinfo_encrypted_response_enc" : "A256GCM",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "userinfo_encrypted_response_alg" : "A256KW",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "additional_audience" : [ ],
  "id_token_encrypted_response_alg" : "A256KW",
  "id_token_encrypted_response_enc" : "A256GCM",
  "oxIncludeClaimsInIdToken" : "true",
  "client_name" : "oxAuth test app",
  "request_object_encryption_enc" : "A256GCM",
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:15 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestAlgRSA15EncA128CBCPLUSHS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "request_object_encryption_alg" : "RSA1_5",
  "application_type" : "web",
  "userinfo_encrypted_response_enc" : "A128CBC+HS256",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "userinfo_encrypted_response_alg" : "RSA1_5",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "additional_audience" : [ ],
  "id_token_encrypted_response_alg" : "RSA1_5",
  "id_token_encrypted_response_enc" : "A128CBC+HS256",
  "oxIncludeClaimsInIdToken" : "true",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "client_name" : "oxAuth test app",
  "request_object_encryption_enc" : "A128CBC+HS256",
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:15 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestAlgRSA15EncA256CBCPLUSHS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "request_object_encryption_alg" : "RSA1_5",
  "application_type" : "web",
  "userinfo_encrypted_response_enc" : "A256CBC+HS512",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "userinfo_encrypted_response_alg" : "RSA1_5",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "additional_audience" : [ ],
  "id_token_encrypted_response_alg" : "RSA1_5",
  "id_token_encrypted_response_enc" : "A256CBC+HS512",
  "oxIncludeClaimsInIdToken" : "true",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "client_name" : "oxAuth test app",
  "request_object_encryption_enc" : "A256CBC+HS512",
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:16 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestAlgRSAOAEPEncA256GCM
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "request_object_encryption_alg" : "RSA-OAEP",
  "application_type" : "web",
  "userinfo_encrypted_response_enc" : "A256GCM",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "userinfo_encrypted_response_alg" : "RSA-OAEP",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "additional_audience" : [ ],
  "id_token_encrypted_response_alg" : "RSA-OAEP",
  "id_token_encrypted_response_enc" : "A256GCM",
  "oxIncludeClaimsInIdToken" : "true",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "client_name" : "oxAuth test app",
  "request_object_encryption_enc" : "A256GCM",
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:16 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestDefault
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "oxIncludeClaimsInIdToken" : "true",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:16 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestES256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "oxIncludeClaimsInIdToken" : "true",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "ES256",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "ES256",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "ES256"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:16 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestES384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "oxIncludeClaimsInIdToken" : "true",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "ES384",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "ES384",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "ES384"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:16 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestES512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "oxIncludeClaimsInIdToken" : "true",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "ES512",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "ES512",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "ES512"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:16 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestHS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "oxIncludeClaimsInIdToken" : "true",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "HS256",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "HS256",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "HS256"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:16 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestHS384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "oxIncludeClaimsInIdToken" : "true",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "HS384",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "HS384",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "HS384"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:16 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestHS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "oxIncludeClaimsInIdToken" : "true",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "HS512",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "HS512",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "HS512"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:17 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestPS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "oxIncludeClaimsInIdToken" : "true",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "PS256",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "PS256",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "PS256"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:17 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestPS384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "oxIncludeClaimsInIdToken" : "true",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "PS384",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "PS384",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "PS384"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:17 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestPS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "oxIncludeClaimsInIdToken" : "true",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "PS512",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "PS512",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "PS512"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:17 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestRS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "oxIncludeClaimsInIdToken" : "true",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "RS256",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "RS256",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "RS256"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:17 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestRS384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "oxIncludeClaimsInIdToken" : "true",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "RS384",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "RS384",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "RS384"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:17 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestRS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "oxIncludeClaimsInIdToken" : "true",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "RS512",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "RS512",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "RS512"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:17 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:18 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:18 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: applicationTypeNativeSubjectTypePairwise
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "subject_type" : "pairwise",
  "application_type" : "native",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:18 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: applicationTypeNativeSubjectTypePublic
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "subject_type" : "public",
  "application_type" : "native",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:18 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: applicationTypeWeb
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:18 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: applicationTypeWebFail1
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "http://client.example.com/cb" ],
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 114
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:18 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "Value of one or more redirect_uris is invalid.",
    "error": "invalid_redirect_uri"
}

#######################################################
TEST: omittedApplicationType
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:18 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:18 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:18 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: tokenBindingWithImplicitFlow
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "oxAuthTrustedClient" : "true",
  "grant_types" : [ "password" ],
  "application_type" : "web",
  "id_token_token_binding_cnf" : "tbh",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ],
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 105
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:18 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The authorization server denied the request.",
    "error": "access_denied"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:18 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:18 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: accessTokenAsJwt
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "access_token_as_jwt" : "true",
  "application_type" : "web",
  "scope" : "openid profile address email phone user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ],
  "access_token_signing_alg" : "RS512",
  "client_name" : "access token as JWT test",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token", "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:19 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:19 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:19 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: spontaneousScope
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "allow_spontaneous_scopes" : true,
  "application_type" : "web",
  "scope" : "openid profile address email phone user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ],
  "client_name" : "Spontaneous scope test",
  "additional_audience" : [ ],
  "spontaneous_scopes" : [ "^transaction:.+$" ],
  "response_types" : [ "code", "id_token", "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:19 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:19 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:19 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "allow_spontaneous_scopes" : true,
  "grant_types" : [ "authorization_code", "implicit", "password", "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:uma-ticket", "urn:openid:params:grant-type:ciba", "urn:ietf:params:oauth:grant-type:device_code" ],
  "application_type" : "web",
  "scope" : "openid uma_protection profile address email phone user_name",
  "redirect_uris" : [ "https://cb.example.com" ],
  "client_name" : "UMA Spontaneous scope test",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 105
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:19 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The authorization server denied the request.",
    "error": "access_denied"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:19 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:19 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: authorizationCodeFlow
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email phone user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth select accounts test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:21 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:21 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:21 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: authorizationCodeDynamicScopeFlow
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name org_name work_phone",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:21 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationCodeFlow
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email phone user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:21 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationCodeFlowLoginHint
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:21 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationCodeFlowNegativeTest
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:21 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationCodeFlowWithOptionalNonce
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:21 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationCodeWithNotAllowedScopeFlow
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:21 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: revokeTokens
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:22 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:22 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:22 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: AuthorizationResponseCustomHeaderTest
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "oxAuthTrustedClient" : "true",
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:22 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: AuthorizationResponseCustomHeaderTest
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "oxAuthTrustedClient" : "true",
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:22 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: AuthorizationResponseCustomHeaderTest
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "oxAuthTrustedClient" : "true",
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:22 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: AuthorizationResponseCustomHeaderTest
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "oxAuthTrustedClient" : "true",
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:22 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: AuthorizationResponseCustomHeaderTest
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "oxAuthTrustedClient" : "true",
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:22 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: AuthorizationResponseCustomHeaderTest
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "oxAuthTrustedClient" : "true",
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:22 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: AuthorizationResponseCustomHeaderTest
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "oxAuthTrustedClient" : "true",
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:23 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:23 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:23 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: defaultResponseModeBasicCode
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:23 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: defaultResponseModeHybridCodeIdToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:23 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: defaultResponseModeHybridCodeIdTokenToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token", "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:23 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: defaultResponseModeHybridCodeToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:23 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: defaultResponseModeImplicitIdToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:23 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: defaultResponseModeImplicitIdTokenToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token", "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:24 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: formPostResponseModeBasicCode
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:24 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: formPostResponseModeHybridCodeIdToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:24 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: formPostResponseModeHybridCodeIdTokenToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token", "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:24 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: formPostResponseModeHybridCodeToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:24 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: formPostResponseModeImplicitIdToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:24 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: formPostResponseModeImplicitIdTokenToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token", "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:24 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: fragmentResponseModeBasicCode
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:24 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: fragmentResponseModeHybridCodeIdToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:25 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: fragmentResponseModeHybridCodeIdTokenToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token", "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:25 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: fragmentResponseModeHybridCodeToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:25 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: fragmentResponseModeImplicitIdToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:25 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: fragmentResponseModeImplicitIdTokenToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token", "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:25 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: queryResponseModeBasicCode
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:25 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: queryResponseModeHybridCodeIdToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:25 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: queryResponseModeHybridCodeIdTokenToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token", "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:25 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: queryResponseModeHybridCodeToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:26 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: queryResponseModeImplicitIdToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:26 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: queryResponseModeImplicitIdTokenToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token", "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:26 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:26 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:26 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: requestAuthorizationAccessToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:26 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationAccessTokenFail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:26 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationAccessTokenSubjectTypePublic
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "subject_type" : "public",
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:26 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationAccessTokenUserBasicAuth
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:27 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationCode
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:27 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationCodeFail1
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/authorize HTTP/1.1
Host: ce-dev5.gluu.org
Authorization: Basic dGVzdF91c2VyOnRlc3RfdXNlcl9wYXNzd29yZA==

response_type=code

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 187
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:27 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "reason": "client_id is empty or blank.",
    "error_description": "The client is not authorized to request an access token using this method.",
    "error": "unauthorized_client"
}

#######################################################
TEST: requestAuthorizationCodeFail2
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:27 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationCodeFail3
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/authorize HTTP/1.1
Host: ce-dev5.gluu.org

response_type=code&client_id=%40%211111%210008%21INVALID_VALUE&scope=openid+profile+address+email&redirect_uri=https%3A%2F%2Fce-dev5.gluu.org%2Foxauth-rp%2Fhome.htm&state=878b62b1-0384-43ee-991b-e52f46f9bd8b

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 401
Connection: Keep-Alive
Content-Length: 234
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:27 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "reason": "Unable to find client.",
    "error_description": "The client is not authorized to request an access token using this method.",
    "state": "878b62b1-0384-43ee-991b-e52f46f9bd8b",
    "error": "unauthorized_client"
}

#######################################################
TEST: requestAuthorizationCodeFail4
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:27 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationCodeIdToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:27 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationCodeIdTokenUserBasicAuth
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:28 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationCodeNoRedirection
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:28 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationCodeUserBasicAuth
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:28 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationCodeWithoutRedirectUri
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ],
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:28 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationCodeWithoutRedirectUriFail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "oxAuthTrustedClient" : "true",
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:28 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationCodeWithoutRedirectUriUserBasicAuth
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "oxAuthTrustedClient" : "true",
  "subject_type" : "public",
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ],
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:28 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationDenyAccessThenGrantAccess
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:28 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationIdToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:28 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationIdTokenUserBasicAuth
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:28 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationObjectUILocales
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:29 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationPromptConsent
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:29 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationPromptConsentTrustedClient
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "oxAuthTrustedClient" : "true",
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:29 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationPromptLogin
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:29 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationPromptLoginConsent
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:29 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationPromptLoginConsentTrustedClient
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "oxAuthTrustedClient" : "true",
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:29 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationPromptNoneFail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:29 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationPromptLoginConsent
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:29 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationPromptNoneTrustedClient
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "oxAuthTrustedClient" : "true",
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:30 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:30 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationTokenCode
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:30 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationTokenCodeIdToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:30 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationTokenCodeIdTokenUserBasicAuth
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:30 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationTokenCodeUserBasicAuth
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:30 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationTokenFail1
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/authorize HTTP/1.1
Host: ce-dev5.gluu.org
Authorization: Basic dGVzdF91c2VyOnRlc3RfdXNlcl9wYXNzd29yZA==

response_type=token&redirect_uri=https%3A%2F%2Fce-dev5.gluu.org%2Foxauth-rp%2Fhome.htm&state=48546770-ed67-4363-a62e-ee1d0b9c4c32

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 240
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:30 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "reason": "client_id is empty or blank.",
    "error_description": "The client is not authorized to request an access token using this method.",
    "state": "48546770-ed67-4363-a62e-ee1d0b9c4c32",
    "error": "unauthorized_client"
}

#######################################################
TEST: requestAuthorizationTokenFail2
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:31 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationTokenIdToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:31 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationTokenIdTokenUserBasicAuth
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:31 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationTokenUserBasicAuth
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:31 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationUILocales
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:31 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestAuthorizationWithoutScope
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:31 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:31 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:31 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: requestSessionIdAuthorizationCode1
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:31 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestSessionIdAuthorizationCode2
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:32 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:32 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:32 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: requestClientRegistrationWithCustomAttributes
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "oxAuthTrustedClient" : "true",
  "myCustomAttr1" : "29b5d77c-c812-4086-b7cf-d9f2b7d70d17",
  "grant_types" : [ "password" ],
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 105
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:32 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The authorization server denied the request.",
    "error": "access_denied"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:32 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:32 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: clientSecretBasicAuthenticationMethod
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "client_credentials" ],
  "application_type" : "web",
  "scope" : "openid profile address email clientinfo",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "client_secret_basic"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:32 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: clientSecretBasicAuthenticationMethodFail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "client_secret_basic"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:32 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: clientSecretJwtAuthenticationMethodHS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "client_credentials" ],
  "application_type" : "web",
  "scope" : "clientinfo",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "client_secret_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:32 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: clientSecretJwtAuthenticationMethodHS256Fail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "client_secret_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:32 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: clientSecretJwtAuthenticationMethodHS384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "client_credentials" ],
  "application_type" : "web",
  "scope" : "clientinfo",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "client_secret_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:33 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: clientSecretJwtAuthenticationMethodHS384Fail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "client_secret_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:33 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: clientSecretJwtAuthenticationMethodHS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "client_credentials" ],
  "application_type" : "web",
  "scope" : "clientinfo",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "client_secret_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:33 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: clientSecretJwtAuthenticationMethodHS512Fail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "client_secret_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:33 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: clientSecretPostAuthenticationMethod
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "client_credentials" ],
  "application_type" : "web",
  "scope" : "clientinfo",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "client_secret_post"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:33 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: clientSecretPostAuthenticationMethodFail1
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "client_secret_post"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:33 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: clientSecretPostAuthenticationMethodFail2
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "client_secret_post"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:33 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: clientSecretPostAuthenticationMethodFail3
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "client_secret_post"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:33 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: defaultAuthenticationMethod
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "client_credentials" ],
  "application_type" : "web",
  "scope" : "clientinfo",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:34 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: defaultAuthenticationMethodFail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:34 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodES256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "client_credentials" ],
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:34 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodES256Fail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:34 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodES384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "client_credentials" ],
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:34 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodES384Fail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:34 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodES512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "client_credentials" ],
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:34 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodES512Fail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:34 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodPS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "client_credentials" ],
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:35 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodPS256Fail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:35 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodPS384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "client_credentials" ],
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:35 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodPS384Fail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:35 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodPS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "client_credentials" ],
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:35 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodPS512Fail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:35 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodRS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "client_credentials" ],
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:35 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodRS256Fail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:36 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodRS384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "client_credentials" ],
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:36 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodRS384Fail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:36 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodRS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "client_credentials" ],
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:36 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: privateKeyJwtAuthenticationMethodRS512Fail
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "scope" : "clientinfo",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "token_endpoint_auth_method" : "private_key_jwt"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:36 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:36 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:36 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: requestClientInfoImplicitFlow
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:36 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClientInfoInvalidRequest
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/clientinfo HTTP/1.1
Host: ce-dev5.gluu.org



-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 273
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:36 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, uses more than one method for including an access token, or is otherwise malformed.",
    "error": "invalid_request"
}

#######################################################
TEST: requestClientInfoInvalidToken
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/clientinfo HTTP/1.1
Host: ce-dev5.gluu.org



-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 291
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "reason": "Unable to find grant object associated with access token.",
    "error_description": "The access token provided is expired, revoked, malformed, or invalid for other reasons. Try to request a new access token and retry the protected resource.",
    "error": "invalid_token"
}

#######################################################
TEST: requestClientInfoPasswordFlow
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "grant_types" : [ "password" ],
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 105
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The authorization server denied the request.",
    "error": "access_denied"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:37 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:37 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: authorizationCodeFlow
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email phone user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:37 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: testEncode1
#######################################################
#######################################################
TEST: testEncode2
#######################################################
#######################################################
TEST: testEncode3
#######################################################
#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:37 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:37 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: authorizationCodeFlow
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email phone user_name",
  "access_token_lifetime" : 3,
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:37 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:37 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:37 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: requestClientAssociate
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:37 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClientAssociateInBlackList
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://www.attacker.com" ],
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 114
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "Value of one or more redirect_uris is invalid.",
    "error": "invalid_redirect_uri"
}

#######################################################
TEST: testUrlPatterList
#######################################################
#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:37 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:37 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:37 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


#######################################################
TEST: OpenID Connect Configuration
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:38 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:38 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:38 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: enableClientToRestrictJavascriptOrigin
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "authorized_origins" : [ "https://ce.gluu.info:8443" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email phone user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:38 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:38 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:38 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: encodeClaimsInStateParameterAlgA128KWEncA128GCM
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:38 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterAlgA256KWEncA256GCM
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:38 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterAlgRSA15EncA128CBCPLUSHS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:38 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterAlgRSA15EncA256CBCPLUSHS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:38 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterAlgRSAOAEPEncA256GCM
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:38 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterES256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:39 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterES384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:39 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterES512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:39 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterHS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:39 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterHS384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:39 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterHS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:39 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterPS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:39 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterPS384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:39 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterPS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:40 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterRS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:40 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterRS384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:40 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: encodeClaimsInStateParameterRS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:40 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: jwtStateAlgA128KWEncA128GCMTest
#######################################################
Encrypted JWE State: eyJ0eXAiOiJKV1QiLCJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiQTEyOEtXIn0.Gm-uGVI0yixlZfeXKdxdpxsOKerLm2_o.E0cynWkxuEYTIdGO.wLDyjI3X7xE02DQ5cvGB-AY29TkxCzNGHtawI8g9xjnKtf5JH-1LlcffYrBW1HXyLMq6Cv_uZJ3yYG5E9A7ZHm-yurpFfzhdpJjhfGRago8PrJ1RewDByVkjM3DJkMt-wVJgcGJZ_MpyzCKrdoSvvnBmbzRatOHtcfNzvyqL2BnXDLgEHUX7ZwJNp1W_WYdPKhqxfzgegYwH1t4_1q0EktzEJom_Jvs8sy30W2bExEamnk5142oyd3XkrqmzIN68Es1sVVCHfIxp5z1KPAee_zNL2_Goefcp0-tYFeWqyC4WEEbSQy-0e691jS76bhbVn4NR6Sj16Q.pI7Sv_FGtKXEhKdiZnSc6A
#######################################################
TEST: jwtStateAlgA256KWEncA256GCMTest
#######################################################
Encrypted JWE State: eyJ0eXAiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiQTI1NktXIn0.6_leABvYz0NxnH52AAUV9x7yRpUEjet1cb65X7NFywfbS2TGp1pTJQ.cTgZJxcgiLWsupeJ._ywPI5CyKJ5Vb5nwj95w8wrEqdg4WDWnCYvZGDK4wJDTu4TsNbW_7k2K6LujTQKn0D-nFGwZ0HpWiUChd9y4Y_tK4ZgzfNUraTlNrc7Vl_RRUpMITRXl1aMRaLFDwSLfaMOUPQxNOxSvvH7SgWjpKcwBmkAOFhDML0IvSt7EzhBDnzANRxMp4yY_tW-jMVJ4RCChtO_O-PhxN4xPt_enxbJ9Ubz1v5NntJo1aq7PAjZkcJLeFcF6PhZfwuxalOqF2Cf-MzfwW9eO4wFaiLKkUpYV-QjjODD3i-zHo9Hjr_gRt6ev0rSl28pGu6NS7oh4R23p4ROzaQ.iyyTZFwg_9jJlNpLH1KnmA
#######################################################
TEST: jwtStateAlgRSA15EncA128CBCPLUSHS256Test
#######################################################
Encrypted JWE State: eyJraWQiOiI2ZmIxODU5YS01NGQ5LTQ3YzYtYTI5My05MmNlMmNlZTYzZTAiLCJ0eXAiOiJKV1QiLCJlbmMiOiJBMTI4Q0JDK0hTMjU2IiwiYWxnIjoiUlNBMV81In0.AiPIE0WQYxX1ON-NAjKVN3Yqwr00TjoWuSYLMxhFeq3z7yUgaddBUtOXFKbkwW0a78i-M5aKAvBh_hbYp2KHqNHeglJHYFogr71EYAdzDEN2B7AWpK53tyNYFjIA2o7kadwf5wesz7AZyug42DGjwQIHlgTVfTFrmrWhIB87Uh-kTStgL6EbIrKB6Sm0qGQNOuiZhnurgCWxOPTVBcAbj7AnYAvcEP11b8ylXD41ubTNchk3EFdSPc6b6SurD8-sJVrQkYANYnheOSVmTcb8b1Ce9g3fs7duvJgLiSsNh3CNB0FDZpCzVj5Ux3XPAWt8InABDfVrl9DHiOqN_dOTkQ.xbPYmHDFFI5F7WTeMohAhg.59XeQ-rfkAhQntz8BSdOanivf5XZ-UQf9zOdNNJ1GG0K3sIQA6H-EOpp40gZtIXIPlI9GbqK9Bhcgc0umwK7tYuWo_7Bem_DRm8DIkMXZEqhF1C-x1nisxTwhRDnAh0x53NJZmXqgH_yJ8HvtLnJ4Co8Rv7MN37W4QYMSBECHrQK8JQU3-4DHogZmPC1w6tkgMqLgxlfDJuP0A3gmv6duY1a9zbKnzLkbLT1wk7KTGmFNUsrEzL1irup42XBfDODqSnJiYRLGIcTMT5WgoRhWieVeI0qdsA3jBgvvN2ptfF5aXtODsfX2LggT_UVv-f_YByf9R4A52v-KchSl4q3ezDFN66ddo4Z-m-oSl8Q_3-eihd-PecmXaR86G9MRpi9g4-SE958_PIkFzFWkckZ4HwpkvU2Ej9YD5OlwzPoleg.utwZecIBvSuNB8hyleWFX4EIgj8hPRIC9xf-xDvwEqg
#######################################################
TEST: jwtStateAlgRSA15EncA256CBCPLUSHS512Test
#######################################################
Encrypted JWE State: eyJraWQiOiI2ZmIxODU5YS01NGQ5LTQ3YzYtYTI5My05MmNlMmNlZTYzZTAiLCJ0eXAiOiJKV1QiLCJlbmMiOiJBMjU2Q0JDK0hTNTEyIiwiYWxnIjoiUlNBMV81In0.ElCieD7Sk1-alEzOT2EhW2YnF1OxcurC-COtTs7EJcjh4Jza-cwrYYGdUjWbNiuGG7VxJlwLplMVQXmXiIty0OQW8uA3W4JqIuKEU7HeKAWo3FwUihvXHzmH0zoOpMFjt6V-gGT1h-hmYa_PoIJyJzFFWNkfdboW46h5MgiHhRtMoDclc6-rQWfCUqq67V76AANG1JBZcCSDikK3MKP3B4UbWnvVMg6MOKIelRiJFRtonAPQ4XIg4DVfw9w7es5DwfmD58NSePRDmNvCrOOFFZqn63qin8z6n3Q3WyDKNAwx2K69iMeU-4czkYL81Tl_iXRV-0-Z-C2jmuZ9OsETdQ.-igXHhWTM2B058-Jn3UZCA.AppTcJWOdg48_gEJF6qbVrMciwg4Y8CyxGlAFAeWOQQM5dl8Uw-6TafgIqDC-k8QPkLkZVPHB0hDK9_y0TLiVol--nCXYXcN2ZQUPRCpUbkR0BoxKw4nNQ0auMBNH6rDHLn2i9BgVfN76sG4QUPRWQ2yyqDDZysVlOjYGZ_6M1HO1YewnCD62sBiw7c38NrH3uKZmHhGpZlcWhy_dAKRRjnZFPw6ZTkF2TSZoJKmRsT2GRQWhtP34I5qc-gBasCO8229iz-LkI5F_eKNbIoLzijroEujGXeHmAKh4gnO6YMR-NHsvgBlH63yMTcLyn_tWdyop92f2SuJyhu_JZQ9IBA6Fxj0gLT0BKob72maKZvM1rJgEPt0f8sWevtF9Nky_4zAucvE3QOnWzoXAQuUX-kEHgFFclIQis0Yf0BRFd4.T44TZ5SaRRwXRQ17423xPrjEIs_b_AGO90U7odAFar9OlZtvy4C9FdHU-tkP8W41tx3_r-pY-FPESBB0T6XBWQ
#######################################################
TEST: jwtStateAlgRSAOAEPEncA256GCMTest
#######################################################
Encrypted JWE State: eyJraWQiOiI2ZmIxODU5YS01NGQ5LTQ3YzYtYTI5My05MmNlMmNlZTYzZTAiLCJ0eXAiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.mwqkcQV39e7viRGTtaEQUghMtZdLLI_66cBXE4hD46GMyirmZHIXqNzxi0EgFtexe5GbaSBu6SPmWvDqL3kVEk7WvmdV3DHOu7bz1VVion3JzHQAblbE2f3Jzak_HuizP5fjquk_ZBKX7rdXIEO38NcAIblioUZAY0gk5VtC0OH6u9jP9yKFn-8UxY_tEyPYZqnWrVHtcY7iSh0Gefy9DNzitpuSPk6hvzThxw5RlacMEjHul6TthaSnm4lsmrtXdKn4SaVD2aSS6bAa9p5OQIRSyOfB7OWQhrKDWlClsQTVAKODRFIJejKP7JUv6EEUvY5Ed-VxsMiBLrtlNHtUiw.bSHYMZyE5k0YadBa.-7k1QpHivETb1OEoCsz-55vYpyA7wwM4AQgwLv2Zv5uTuOj6SnFgW6i5gN6CA2E9zBoDjbD4pj0ZBhrWVjZ-B5kLOiT9zBfICMbsw9GerS1j7mZ0dBxg4BImaozAy0UmcIXdJiWw9h8Q9tOz9qpN_Y7qXHiY2C8suOOm97vTQOaaUcnPogByFaBBLk2D6Xe9nf-fZvkDD7FDbwVuIXwNbPqAt_FapdL85t41ZCuNJL9oH66fx95a923KF2sMOudVmuXzr3CmiBsOAaHV6JGPo3X1mYVc_pDmDkMj3cJ2SQvyXry2c5TbFTObpr4ishkRSAr2fQXt8SoS2NbxOmbvPzYTNCuXGutfQ7Jz4uM_cW6D-bCdn_-EhphBTDExrlcoE5ocfw5Dej5xlPzxl2F0TGS8Uw.Yd2XvkBXa7tm6S3lDoa7NQ
#######################################################
TEST: jwtStateES256Test
#######################################################
Signed JWS State: ewogICJraWQiIDogImE4YjYyYzlkLTY1ZWEtNDM4NC1hNDkxLWU1MjkyNGM0YTBlMyIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJFUzI1NiIKfQ.ewogICJraWQiIDogImE4YjYyYzlkLTY1ZWEtNDM4NC1hNDkxLWU1MjkyNGM0YTBlMyIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogIjg4MmZmNzllLTI3YTgtNGIzMS05NGNlLTAwYWVlNzAxYzM0OSIsCiAgImp0aSIgOiAiYzIyOWNhNmYtZWU2My00MjkzLWI1N2QtMGQ0NDAxMjY3N2UyIgp9.TF9l30OIl9NM-4-u-aKDWXCyRuM3EKykHn6bF1Mjpx2tCxW-iaT6tls5CZSpmEYyjz14THYbpUaLGicAzyvYtQ
#######################################################
TEST: jwtStateES384Test
#######################################################
Signed JWS State: ewogICJraWQiIDogIjBiMWEwMTlmLWZjZmItNGQzZC05ODFiLTE2YjQ1MzU1ZGZkZiIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJFUzM4NCIKfQ.ewogICJraWQiIDogIjBiMWEwMTlmLWZjZmItNGQzZC05ODFiLTE2YjQ1MzU1ZGZkZiIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogImNlNTg5NDU0LTZkZmItNGRlNC1iYTVhLWEyMTdlZDRiMWM3YSIsCiAgImp0aSIgOiAiMmY5NzllMmItMmJmYy00ZGJmLWFkZWUtMjBlNzVjOTdhZTI5Igp9.PVVTq6XX3eBz1pa5XpwRprusItqh4MNw4lJpftkqJ0c14iDiXcsA6TL6Mg7BtZJ2Be96nWIckWiGSpX1CZcHlMWTFMF0fmDvsRpo0diBWF2Wlu4YCjgGBTpwVz3jhgla
#######################################################
TEST: jwtStateES512Test
#######################################################
Signed JWS State: ewogICJraWQiIDogIjA3YzkxN2VmLTk0M2YtNGE5YS05NjFjLWQzY2JhMjhjODFkNSIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJFUzUxMiIKfQ.ewogICJraWQiIDogIjA3YzkxN2VmLTk0M2YtNGE5YS05NjFjLWQzY2JhMjhjODFkNSIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogIjM0Y2M1ZjdjLTg2MzItNGRkZi1hOWE2LWNlYWU3NDIzNGU3YiIsCiAgImp0aSIgOiAiM2U2MjZkOWYtYjQyYS00NzViLTkxZTQtMjk0Y2YwYmJlN2JjIgp9.AEWscv4qAe33a5A8HHIeTz-Oo3e8L5HKvEbK4LFPwFx0NGjfinhk2QVY8fbw1dIUj9Gt5R4opuUXZ090ZBTxHhK9AA2SuDZF7HO6t0vmEF6T1mlFesvP8I8G2oTaVag4ooyG4ADvT7Tw6C8LRyAifvxLL7nBl7tjADaKFGO7jbp8GnLF
#######################################################
TEST: jwtStateHS256Test
#######################################################
Signed JWS State: ewogICJ0eXAiIDogIkpXVCIsCiAgImFsZyIgOiAiSFMyNTYiCn0.ewogICJhZGRpdGlvbmFsX2NsYWltcyIgOiB7CiAgICAibW9yZSIgOiBbICJmb28iLCAiYmFyIiBdLAogICAgImxhc3RfbmFtZSIgOiAiUm9qYXMiLAogICAgImZpcnN0X25hbWUiIDogIkphdmllciIsCiAgICAiYWdlIiA6IDM0CiAgfSwKICAicmZwIiA6ICI5NGJhMzFkZC0yMzljLTQ1ZjAtOWM2Zi1jZWFhMzExNTQ2MDAiLAogICJqdGkiIDogImJkZDJhYjBhLTJhZWEtNDdlYS1iM2EwLWNhNGM2ZWU5NjJhMyIKfQ.rmHEooT_vKcdHYer1H8JD9HakSQuACB7GZJ-FDs7yXI
#######################################################
TEST: jwtStateHS384Test
#######################################################
Signed JWS State: ewogICJ0eXAiIDogIkpXVCIsCiAgImFsZyIgOiAiSFMzODQiCn0.ewogICJhZGRpdGlvbmFsX2NsYWltcyIgOiB7CiAgICAibW9yZSIgOiBbICJmb28iLCAiYmFyIiBdLAogICAgImxhc3RfbmFtZSIgOiAiUm9qYXMiLAogICAgImZpcnN0X25hbWUiIDogIkphdmllciIsCiAgICAiYWdlIiA6IDM0CiAgfSwKICAicmZwIiA6ICI0YjU2MGQ3My0xMTU3LTQyOGMtYTYwZi05YTExNDk5OGUwYTQiLAogICJqdGkiIDogIjYwYzU4ZmRmLWY2NTEtNDRhOS05YjViLWJlZjE0MDYxZjBmNSIKfQ.ZA00fq3jXou-SPlLyZSn8Ad6a1m4XbpNDw2bGlrOHgWTd-6_JX9CxI3yESsOHaMG
#######################################################
TEST: jwtStateHS512Test
#######################################################
Signed JWS State: ewogICJ0eXAiIDogIkpXVCIsCiAgImFsZyIgOiAiSFM1MTIiCn0.ewogICJhZGRpdGlvbmFsX2NsYWltcyIgOiB7CiAgICAibW9yZSIgOiBbICJmb28iLCAiYmFyIiBdLAogICAgImxhc3RfbmFtZSIgOiAiUm9qYXMiLAogICAgImZpcnN0X25hbWUiIDogIkphdmllciIsCiAgICAiYWdlIiA6IDM0CiAgfSwKICAicmZwIiA6ICJkODgzNDFlOS00MmZjLTRjMjctYjFiMS0yMjM2Nzg3NGVlNTEiLAogICJqdGkiIDogImRlZTMwODJhLWY4ZTEtNGM4YS05M2Q1LTRlODI4NjkxZGE5NiIKfQ.O7ayyGL9k1ZDb_60ffoUkfv7YiBTuqnGqtZeqd-79PbkiFQ6oNS92pi3UvMW_SC9Vnpbx_BdCiosq4h4W9_4Gg
#######################################################
TEST: jwtStateNONETest
#######################################################
Encoded State: ewogICJ0eXAiIDogIkpXVCIsCiAgImFsZyIgOiAibm9uZSIKfQ.ewogICJhZGRpdGlvbmFsX2NsYWltcyIgOiB7CiAgICAibW9yZSIgOiBbICJmb28iLCAiYmFyIiBdLAogICAgImxhc3RfbmFtZSIgOiAiUm9qYXMiLAogICAgImZpcnN0X25hbWUiIDogIkphdmllciIsCiAgICAiYWdlIiA6IDM0CiAgfSwKICAicmZwIiA6ICI4NjUzNTNiNy1lMGM3LTQxY2ItODBiZS01NTFjNDZhMTE5MDMiLAogICJqdGkiIDogImVkZDJhZTZmLTg4MTAtNDU1OS1hOGVjLTg2MGZhN2Y4Y2EyNyIKfQ.
#######################################################
TEST: jwtStatePS256Test
#######################################################
Signed JWS State: ewogICJraWQiIDogIjI5Y2VmNDA0LTU5ZGItNGFiOS04ZjVjLTZkYThkNTc4ZDEwNyIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJQUzI1NiIKfQ.ewogICJraWQiIDogIjI5Y2VmNDA0LTU5ZGItNGFiOS04ZjVjLTZkYThkNTc4ZDEwNyIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogImE3ZGM1ZTA3LWQxZTUtNGRiOC1hNGYwLTRiNWYwYWNjNWU3NyIsCiAgImp0aSIgOiAiMjljMjNhYmEtMWUxNS00Y2ZmLThmMmUtNDkwYzNmYzA5YzkwIgp9.SOXNCiSGjH2dNdNW_wACgri_B4ZvWXKjCnTzjuWhkquwqw1QD0IwyUUYUwB7usATotibVT0P5dTRckuFsfcLHF3KRBornClRSD_fGIBAjGRel5xdwWXhbR-Ekt9ahAZWYlrnp5O1j5ywtdAMSXSNDbrUwTI55VYt60q3PQ7e036wXdc3p74XHT54X4wIKAyHBuqqL8W8rGFerHppE9cuK3lOe1eOLVwRR7w1ZQOaWWX_NbIF_NYcqTXaxASQgIEiXp4huFgg2rnX6mWxDXVLOssydxmbQx4t5MCwBXfQTQAtFFIWGoifC80XJ6Qdn6pqZGc0LnUVPHZvMeYdl0YtYQ
#######################################################
TEST: jwtStatePS384Test
#######################################################
Signed JWS State: ewogICJraWQiIDogIjZiZDdjYzBjLWUxNzYtNGRhOS1iNjQ2LWZlNzc4MjM5M2RjMCIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJQUzM4NCIKfQ.ewogICJraWQiIDogIjZiZDdjYzBjLWUxNzYtNGRhOS1iNjQ2LWZlNzc4MjM5M2RjMCIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogImI5OTY5ZmQ3LWUzNTItNDc5NC1hNWUzLTY3YzIyYWYzOGQ3ZSIsCiAgImp0aSIgOiAiODk4YjM1YjQtNDU3MC00YjE4LTg2NzYtZWU2M2Y4YWE1ZThmIgp9.JOmZoP4QC8gIfDdMeCC6DtT0Y6aDL_iuPbYbmkupd_ab-vvn8f9G6CoQ1DtTwKTd_MBEUYnsrF80s8lMqOKQh5HDErZYisq-D0B1ZxFTdTMg2g2wy5eDBbBCsvnE2JeZAJdQFcCUz--TIybYTDkCI6NPtw-Sw5ZYdjX0HVs5pyXiQi_YAeWXSOm5qopLnr-NmINTHgB7jXO6DsGdTM8Eac-IRRGcdCqk1BVEDzH-Fln5-e4GExtq4o2hWeSaKWR4Oy6FBtE3UUHgPMl-YUaZeFW6562MiGGyh3Dmh2BMUBlNVKNrTzfP1NDzdqAEBhNkRqL1ur_PWgN7s6TwprUncA
#######################################################
TEST: jwtStatePS512Test
#######################################################
Signed JWS State: ewogICJraWQiIDogImE2MTRkNmFlLWU4MGYtNDY5YS1hMzA0LTUxYjliYmVmYzk1ZiIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJQUzUxMiIKfQ.ewogICJraWQiIDogImE2MTRkNmFlLWU4MGYtNDY5YS1hMzA0LTUxYjliYmVmYzk1ZiIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogIjhmZGY5ZWU3LTEwNDQtNDg3Ni04MjgyLWUzODY0YWI3M2FlZCIsCiAgImp0aSIgOiAiMzJlZTg3NTItNDBkYy00OTMwLTk5NWItYTYyNzQwNWMyMWY5Igp9.hzr3PDdjOPnlSAO3iD4Ow5CG2RU0ylnmOleVtBcOVVrb81_wXGhqaXAm7OLvE09I6vwuTbKeZEHuOXPbmZK77Xv4kvPJNoISzYnM_hzfgpZHDhoO-6NZNIR6ljXRmTJcyIkNF3qaHUWnX4le5zMrAkVcv3U7XaMecwDAKio-AcDluCbjAOzxbzkJR2Uzj6P7muQK68q8VWRKOgNV-WCq5JrQarxtHG9HtnlSUNMm8CkQcbMW2JgR7dNcCE7GFhVz0DYYD98xT0K8ZO_jlQ3jOcOTPa4XPamG8Rx8W9-wCbW8oC8rptX6cUzBzmjt6R3vl845AarLHswp7J3EfCmBPg
#######################################################
TEST: jwtStateRS256Test
#######################################################
Signed JWS State: ewogICJraWQiIDogIjZmYjE4NTlhLTU0ZDktNDdjNi1hMjkzLTkyY2UyY2VlNjNlMCIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJSUzI1NiIKfQ.ewogICJraWQiIDogIjZmYjE4NTlhLTU0ZDktNDdjNi1hMjkzLTkyY2UyY2VlNjNlMCIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogIjZlZTZiMGViLWY5YzgtNGMxMy1iMjllLTYzMzU1Yjk4MmUzMyIsCiAgImp0aSIgOiAiZGIyYWRlMmQtOTg2Yi00NzFlLTkxOTctNTU0N2E1ZTdkOTgwIgp9.AAcvWYYmgWX7CqZe-MiOqszN07zTLxk8qTOI7oJw_3uVEO3YKJoXuDaxl7ekR0_SIjGu3Gl6dABdzyLT_8-Ibe6GBkTzhj_t8sbt7xOEgV3-1jwOqMvVF48wG1GLprqWRd57LVq-faBcns6zvUHVqeVKtz17nW5Q7WwtfoHQ8qUgYkXB7vqWiAMbtQPuiecF420djwwH4iY-2Sedw35pepnIrgoSfWqeq8-ZyeXZrP9wIifmpBQbgODS90_kHNNZnmnCnbBpiI5fyaQBN8y63KmwY9YA2GWfgTBWGKeJvmS9f7gr90WkBjpNufBBXHVTr7hgC54nzcPpA6L5ZehiXw
#######################################################
TEST: jwtStateRS384Test
#######################################################
Signed JWS State: ewogICJraWQiIDogImE2OGM2MWRkLWY4ZjYtNGZhZi04NTViLWZiYmI4YmVlMDI4YSIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJSUzM4NCIKfQ.ewogICJraWQiIDogImE2OGM2MWRkLWY4ZjYtNGZhZi04NTViLWZiYmI4YmVlMDI4YSIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogIjg2M2MzMzdmLWJjZWItNDgzNy1iNjVhLWU2OGY0ZDUwZjdhMyIsCiAgImp0aSIgOiAiNzQ2NzRlNGEtNzJkYi00ZjVhLThkNDAtM2YwZGM3MjU0YmYxIgp9.AlCiKcQFA45YKvplOee9diuh7cUZU_q3flq4TfTan2j0zxIkoZszItMAUk8rTOopO7oB0cLDh_ZW4G-6Mh6Q1it4X-RSYZF78K3jYHgq3ESxITLJxxukLfYXeKaXhOfDjSdv_FgDVd5Kg8oC9pxnnW37Y5KPBA-0Jqm4_ckG7KEApkgApFBLMbftaBfIwjdqcqa_gGO2z5t8Wt7S9AaRsN-pT3nantXWBgHDGd1DnvdCYmFbjiOpcYcioWxB3q-8aWH2aq0W0jXYpSTP2XvS_X6OIxfVFThFq7dtHAHa9qJvuOcjDZs-FIx4Dtqmx3XcT6SaCJXZ7a7cMAE-W5sQSQ
#######################################################
TEST: jwtStateRS512Test
#######################################################
Signed JWS State: ewogICJraWQiIDogIjc5ZDEyZTY2LTBiYWEtNGI1OS04YThiLWJkMzE2NDI2MGJmNSIsCiAgInR5cCIgOiAiSldUIiwKICAiYWxnIiA6ICJSUzUxMiIKfQ.ewogICJraWQiIDogIjc5ZDEyZTY2LTBiYWEtNGI1OS04YThiLWJkMzE2NDI2MGJmNSIsCiAgImFkZGl0aW9uYWxfY2xhaW1zIiA6IHsKICAgICJtb3JlIiA6IFsgImZvbyIsICJiYXIiIF0sCiAgICAibGFzdF9uYW1lIiA6ICJSb2phcyIsCiAgICAiZmlyc3RfbmFtZSIgOiAiSmF2aWVyIiwKICAgICJhZ2UiIDogMzQKICB9LAogICJyZnAiIDogImMyYjlmYTE0LTFlNDEtNGJkNC04OWM2LWM5ZGI4MWIxZmVlNyIsCiAgImp0aSIgOiAiNDc1ZGQwNGMtOWI5Ni00ODUyLThmZmUtNzIzZTI4ZDA3YTQ1Igp9.bYm49_5wJFnRkP4-V-BFlyM-3T170Qtek4bYgfJ4wbokaJEBuHdl3PrVzEZkCYhwQHlC9iZzHvL6GHN4ra6jh454gN0IJ56fLSMMWhvEACVySpYGfrmQkeZq-N5ZGGKVK49io8X3AOxGVs_oUWc2eS4pCt4BjbPgUX57nFkFKr2TP5k9CBqC8PJ2zicWVVd8wW1JjHL87GfXc09aBmFYis3KScBVWrmYZinmaTRWf4U8k1sPyRSqodE-VgBtxAacDxHfkglCx_oo943tNedEQk3It2fc1G_mOXJoZGH50e_NF7zK-69-rIAlM9aDE7zx6ouHHFhglrYr8Dl3TOgG7w
#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:42 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:42 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: requestEndSession by id_token
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:42 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestEndSessionFail1
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /oxauth/restv1/end_session HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 175
Content-Type: text/plain;charset=utf-8
Date: Thu, 17 Sep 2020 18:24:42 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The provided id token (or access token) or session state are invalid or were issued to another client.",
    "error": "invalid_grant_and_session"
}

#######################################################
TEST: requestEndSessionFail2
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /oxauth/restv1/end_session HTTP/1.1?id_token_hint=INVALID_ACCESS_TOKEN&post_logout_redirect_uri=https%3A%2F%2Fclient.example.com%2Fpl&state=c04e884e-6238-4c68-b315-0fe8c5b4fea2 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 175
Content-Type: text/plain;charset=utf-8
Date: Thu, 17 Sep 2020 18:24:42 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The provided id token (or access token) or session state are invalid or were issued to another client.",
    "error": "invalid_grant_and_session"
}

#######################################################
TEST: requestEndSession by session_id
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "application_type" : "web",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:42 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:43 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:43 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:43 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:43 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:43 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:43 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:43 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:43 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:43 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:44 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:44 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:44 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code", "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:44 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "refresh_token" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:44 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "password" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 105
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:44 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The authorization server denied the request.",
    "error": "access_denied"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "client_credentials" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:44 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:44 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:45 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:45 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code", "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:45 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "refresh_token" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:45 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "password" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 105
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:45 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The authorization server denied the request.",
    "error": "access_denied"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "client_credentials" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:45 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:45 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:45 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:46 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code", "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:46 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "refresh_token" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:46 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "password" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 105
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:46 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The authorization server denied the request.",
    "error": "access_denied"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "client_credentials" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:46 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:46 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:46 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:46 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code", "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:47 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "refresh_token" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:47 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "password" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 105
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:47 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The authorization server denied the request.",
    "error": "access_denied"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "client_credentials" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:47 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:47 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:47 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:47 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code", "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:48 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "refresh_token" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:48 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "password" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 105
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:48 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The authorization server denied the request.",
    "error": "access_denied"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "client_credentials" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:48 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:48 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:48 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:48 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code", "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:48 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "refresh_token" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:49 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "password" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 105
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:49 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The authorization server denied the request.",
    "error": "access_denied"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "client_credentials" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:49 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:49 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:49 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:49 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code", "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:49 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "refresh_token" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:49 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "password" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 105
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:50 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The authorization server denied the request.",
    "error": "access_denied"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "client_credentials" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:50 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:50 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:50 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:50 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "authorization_code", "implicit" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:50 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "refresh_token" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:50 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "password" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 105
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:50 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The authorization server denied the request.",
    "error": "access_denied"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "client_credentials" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:50 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: grantTypesRestriction
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "post_logout_redirect_uris" : [ "https://client.example.com/pl" ],
  "grant_types" : [ "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "subject_type" : "pairwise",
  "application_type" : "web",
  "scope" : "openid profile address email user_name",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "code", "token", "id_token" ],
  "frontchannel_logout_uri" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:51 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:51 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:51 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: requestClaimsIndividuallyRequestObjectEncryptionAlgA128KWEncA128GCMUserInfoEncryptedResponseAlgA128KWEncA128GCM
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "request_object_encryption_alg" : "A128KW",
  "application_type" : "web",
  "userinfo_encrypted_response_enc" : "A128GCM",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "userinfo_encrypted_response_alg" : "A128KW",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "additional_audience" : [ ],
  "id_token_encrypted_response_alg" : "A128KW",
  "id_token_encrypted_response_enc" : "A128GCM",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "client_name" : "oxAuth test app",
  "request_object_encryption_enc" : "A128GCM",
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:51 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClaimsIndividuallyRequestObjectEncryptionAlgA256KWEncA256GCMUserInfoEncryptedResponseAlgA256KWEncA256GCM
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "request_object_encryption_alg" : "A256KW",
  "application_type" : "web",
  "userinfo_encrypted_response_enc" : "A256GCM",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "userinfo_encrypted_response_alg" : "A256KW",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "additional_audience" : [ ],
  "id_token_encrypted_response_alg" : "A256KW",
  "id_token_encrypted_response_enc" : "A256GCM",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "client_name" : "oxAuth test app",
  "request_object_encryption_enc" : "A256GCM",
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:51 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClaimsIndividuallyRequestObjectEncryptionAlgRSA1_5EncA128CBC_PLUS_HS256UserInfoEncryptedResponseAlgRSA1_5EncA128CBC_PLUS_HS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "request_object_encryption_alg" : "RSA1_5",
  "application_type" : "web",
  "userinfo_encrypted_response_enc" : "A128CBC+HS256",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "userinfo_encrypted_response_alg" : "RSA1_5",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "additional_audience" : [ ],
  "id_token_encrypted_response_alg" : "RSA1_5",
  "id_token_encrypted_response_enc" : "A128CBC+HS256",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "client_name" : "oxAuth test app",
  "request_object_encryption_enc" : "A128CBC+HS256",
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:51 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClaimsIndividuallyRequestObjectEncryptionAlgRSA1_5EncA256CBC_PLUS_HS512UserInfoEncryptedResponseAlgRSA1_5EncA256CBC_PLUS_HS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "request_object_encryption_alg" : "RSA1_5",
  "application_type" : "web",
  "userinfo_encrypted_response_enc" : "A256CBC+HS512",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "userinfo_encrypted_response_alg" : "RSA1_5",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "additional_audience" : [ ],
  "id_token_encrypted_response_alg" : "RSA1_5",
  "id_token_encrypted_response_enc" : "A256CBC+HS512",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "client_name" : "oxAuth test app",
  "request_object_encryption_enc" : "A256CBC+HS512",
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:51 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClaimsIndividuallyRequestObjectEncryptionAlgRSA_OAEPEncA256GCMUserInfoEncryptedResponseAlgRSA_OAEPEncA256GCM
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "request_object_encryption_alg" : "RSA-OAEP",
  "application_type" : "web",
  "userinfo_encrypted_response_enc" : "A256GCM",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "userinfo_encrypted_response_alg" : "RSA-OAEP",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "additional_audience" : [ ],
  "id_token_encrypted_response_alg" : "RSA-OAEP",
  "id_token_encrypted_response_enc" : "A256GCM",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "client_name" : "oxAuth test app",
  "request_object_encryption_enc" : "A256GCM",
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:51 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClaimsIndividuallyRequestObjectSigningAlgES256UserInfoSignedResponseAlgES256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "ES256",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "ES256",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "ES256"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:51 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClaimsIndividuallyRequestObjectSigningAlgES384UserInfoSignedResponseAlgES384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "ES384",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "ES384",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "ES384"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:52 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClaimsIndividuallyRequestObjectSigningAlgES512UserInfoSignedResponseAlgES512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "ES512",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "ES512",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "ES512"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:52 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClaimsIndividuallyRequestObjectSigningAlgHS256UserInfoSignedResponseAlgHS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "HS256",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "HS256",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "HS256"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:52 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClaimsIndividuallyRequestObjectSigningAlgHS384UserInfoSignedResponseAlgHS384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "HS384",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "HS384",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "HS384"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:52 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClaimsIndividuallyRequestObjectSigningAlgHS512UserInfoSignedResponseAlgHS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "HS512",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "HS512",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "HS512"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:52 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClaimsIndividuallyRequestObjectSigningAlgNoneUserInfoSignedResponsAlgNone
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "none",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "none",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "none"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:52 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClaimsIndividuallyRequestObjectSigningAlgNoneUserInfoSignedResponseJson
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "none",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "none"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:52 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClaimsIndividuallyRequestObjectSigningAlgRS256UserInfoSignedResponseAlgRS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "RS256",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "RS256",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "RS256"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:52 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClaimsIndividuallyRequestObjectSigningAlgRS384UserInfoSignedResponseAlgRS384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "RS384",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "RS384",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "RS384"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:52 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: requestClaimsIndividuallyRequestObjectSigningAlgRS512UserInfoSignedResponseAlgRS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "name nickname given_name family_name picture zoneinfo locale street_address locality region postal_code country",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "RS512",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "RS512",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "RS512"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:53 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:53 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:53 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: requestJwks
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /oxauth-client/test/resources/jwks.json HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 16938
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:53 GMT
Keep-Alive: timeout=5, max=100
Last-Modified: Wed, 13 Feb 2019 04:13:20 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "keys": [
        {
            "kid": "6fb1859a-54d9-47c6-a293-92ce2cee63e0",
            "kty": "RSA",
            "use": "sig",
            "alg": "RS256",
            "exp": 1581478254228,
            "n": "pA_HnIP3BVrR1cO1QiVRsbaoR_aSyCgkPUC1_Dpy_CXxZ8zKP2HW9O4uqNYIG8QMdEcCegqt8V6WfUcu0HAaMOR9onN9umltqvdEmVYHjdG-y5ty-AoyyK_Sa4tEnUez_RWOckTkE9JKGfHga97vZn1i33tmJO296rSa463xYEc5IagzgmGy-MkV9QuebF5Kr_b4bFHDVeD_Eo-ssCa6UjiH_QrAqC_WjVerNjoOlU6o3TIlIQt8HVREP1WmRK9wS0AutywOzK-zuH04q7sjQ-OorLx34Zm9lsM-dlO0qdA6h7UylYjZZwzPpzgjGWWLMjTP0FHrafGnpYd1JZQRAw",
            "e": "AQAB",
            "x5c": [
                "MIIDAzCCAeugAwIBAgIgZKkonoIOaFle80rYSyRw1Zv4pE6ISK1pObDKxNhyIk0wDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTAyMTIwMzMwNDRaFw0yMDAyMTIwMzMwNTRaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkD8ecg/cFWtHVw7VCJVGxtqhH9pLIKCQ9QLX8OnL8JfFnzMo/Ydb07i6o1ggbxAx0RwJ6Cq3xXpZ9Ry7QcBow5H2ic326aW2q90SZVgeN0b7Lm3L4CjLIr9Jri0SdR7P9FY5yROQT0koZ8eBr3u9mfWLfe2Yk7b3qtJrjrfFgRzkhqDOCYbL4yRX1C55sXkqv9vhsUcNV4P8Sj6ywJrpSOIf9CsCoL9aNV6s2Og6VTqjdMiUhC3wdVEQ/VaZEr3BLQC63LA7Mr7O4fTiruyND46isvHfhmb2Wwz52U7Sp0DqHtTKViNlnDM+nOCMZZYsyNM/QUetp8aelh3UllBEDAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAeS0U26UQBhpDwIA7KcxIAD/xq4kw+XTbZ8VerwbRUiqT0LrTscUXbzXC83Er7G0rWsx/hEDUwlxF3dt85HCw8RKwvhtQiFTkIsYteNRi04uIuEo8I8vmFe/gc4/odprdWG7rtvxPMFctJ7X+GN9BLUHUv5DO79bmDvtZ982Zq/D1LtcycDiDdcMqm79EYnmprkacspaqChK1Dfpjevl9ntcOKlTNIcr9wJPQZJpdXNT9x+WTnTud9m2+N26eweafrLWj186VEUvBEpBWn47oqB9pK34OwT8xHZwRS+ZqCkwNFtNTRvlTTjhuRK0vYdWo3ICyN55Qt5upQJnocCvTPQ=="
            ]
        },
        {
            "kid": "a68c61dd-f8f6-4faf-855b-fbbb8bee028a",
            "kty": "RSA",
            "use": "sig",
            "alg": "RS384",
            "exp": 1581478254228,
            "n": "kDbcPm7kNAKwr4UeDtp9rXDwt4Zr3ekARDTAzirCKHWCDkqdjhdlwKS9Ndybm_TFZshoE51WGiJGmwEOoXb-7QLpbME1Y9AjJXEeUIVVUc9ZGMQve8ODFawo9xsn3mmwEHJukhJ8j9QakNe-xj7vkxd79SHVsVwfY3o7RBmyZYRcGxfBgrapekAiGYngjHyx-CXlarkP4Rc3wMD0dUNeIlH9auAn5Usq0i1p5bOjmQ3n-0JjwYCEgF-4hLmQRW_rT82WuR4G1eCAbwxUuF0ooo2rtQ2NEVyy0XtbwYnj-fwh8c-xQHMmxL1Wh0FT6JG0r8DhLookReepKPyytvkvBw",
            "e": "AQAB",
            "x5c": [
                "MIIDAzCCAeugAwIBAgIgSz74G7jWHwUuk1jXILAyhR2sx+J2QkB1+L7xvGh8+jQwDQYJKoZIhvcNAQEMBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTAyMTIwMzMwNDRaFw0yMDAyMTIwMzMwNTRaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQNtw+buQ0ArCvhR4O2n2tcPC3hmvd6QBENMDOKsIodYIOSp2OF2XApL013Jub9MVmyGgTnVYaIkabAQ6hdv7tAulswTVj0CMlcR5QhVVRz1kYxC97w4MVrCj3GyfeabAQcm6SEnyP1BqQ177GPu+TF3v1IdWxXB9jejtEGbJlhFwbF8GCtql6QCIZieCMfLH4JeVquQ/hFzfAwPR1Q14iUf1q4CflSyrSLWnls6OZDef7QmPBgISAX7iEuZBFb+tPzZa5HgbV4IBvDFS4XSiijau1DY0RXLLRe1vBieP5/CHxz7FAcybEvVaHQVPokbSvwOEuiiRF56ko/LK2+S8HAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQwFAAOCAQEAPf7m4ZciJXDNchNydJYRjk+04d0FRIjFGvg2sAKelp6c809dVu8yd4Bz6CoAnS8Wcxh9zWYZWLxcoDmeY7C4/n84znT1V7gSJMPRSIGU81Mm09kolMkT4NgJ26GgUIou2rAsOKCNpbJ5pIHdFnaeb6q2XbgFReQBwnDqG2nLXNqiJoRa4c4VwCPMO06DS7ym1JmMIxSKEq57mUyY49fk5DmVTe860cRI5Y36/EQsoeyfFlo9o1sd5n+0qu+F9P8ZSE7bYQ2USDv//ODlVIGqL8nle+UPzmQYfQqsYzMjy0JOyfbxYqFhfwQt2Cv+jf10OBCGM3McO7jFyLKiPavUHQ=="
            ]
        },
        {
            "kid": "79d12e66-0baa-4b59-8a8b-bd3164260bf5",
            "kty": "RSA",
            "use": "sig",
            "alg": "RS512",
            "exp": 1581478254228,
            "n": "6cwmc6A0qSAfbRyQfsb3uc8WW4kPyKswpO6lsJobgQTVMj-RwjPz8Ugjell_buPXUqPW34GTRFqb9-6vvjdco9ps5GAgxLWgU31PucOiHNSuAtJsmarWjQ46q7v2Gum759Rk-0IK8vZKJxOQpACRxvUWbCxtfz8CTbSLE3Qs21XFm21FjVeCeLQeEnewd-gBz3heuwsA4xrX8xbkMtDtvHreM9bhGxZ3sMCYarRp0hjBTc-1bE9cTU8dh33Nnn75BkejUNK4DM5eqqlKypFxlDXS4LdSz0LImkYyJtx-lUbgguXvzH6OAYEgDlmO7SB1tUdVHFyuvUTqRgWYeilPfQ",
            "e": "AQAB",
            "x5c": [
                "MIIDBDCCAeygAwIBAgIhAOuZ0LKRIAUmP1h5BdzzRHu88ICE4U3r9m59e9qM4282MA0GCSqGSIb3DQEBDQUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTkwMjEyMDMzMDQ2WhcNMjAwMjEyMDMzMDU0WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6cwmc6A0qSAfbRyQfsb3uc8WW4kPyKswpO6lsJobgQTVMj+RwjPz8Ugjell/buPXUqPW34GTRFqb9+6vvjdco9ps5GAgxLWgU31PucOiHNSuAtJsmarWjQ46q7v2Gum759Rk+0IK8vZKJxOQpACRxvUWbCxtfz8CTbSLE3Qs21XFm21FjVeCeLQeEnewd+gBz3heuwsA4xrX8xbkMtDtvHreM9bhGxZ3sMCYarRp0hjBTc+1bE9cTU8dh33Nnn75BkejUNK4DM5eqqlKypFxlDXS4LdSz0LImkYyJtx+lUbgguXvzH6OAYEgDlmO7SB1tUdVHFyuvUTqRgWYeilPfQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQENBQADggEBAEdmQsaUHAn5mKbEMw4WI/cRBvrvQBypKMIyLGC3s0OMKk5QenVdD7rHexlBT/CQmQGx0yGh12d9SAfjSEYxd+1zjDOX4OHvssdsuff8tuwn/uLu/rXpUbvc17IulSz5L3HfMepBVZ59N1jhYvO8VNDaoW2l7BOYtvlU1fR5RvfY9vr4NW1IujSQXL2RVi+T3Mi1OXx3lO4gMChYQ6iKzcSOgEi9FzOLg5tBPLeGS1mj251qYPJ0hHQor/wvQG64sri0hkucvjuP/3Ls3ssmLGJ9wlcEWBj3WnjNB0SnVNXkmbhY6q4PbuQDTGoG9llwtGxZSFWJqsquYFG5NrcsSpE="
            ]
        },
        {
            "kid": "a8b62c9d-65ea-4384-a491-e52924c4a0e3",
            "kty": "EC",
            "use": "sig",
            "alg": "ES256",
            "exp": 1581478254228,
            "crv": "P-256",
            "x": "9LvaCQg9J193EZB90pFJyzkFEWshcx-Rt34z5vfYJdQ",
            "y": "akmZ3aHwJks4EpkSoVSwFZMtoPkLqhSbKqae2hWqnRY",
            "x5c": [
                "MIIBdjCCAR2gAwIBAgIgDorsje5HAehA8HhEghQa36AoYLO/OvguMNfmWl6HD7MwCgYIKoZIzj0EAwIwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTAyMTIwMzMwNDZaFw0yMDAyMTIwMzMwNTRaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT0u9oJCD0nX3cRkH3SkUnLOQURayFzH5G3fjPm99gl1GpJmd2h8CZLOBKZEqFUsBWTLaD5C6oUmyqmntoVqp0WoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwIDRwAwRAIgCj0ZkQG33+zTn1kITlRutcuhzUf/f0dqtn7w8qUjvJoCIEEwyhRmm15nW1tIeei2zycxt6yOeVSENnJGr0qVUTx9"
            ]
        },
        {
            "kid": "0b1a019f-fcfb-4d3d-981b-16b45355dfdf",
            "kty": "EC",
            "use": "sig",
            "alg": "ES384",
            "exp": 1581478254228,
            "crv": "P-384",
            "x": "SEEoZ_YvthDh4SnP76AVclQ0hwEC8fKAKWQHy3Wt6AXzAOKNC5H3GbZbw2LXNuRk",
            "y": "S8CZbi3rE7xyvgOPoaWWQx3uIkqOy-O3U1gkmcbFR9jfYrXwp2nCUmToyBNoYk2f",
            "x5c": [
                "MIIBtDCCATqgAwIBAgIgGAqDzf+1qz88ojb8XU7zz2yftnx7SdCrhRyMUBefbE4wCgYIKoZIzj0EAwMwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTAyMTIwMzMwNDZaFw0yMDAyMTIwMzMwNTRaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARIQShn9i+2EOHhKc/voBVyVDSHAQLx8oApZAfLda3oBfMA4o0LkfcZtlvDYtc25GRLwJluLesTvHK+A4+hpZZDHe4iSo7L47dTWCSZxsVH2N9itfCnacJSZOjIE2hiTZ+jJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDAwNoADBlAjEAxHNX5TCgNpd6PwYeMY+alRBQhWCETO+thJmkkUjx9nUUImGF2uPiXGmLH/TU3jo9AjBlePQrwY7AIQdlFaHHP9x/fmJ1fTCMZhBJZgrdnvEtazwMwllaW8dkkSuuUzOqBXk="
            ]
        },
        {
            "kid": "07c917ef-943f-4a9a-961c-d3cba28c81d5",
            "kty": "EC",
            "use": "sig",
            "alg": "ES512",
            "exp": 1581478254228,
            "crv": "P-521",
            "x": "rwhAT3MJHEj6TIxw45f__6Vxx8CczTay1VI-zBTbQpax6IJPb5vq3XE6ynfpiav9Mcut_Obm39LjXCWUeZWI4d8",
            "y": "ARddBGb2zwpHhjY2qsupi_ANVhD7j-WCVPbAIhph_JBjJ_uYosUbGpDe23nqoGcEflKsJ9mXdqPG1VdKT-ahdEln",
            "x5c": [
                "MIIB/jCCAWCgAwIBAgIgI7DudeXTxW69jo2ZhnkDBP4+JJTg6KALaSBIAl162tEwCgYIKoZIzj0EAwQwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTAyMTIwMzMwNDZaFw0yMDAyMTIwMzMwNTRaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACvCEBPcwkcSPpMjHDjl///pXHHwJzNNrLVUj7MFNtClrHogk9vm+rdcTrKd+mJq/0xy6385ubf0uNcJZR5lYjh3wEXXQRm9s8KR4Y2NqrLqYvwDVYQ+4/lglT2wCIaYfyQYyf7mKLFGxqQ3tt56qBnBH5SrCfZl3ajxtVXSk/moXRJZ6MnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMEA4GLADCBhwJBQBiGrG2YiVuqozFnYVPf3pWk/KaqPzPNy1Rn6eREut3L+dveNaru8+Okkb4Ehr6G56F8AnDbxdkkdFtScH2FmeMCQgC2Tf0FD102bBYqfvpG2xwaet4hMp3YLJrkUE7BEHPMhQSkNGfGIREy1VYRjJboP0p3SViPC/kr78jG6PAiWF1ClA=="
            ]
        },
        {
            "kid": "29cef404-59db-4ab9-8f5c-6da8d578d107",
            "kty": "RSA",
            "use": "sig",
            "alg": "PS256",
            "exp": 1581478254228,
            "n": "9KfoZHLGJ6F1nJMZBpg6NChobaUgSw3VJUnf5n7MiSU69S18tYmenjWz1U1y9cF5SGwDJrcC6CUWgAaUhBzR7X9J86aU5nkKKDrEluqrnMdU2j7cGaI7OvoRk_cwrhCgKm4RQg8rJUAeqcmEAKSJWnS5is08LSUnUX58phzWfSp0VHVhSFYfs14MQCesVKJMYLYXmJ64VVG6MHXI5yry5RIZrjubywQQlROvmcZTBiaZvWUg6EmgvYNiuQ-qiZFkla67SpqhnK54w06voDWALJzm_HZ736C8xYUkLTq-kRS2Y1iGUbGO24CkvyW61v87VlZ-pnDx7Q-aUmtslIzB1w",
            "e": "AQAB",
            "x5c": [
                "MIIDbDCCAiCgAwIBAgIhAMQu4s56tLJgB3wSZOHQqtgAPiFoZ7Z0OKo//aZO6skGMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMB4XDTE5MDIxMjAzMzA0N1oXDTIwMDIxMjAzMzA1NFowITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPSn6GRyxiehdZyTGQaYOjQoaG2lIEsN1SVJ3+Z+zIklOvUtfLWJnp41s9VNcvXBeUhsAya3AuglFoAGlIQc0e1/SfOmlOZ5Cig6xJbqq5zHVNo+3BmiOzr6EZP3MK4QoCpuEUIPKyVAHqnJhACkiVp0uYrNPC0lJ1F+fKYc1n0qdFR1YUhWH7NeDEAnrFSiTGC2F5ieuFVRujB1yOcq8uUSGa47m8sEEJUTr5nGUwYmmb1lIOhJoL2DYrkPqomRZJWuu0qaoZyueMNOr6A1gCyc5vx2e9+gvMWFJC06vpEUtmNYhlGxjtuApL8lutb/O1ZWfqZw8e0PmlJrbJSMwdcCAwEAAaMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIAOCAQEA8PURaiAkkcOhH2ANpPju19TF/x/XqefL6+aWINwrey1bUYP+5qReNaE/dBMg1INibPKiOX5hhcAVg9FFejJ6XZh1d5peKxLnVGv0AqEdrBKUNjoSzNwcZ6UwuqM++YmruyoVmOhPGss2Zl0Ygplq6Nc5MLDfF3OephXCa467d3R25adnCnVKyOZAdfpE5nlCEh2eJ+O/qLYBrNSOJu4MismPIrcJ320FyhN/kC6vMmnutT8SfTsi1CpV846GCK5VuON/kUNO28GuTZj+gJmKPaQ0jf4J/T0n2ZYifZFFBCPzkzeyrHqrFwHhdBw0WpK3zhwSAFJg9YtzHA8PmuT4qQ=="
            ]
        },
        {
            "kid": "6bd7cc0c-e176-4da9-b646-fe7782393dc0",
            "kty": "RSA",
            "use": "sig",
            "alg": "PS384",
            "exp": 1581478254228,
            "n": "wviHIZKUMcwcfXKNqqbYBwrYszNXdaT-W0qGbiwq3XcJxt__J8rCm9Cb2CcnSFwhk6xTbn5DsBfV1z7Tzn2_8uyVKnbez4qOg9B7CaLRsnypIhSYbIVI7zJaGDAcWCjffsIMQOIs2xIk9g81I37CiVuZRgLz_0sSz2Om3KWbA0q8-dSy2MC3S7rkaATiEiF_qG05kzkEOp5LJljks-Ef0ldaZcpLLjDbhjxGUDmjUmGWacp1UhpQGG-C721t42J5EpYYJpNDGCsmvFl11aU6QBzJDHtwTjyFNmDTvgzch-g4vQYgJSXnia-oCZ_vSazc3Yt_AXPUYnjfnyNwMxDaYQ",
            "e": "AQAB",
            "x5c": [
                "MIIDbDCCAiCgAwIBAgIhALzrpr/bOEqAPZmLrt+fYlvmugbwiXLx83uCg8JEqfz3MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMDAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMB4XDTE5MDIxMjAzMzA0N1oXDTIwMDIxMjAzMzA1NFowITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAML4hyGSlDHMHH1yjaqm2AcK2LMzV3Wk/ltKhm4sKt13Ccbf/yfKwpvQm9gnJ0hcIZOsU25+Q7AX1dc+0859v/LslSp23s+KjoPQewmi0bJ8qSIUmGyFSO8yWhgwHFgo337CDEDiLNsSJPYPNSN+wolbmUYC8/9LEs9jptylmwNKvPnUstjAt0u65GgE4hIhf6htOZM5BDqeSyZY5LPhH9JXWmXKSy4w24Y8RlA5o1JhlmnKdVIaUBhvgu9tbeNieRKWGCaTQxgrJrxZddWlOkAcyQx7cE48hTZg074M3IfoOL0GICUl54mvqAmf70ms3N2LfwFz1GJ4358jcDMQ2mECAwEAAaMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMAOCAQEAHy1zlkvBx2w+d97WgYvLD8Ow6BPFdaJM9b863nv1Q9IiCLm2f4coKffMdQL6k4sMmJiZrLtksC+3ZGG63tHF3EEf0XwBWSTMf/KDLllgH2BgsVNr05ErJgYBkPjN6UIem8HtKOdnuwfiHIe5VTsWj4zER5p+0/scaxDaG5iVWpnIcStfIn/gqeKXzdaJ/31A+x7T/63OQP0+3OcURnvvXbWDX/qGv2Ng8xkL2M94GEiI5n+NDRD/seGV9I1wAjmNLasRibFiM9BLufw70JBR32NjDy6OJKlhi+PjYWpX4VkCtUpNnWd4T67DWSTk3ikYJB5vDcWfSDsUu0HrYKCqfA=="
            ]
        },
        {
            "kid": "a614d6ae-e80f-469a-a304-51b9bbefc95f",
            "kty": "RSA",
            "use": "sig",
            "alg": "PS512",
            "exp": 1581478254228,
            "n": "xkghQQHeSXpHnBA0BTifw6uyopQv8De5y-CeS19qFJlvMGso5WyVRaV49eBd1gf4DhieLuHgO-JYQB0kkOqI1eJeHcyXjuvtUo0j3XLtnuMiLXM4Jasgr3rPftOGCTQ6Qx1QJMti1roHpi6apWSYBtqUdk6T7SZR4AMMPtvTt7cPlwmNzZzJ87hiietM_ZFAq_ASK5JRMxpfavwvJM8wiSxc8kqhGDKf9YR2y0LsAGQrZZN7cG1_elHaRKa1S8-KK6_o8_J7r5gfEvakDHQxR-5dLEG__6RO7S6ABCYuyzBsEM1v-oDjg6B9Ul4K557t1qyYCeqFBNq4bH-mn5L3Hw",
            "e": "AQAB",
            "x5c": [
                "MIIDazCCAh+gAwIBAgIgI44OWPu8pHXLDij/opsABC7pkNS6VR68uDT7biYTUvQwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgMFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgMFAKIDAgFAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTkwMjEyMDMzMDQ3WhcNMjAwMjEyMDMzMDU0WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkghQQHeSXpHnBA0BTifw6uyopQv8De5y+CeS19qFJlvMGso5WyVRaV49eBd1gf4DhieLuHgO+JYQB0kkOqI1eJeHcyXjuvtUo0j3XLtnuMiLXM4Jasgr3rPftOGCTQ6Qx1QJMti1roHpi6apWSYBtqUdk6T7SZR4AMMPtvTt7cPlwmNzZzJ87hiietM/ZFAq/ASK5JRMxpfavwvJM8wiSxc8kqhGDKf9YR2y0LsAGQrZZN7cG1/elHaRKa1S8+KK6/o8/J7r5gfEvakDHQxR+5dLEG//6RO7S6ABCYuyzBsEM1v+oDjg6B9Ul4K557t1qyYCeqFBNq4bH+mn5L3HwIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgMFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgMFAKIDAgFAA4IBAQAUI1JjaaYCpy5J+VvMjUfOMHO5n17pi+sgQ7z+7r1HjdS3O0cjC66ajb0fZJ+kLFs00Elm3N0M/Ep4K5ZDLOd0yafHG2pfVnhiSA7UQEtyCCtQ1M+rPC5hy8LPhyqtBPmVsiZoY3q7VWQGOVHnCo8kM8+BBJAYu+JeahaYYWiNJlwBf83E2d1I2HxlCSh2Wv4N54numgAaAvlbkXy42GJRd6ompXVrB8kTL6aWCtViRUFQn/A3pPzb+3f3Mh5ciNME/9VF70/hmR1stXq9vQ5rPaVvAcJ35mp76tiPfpBXTvWVbgmrvPluwKBHLz58THer23CObKPOlpTYWKAgqivw"
            ]
        },
        {
            "kid": "d91db51d-0e7f-4225-99e5-164444c12d1a",
            "kty": "RSA",
            "use": "enc",
            "alg": "RSA-OAEP",
            "exp": 1581478254228,
            "n": "8GKujCHozYW3GEgyJhqmSjvMl7oCReEKWp8_4epnGJILsm94lAKcuGJGl6BbUInEFU4-bgmk_W8Ctx97fUbiJai6eX4jrpt3Pkhp08MDM0ioYfker_1D25Nm5i3AO6tHalyCQz5X1hlafkD0IPR1wvOexrWCKqbilBLxruaXLFgZg9i7VJCFTQqAh4mwvhwfrY4G5pdkc--OeXqaiXaH-9bosO0mwhSQjh2wt-u7sG6SGKAI8b4UzJ45ybH6NZo_tyqFiQerGLdIYlEU256QepIcaNJcmhc4-Ks9ypY6kyuEFtRDPHlm5s71LVl1sUXIXEDtAEZMog1kLRVvcoxXUQ",
            "e": "AQAB",
            "x5c": [
                "MIIDAzCCAeugAwIBAgIgO5/Taz5BGl/TX3epaFhHWcykGU3lSH7EeZxV9HgUKw8wDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0xOTAyMTIwMzMwNDlaFw0yMDAyMTIwMzMwNTRaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwYq6MIejNhbcYSDImGqZKO8yXugJF4Qpanz/h6mcYkguyb3iUApy4YkaXoFtQicQVTj5uCaT9bwK3H3t9RuIlqLp5fiOum3c+SGnTwwMzSKhh+R6v/UPbk2bmLcA7q0dqXIJDPlfWGVp+QPQg9HXC857GtYIqpuKUEvGu5pcsWBmD2LtUkIVNCoCHibC+HB+tjgbml2Rz7455epqJdof71uiw7SbCFJCOHbC367uwbpIYoAjxvhTMnjnJsfo1mj+3KoWJB6sYt0hiURTbnpB6khxo0lyaFzj4qz3KljqTK4QW1EM8eWbmzvUtWXWxRchcQO0ARkyiDWQtFW9yjFdRAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEA0FGnejiZI2i4W6B7BJOCKRDo0weuzKrS//h3GdmR4ZkQ2xC6lVEgOYCsuFNHs5KXvrsbQobZs9UdtmcbADhTwGWhyi+oVq0si2EF/KPSfYZbHzvI1VJUSX5OlWrITRIIT9dJILmXwEUBhAj7/pIg97mreWG9Qq0a0LFsmsQr3sD2QtdMfr9YQE9tDk8/4rTLHjlyjJByBhvEnVVFWz/5tx1g9dc6v3HZJvhfwbvkidF9ohtYBgIWxT6IrGQeJsH1iR2KpYD0cbnLPp2AR3gIHjmQ7/FnLMofsXrKT2MWfZqxLp4Qrril78K6t7hWOfH0UpbtJlMuB3r8uPIu1SHnuw=="
            ]
        },
        {
            "kid": "a442f0ec-7237-40b3-b7f3-a6039f70d9bd",
            "kty": "RSA",
            "use": "enc",
            "alg": "RSA1_5",
            "exp": 1581478254228,
            "n": "y7_rLIQlY0MxDZlQmau79FsAXOVcQNGU7qENpCWSAbcBqOWqmUCJ81cXaw_NNUcGeLPNJC-6X6e-sxD-v7LMtb1fyEVkDjzaC28ZvvRTLLf8e6qYSV0OOghkzcK7dsAO8AvUC9EXACvinKUOZ6eUJkxiijkhhUYA1xFuuvGH1Cc9X3EvD7JrJ5QtN3EXREVFcTzy37tyZtS_yHphtIlm89mNOqhgbF_-9MLELXiKLo2DR3C-ioc50jTm5ykOVjQWMtaWbX_Z-IXQCyp-eaIohdC23EOt_zVFdUjqufDuMOSjeLUIKJqBU5odgaMlRAxFHao4kCeXcjm81mtPkjGRSQ",
            "e": "AQAB",
            "x5c": [
                "MIIDBDCCAeygAwIBAgIhAKcfQSUYx4+8lf4zfxC/JQeOovLkZJaUBxappGqNALR4MA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMTkwMjEyMDMzMDQ5WhcNMjAwMjEyMDMzMDU0WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7/rLIQlY0MxDZlQmau79FsAXOVcQNGU7qENpCWSAbcBqOWqmUCJ81cXaw/NNUcGeLPNJC+6X6e+sxD+v7LMtb1fyEVkDjzaC28ZvvRTLLf8e6qYSV0OOghkzcK7dsAO8AvUC9EXACvinKUOZ6eUJkxiijkhhUYA1xFuuvGH1Cc9X3EvD7JrJ5QtN3EXREVFcTzy37tyZtS/yHphtIlm89mNOqhgbF/+9MLELXiKLo2DR3C+ioc50jTm5ykOVjQWMtaWbX/Z+IXQCyp+eaIohdC23EOt/zVFdUjqufDuMOSjeLUIKJqBU5odgaMlRAxFHao4kCeXcjm81mtPkjGRSQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBAEVc/ZNZXcNKzYzBari8hyRLnkio5j6d/X6EbMtqqubaYAf2TUc1MAJXA+aB6Jc5b8JI+5gXzJv6LfFFlfP2SLu2OlSGlwPTVoTlBBHRVbCRWistY7IMrKJdkGDq9IzlrWDeoaoGHk069rpP5JyYHDko+2MuAQWH5rxryMKaMkzvRvxS4oqfYb2Na0+uDTQHc3oSFG8AOk20Ji3C6FlX6WC4AwykadGcxlgjGjcJU36XimajbsJfPcCvZCpmtdgMia09RizzARSjJWGBbEI0c137n96SGuNRYnSKO1E8K/Gsv3BU7cdhJO6jXOnCRW1HhWH3YUt6RFlqq0Dn9wPpsAo="
            ]
        }
    ]
}

#######################################################
TEST: requestJwks
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /oxauth/restv1/jwks HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:53 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "keys" : [ {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "sig",
    "crv" : "",
    "kid" : "642bc21e-877b-4c4f-8557-dc118e6d5107_sig_rs256",
    "x5c" : [ "MIIDBDCCAeygAwIBAgIhANbkrmLC/lBv9bXu27KOp1eZokEqmeoOohgAg2wlc/1dMA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTE1MjExMjU1WhcNMjAwOTE3MjIxMzA1WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAfYeT0r0rO3LnVq5FLUfT4FLsXWjztiuRdjxIXFFFFjMRkn9cUbBT9eL5ntYwO1DkeCQ42w4rmLqwPAS2trUSmpQ41wCN8lBIGL9FNz46hLWh6YY2Yz8AQOlaG9pLbnIkEwHWH5fn+JJyGePR9kCmUg5uZqhJfYeUADzanAyLtuPcwrbgZDNBg9Fq6/4girbmbehhrDoNxnhjT0cMlTHPqnnBxDLuRP4sRoYDTiUAvEXTM3NNX0uHxJGtYkwi1lIbCbArC7ewHGxR9OGUheRgvLCckw3KEApOFokePwNPIBW/FeZAAnhvMxUnGBQJBpYoSKWSAE0geD53ZmlqtrYQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBAAqtMwkqT96t+g3oHPlwgG5Q0zaRR4YL4Lm+5qmRzU8Y8Ph3Ng8Dg8QdDU0AgzL7BUn4tLy5PCBRng6mXKaT8Dh0ckJZpSWtICTNatJq6vQFjrYJvrKsX/4Me3DAWuGhUi5uvWo8Q4ZcawAzJyevqwV4EdQUlH9fUA6Af5uGMfmrCNuQ3Ags3rA7u5ni7Z1cxgFR8g4F6VZg8j8ninLC+fT4oX8/IASpKGSNEsXNl7IYI6Nqt2Auv8Bx/Owbr9i9ZmERJDvLqBWFzrt1j9mlynL8ZOpciwslHTo0ymabT38ORbwMmhBupQiJsmLy4nPYFrk/Ehd0+/So9jHg3B8laSQ=" ],
    "exp" : 1600380785143,
    "alg" : "RS256",
    "n" : "rAfYeT0r0rO3LnVq5FLUfT4FLsXWjztiuRdjxIXFFFFjMRkn9cUbBT9eL5ntYwO1DkeCQ42w4rmLqwPAS2trUSmpQ41wCN8lBIGL9FNz46hLWh6YY2Yz8AQOlaG9pLbnIkEwHWH5fn-JJyGePR9kCmUg5uZqhJfYeUADzanAyLtuPcwrbgZDNBg9Fq6_4girbmbehhrDoNxnhjT0cMlTHPqnnBxDLuRP4sRoYDTiUAvEXTM3NNX0uHxJGtYkwi1lIbCbArC7ewHGxR9OGUheRgvLCckw3KEApOFokePwNPIBW_FeZAAnhvMxUnGBQJBpYoSKWSAE0geD53ZmlqtrYQ"
  }, {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "sig",
    "crv" : "",
    "kid" : "c4b47ed2-bad4-4333-a190-4d7d4dafeefc_sig_rs384",
    "x5c" : [ "MIIDBDCCAeygAwIBAgIhALsLyDP1cR+K5lBJbgjlzz2v5P5AXPe20ElzIuz/LtI2MA0GCSqGSIb3DQEBDAUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTE1MjExMjU1WhcNMjAwOTE3MjIxMzA1WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6+9VRv5turba/2cI1WjUMarKHd9KQI7FLtTYPon+T07SzZa+P6bjigqLxWkJsQzYh7y9x88yXnyZiT/PrVuiScl5nxnlaXs6aL8tRfIbe+dQFr7B7hkukYVIrwdmhiFxiLhjVUxDI6QAJmQJTQVbBC05b9bdqLajo+iWh4io0JRht9FKKwaXCtEK7AgcwXAlRDDP2xo0b6uVT52AiUrdtB0Qr5uTg5+uR7UlYTzbi5OAjwez7xLNrtln+7qlB2sYLle7OcUOBxWZaRcJXsuX2N5cMrXM1uPuTLOO2Yj47yJy8yo2uwN1ALSPW06fn2a/OubXvJAhBgB7jGwcuTTJQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQEMBQADggEBAGp9Sck68FaEE4cTBPue622jEfeR5D8K9cRZ5Fipr2M4SsMbDP2qjdQJScTE9W6ErMaBpqQ+kaB/eVD64UNeKuqUHCV2USb0ZEpir+VPSno/8oo4bhIR8SLwE/jckQfmy5uM58bz3WJDcOXzcCZoNnqnYiiF98jxyMyw5GqUCW3FMB8od/GZGFigjKBHINt5qJO0Ptv/xh41wKrM4ye5hO8SJngUr3Z1RIQPPnHpd0DJK4PwSnrJufPgieqevflG6iVelLzkWcEn120aDykmbO3Z6Pwistf/o7mFoB8X2dMuOMsZ0temT3Q4spE1awDNTt2vlL3wdCF5+C/p8T7oxyQ=" ],
    "exp" : 1600380785143,
    "alg" : "RS384",
    "n" : "w6-9VRv5turba_2cI1WjUMarKHd9KQI7FLtTYPon-T07SzZa-P6bjigqLxWkJsQzYh7y9x88yXnyZiT_PrVuiScl5nxnlaXs6aL8tRfIbe-dQFr7B7hkukYVIrwdmhiFxiLhjVUxDI6QAJmQJTQVbBC05b9bdqLajo-iWh4io0JRht9FKKwaXCtEK7AgcwXAlRDDP2xo0b6uVT52AiUrdtB0Qr5uTg5-uR7UlYTzbi5OAjwez7xLNrtln-7qlB2sYLle7OcUOBxWZaRcJXsuX2N5cMrXM1uPuTLOO2Yj47yJy8yo2uwN1ALSPW06fn2a_OubXvJAhBgB7jGwcuTTJQ"
  }, {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "sig",
    "crv" : "",
    "kid" : "54d1a53d-dfc8-4924-a0b7-96f6021288a8_sig_rs512",
    "x5c" : [ "MIIDAzCCAeugAwIBAgIgB+nqEPZhrjmdau8J0Va7F9UkH+WIQrVuvVK94+DsvckwDQYJKoZIhvcNAQENBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTUyMTEyNTVaFw0yMDA5MTcyMjEzMDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJJckj0/YqTASUPktCtOgnDnJVv3nYSkmcYxsYt0VI+M2t0Psfx7J2w3E6v1t33PFs3I0wG+ohs+gNJwnXiZnAR4cchz02W+MWucmOJbUl7DesM0xoLgzwXU8PCebnrzjfMp5DMkMY2MibcLymDbUJbX6qvn2IxWiu7vYNiQCYU5wUv9iYyZhS9XnXLH8FCmHSOfc2heS0aw6t2Ah8e316R6FWBRSQj3WpKCznBFTo+ajw/ZDEsEG1BKJMV1pIo4l3pBTbKNaNLpWRI5RnXmeOpTD59mjakKrtjnlXhdN62OCm1XE+S16Hif7Lzjn/3IZBbMz/x8mqUK+ig21VlcEZAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQ0FAAOCAQEAGlU6julfqQe2ZFolVUqAbWWLa+A0IiMb5AQXRarfhPwYN5RrI8E0EFgxYLwhz8hb/2n6BvW8ZkO2RYPTMkV70WuSw5hKm2s7/fBDjsyw9fjY3k3phFnEWv8DBrWgf6uSZci06sY//J3O4eY1Mx77NdFDnJ4ztXfdJ6cKezoYL6DuiMeccm7pRHET7CcxIvay8xQoKmKC3QAVV/AKnPRvLNpZjz3s0x/efi5k3UFre/7vuQj4KHKBcNO/pwB2jeq9iEZvjN5ovukqznt07jhkJhQ+LTnZ6VzWp6kpKqkpZI3qEd1XOMkHAOTwjcZSI1Fo3OMr/cDF8cgyjEdohZKzSA==" ],
    "exp" : 1600380785143,
    "alg" : "RS512",
    "n" : "iSXJI9P2KkwElD5LQrToJw5yVb952EpJnGMbGLdFSPjNrdD7H8eydsNxOr9bd9zxbNyNMBvqIbPoDScJ14mZwEeHHIc9NlvjFrnJjiW1Jew3rDNMaC4M8F1PDwnm56843zKeQzJDGNjIm3C8pg21CW1-qr59iMVoru72DYkAmFOcFL_YmMmYUvV51yx_BQph0jn3NoXktGsOrdgIfHt9ekehVgUUkI91qSgs5wRU6Pmo8P2QxLBBtQSiTFdaSKOJd6QU2yjWjS6VkSOUZ15njqUw-fZo2pCq7Y55V4XTetjgptVxPkteh4n-y845_9yGQWzM_8fJqlCvooNtVZXBGQ"
  }, {
    "kty" : "EC",
    "use" : "sig",
    "crv" : "P-256",
    "kid" : "75af43a6-198a-4c6c-985e-63eefc0c9880_sig_es256",
    "x5c" : [ "MIIBeDCCAR6gAwIBAgIhAL+OqoLqhJylQEsokbxbYJ1dqolHxldDZob+PnTgncEnMAoGCCqGSM49BAMCMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTE1MjExMjU1WhcNMjAwOTE3MjIxMzA1WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEb/hefcbTulCThuvbx9/Ez+BEGdrmxXw9saMDcs3iiqu+shMVa37GeLMh2lf+YKjdj6ekRPeHqcsRvwqHAr5n/6MnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMCA0gAMEUCIDnJsLLmksiXbcWY2McsIn60Us9guy0VBuB7PXemfiwUAiEApOfHh8sB4wbBPRqvqFO2duHzlnEgYbO/AaRJ9SDlrdI=" ],
    "x" : "b_hefcbTulCThuvbx9_Ez-BEGdrmxXw9saMDcs3iiqs",
    "y" : "vrITFWt-xnizIdpX_mCo3Y-npET3h6nLEb8KhwK-Z_8",
    "exp" : 1600380785143,
    "alg" : "ES256"
  }, {
    "kty" : "EC",
    "use" : "sig",
    "crv" : "P-384",
    "kid" : "9dd3ac27-2bb9-41aa-a56f-0d10328c245b_sig_es384",
    "x5c" : [ "MIIBtDCCATqgAwIBAgIgTL8y1qCm4+VXyBDSIK5npeIQRBrX8F98ClFyDOSYzqcwCgYIKoZIzj0EAwMwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTUyMTEyNTVaFw0yMDA5MTcyMjEzMDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT3j3swNNHwD7bOec+Ugv/EH7wvFOjW10PBTbJKQ8/q9vPEc1McP8OHTduF4IB5JQR3+cgVnHIE/ZgC8dxKLSCRraElkrg4nNUwoSpJ13Jxb8Y+kyu76m8Lt5PVjYWCvjujJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDAwNoADBlAjEAyZABQovB108RoYI58rKRQcOG/EiGXmGFw0sFPd95HyNw3pppqmPRa8Krbfe4416sAjB7EsemWwthklKFEEO6ojXC+6g1eZd/LdgVNiJHPK3ELXgQRLXt1aIb+IdtzurHslk=" ],
    "x" : "9497MDTR8A-2znnPlIL_xB-8LxTo1tdDwU2ySkPP6vbzxHNTHD_Dh03bheCAeSUE",
    "y" : "d_nIFZxyBP2YAvHcSi0gka2hJZK4OJzVMKEqSddycW_GPpMru-pvC7eT1Y2Fgr47",
    "exp" : 1600380785143,
    "alg" : "ES384"
  }, {
    "kty" : "EC",
    "use" : "sig",
    "crv" : "P-521",
    "kid" : "373eb638-0d0a-4125-ae9f-f29d5caaec7d_sig_es512",
    "x5c" : [ "MIIB/jCCAWCgAwIBAgIgS8Niv9d7kHkb3czYU1yBDWQ65noQk8soJ9Hq5HuLxfIwCgYIKoZIzj0EAwQwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTUyMTEyNTVaFw0yMDA5MTcyMjEzMDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAB+L6mtst8RAt6z61Hm3m7qMOoJF/uSFDiF5kuTqYyWz6t50rNhZdzbbbDDH6p9/SVu/XJppXZemu4qakS88VkQeQBwHWtSZ2h5+GRn7ZqY/gQPjiILzpDfTSFjE1Yu7zZRrB16AIam/q9a05O8fm9TNRGmTTuOr6oybe5it6pRucN7gaMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMEA4GLADCBhwJCAKCJon8s6ZuctA1NwS57KlYS52HPTdmqqTH+4xcWGS4trEIYlpFKN3hOUvsE0aOo+zotIPdC9+VSPxcthIgqXLQ+AkEZJt5JT90HAw3eDq2cv5ZXhSAEeKZ8vzKT7oGdqilEENfIvcMNJQ/V/Ug0Oatgmo3v2oF1lwbKnl7ChTS/7tbqIQ==" ],
    "x" : "fi-prbLfEQLes-tR5t5u6jDqCRf7khQ4heZLk6mMls-redKzYWXc222wwx-qff0lbv1yaaV2XpruKmpEvPFZEHk",
    "y" : "cB1rUmdoefhkZ-2amP4ED44iC86Q300hYxNWLu82UawdegCGpv6vWtOTvH5vUzURpk07jq-qMm3uYreqUbnDe4E",
    "exp" : 1600380785143,
    "alg" : "ES512"
  }, {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "sig",
    "crv" : "",
    "kid" : "c720edf1-5390-4de6-8d4f-051e6ce3fd2a_sig_ps256",
    "x5c" : [ "MIIDbDCCAiCgAwIBAgIhALJFgUlxsaxydJmoomRa1+zmIrEOK6DgaRlWxS3vZKw8MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMB4XDTIwMDkxNTIxMTI1NloXDTIwMDkxNzIyMTMwNVowITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMl95GGmyQTIo9zaT6gda/wXhueNmcU5mpYwt54AbnlrqXVq/eWEqgZGsqB3cQhNwpvlNCW+P7y5lyNjBORhJttO8OHDSP+4zpGeWbf2HLVunLQtzwTKsP1g7TAAgzqrsOjB6Ge3nccrpj9ZEFT0nkdtaKpBSZ8XJSAXSUbWBTVIcBu1ovwcdhedDHXQwA08WL6K8Mk1yWqfeRuKIBaTy/f6murdgiu9o5jgzgAFtIox3ihQbEUbAjoaL3XQaHM0/K21T7ACELCi5rMU987YVnHvI37i2icUOuUqSlwH9itinWCo40SEt/1p4wJeREDnpzHp1qwTq1kWKaw51tKzNY0CAwEAAaMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIAOCAQEAOUau1aLVZ57nmcdN0XlaDmGxwzLDFgzLsRgSKYUTSVGku/28eonsE9hQhnBJ6NRPOXE2hbVkxTFS2h3+ymcaMTVCecK5Z+TqXx5ywK2R5dz5HU+STWweSJvmiqOX9jqBoFxtawvSpIyOfkzd9gz5DEmVpYbCRxVyUSZtAOB+UMXcMypH6dw/NrjS6ahDsolaFOqK2GEdsQIkuJA2VrHhjhkq6yAyQZsY5lrX8Du0aKrjvdIffshkZRiy8GZvoTsYihVzQR5YhiC3IVbW06v2ZMHepuJIbfx3a06ZPy0QiNPSnpsPpj+GAwN0SByZ78lJnNDnDRYpiST/icqVj/tjMA==" ],
    "exp" : 1600380785143,
    "alg" : "PS256",
    "n" : "yX3kYabJBMij3NpPqB1r_BeG542ZxTmaljC3ngBueWupdWr95YSqBkayoHdxCE3Cm-U0Jb4_vLmXI2ME5GEm207w4cNI_7jOkZ5Zt_YctW6ctC3PBMqw_WDtMACDOquw6MHoZ7edxyumP1kQVPSeR21oqkFJnxclIBdJRtYFNUhwG7Wi_Bx2F50MddDADTxYvorwyTXJap95G4ogFpPL9_qa6t2CK72jmODOAAW0ijHeKFBsRRsCOhovddBoczT8rbVPsAIQsKLmsxT3zthWce8jfuLaJxQ65SpKXAf2K2KdYKjjRIS3_WnjAl5EQOenMenWrBOrWRYprDnW0rM1jQ"
  }, {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "sig",
    "crv" : "",
    "kid" : "452c968d-f73c-4ab4-8d1f-68e7ede5e99f_sig_ps384",
    "x5c" : [ "MIIDazCCAh+gAwIBAgIgGkrH/gsHo1CK6iGI2axgLGrVxAOwKvHl56Mq595RxzQwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIDAgEwMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTE1MjExMjU2WhcNMjAwOTE3MjIxMzA1WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsozjmnHE0ApNY+XTIo18KQy2eoLI04OJOIBMPXITUhYRDPEPyDF9N/XxvsPLIf+2M8x5n63JSjsh8wxlicPUx4O+v6ob+ANF3f9z9ZMJPmMIkVUB1SRvGcNWZnrSio5m8srNPK9xl9FR6gKcHMZF8Wbf4spf5mp9qtJ320bHsIJg7jIA8V4FBCvPmlpOUkFOcgF8oqBpjt1S3OfyTmdDuCj37VjzRVTDv5lTRFmXlbWj4DAGNuD2fdnjoZLrLBrhqsUm2iht5l9cFlF30yJqBeDCvwQwW57mHh0ufE0relQx6KDtUKXYpl2P3DJAG+LWomV5VSdmibTmqRbNNFaKPQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIDAgEwA4IBAQCNe9KOrQ03y0gQGWXpWvMUOViEMvtycCeTUEyeV0/WpfANbtTKguBrMcHRm7Ym6k6ZeZBzUU84mN2u2gyXsscVil5vkPOlno8UuITRl8MwAWxnZPVVRdn7S/qH7Mp5Byb0zJzKAqTPdkwa1rp4ocxEKSS2EaG/29icnK//dK7ZNi0wOn/qNfFKmWxcyqHxEwDe+AREkGr4hqL3E9pHw9nfp5pe0aqrZrtq9ch5QfOb73uKY2vTwIF5gQWSH0kaK0j5lOpEvvcx4nLjGbDthEl4Wrwj17VYEtRRAwOkYkBLHg3GewLTsoEj1ycvS5gBYQjho3xUFlDkCYgvdoqn8Bvq" ],
    "exp" : 1600380785143,
    "alg" : "PS384",
    "n" : "sozjmnHE0ApNY-XTIo18KQy2eoLI04OJOIBMPXITUhYRDPEPyDF9N_XxvsPLIf-2M8x5n63JSjsh8wxlicPUx4O-v6ob-ANF3f9z9ZMJPmMIkVUB1SRvGcNWZnrSio5m8srNPK9xl9FR6gKcHMZF8Wbf4spf5mp9qtJ320bHsIJg7jIA8V4FBCvPmlpOUkFOcgF8oqBpjt1S3OfyTmdDuCj37VjzRVTDv5lTRFmXlbWj4DAGNuD2fdnjoZLrLBrhqsUm2iht5l9cFlF30yJqBeDCvwQwW57mHh0ufE0relQx6KDtUKXYpl2P3DJAG-LWomV5VSdmibTmqRbNNFaKPQ"
  }, {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "sig",
    "crv" : "",
    "kid" : "ab64f891-9d32-4381-82da-5185c0edf284_sig_ps512",
    "x5c" : [ "MIIDbDCCAiCgAwIBAgIhAJHz1slYW1T8VXHvS7zW4MGSOh23yhND2qRo2pkbX8EuMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIDBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIDBQCiAwIBQDAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMB4XDTIwMDkxNTIxMTI1NloXDTIwMDkxNzIyMTMwNVowITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRJXpMDSusaSBu8wVChAJHWpA8LMIfLVi4dVLpz4fjLzJBew/Wt10g0HveQPp5SE++tmkNp+8g2Hg1KBTIw0PT33bUxdxVfgHhwN3g9kwnQ9/OvSGNR8VxtoCIstNuYhbiV6HUxoXMia4QmZ0mN4IkOjx81mlOgRs603//rztfykMfY276OPLsddowKi5UVdXDBGRSRBP9NFJ/z0rDAWsAe55dBOglsmpjTqNYQOeC4jroECnOqWyZEmctULjfl2ksc3oiWmYG/uk2FsflR1dR+qE5Gd0RAXCndmKG+ULg1jk+xWrzaNmKYXtPoqllOGHtrPmvPc2z29lqzfjiEwTMCAwEAAaMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIDBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIDBQCiAwIBQAOCAQEAZTnN3PW5B2g9tea3Lk9AcH8KDVHCkiSKtVjLHW2ZVmc8fI4MR95Vj/0xZnsz9l+b/Ex52ZAaBS8iBMErA/yE7ba5++X+SnzSk9JFrNqV9BBpRm1YFa/RXQ0FeAXTelaEHezrn9polEXmATwV554MBCcxhQrqNLfad3UwTJkFvmDtUPqcRXrqzk7kVLb1POuDnK8szRT2CJVWsdahl6Q2RhZrMUGVVpi2J2qc7dqsRtAx4pyw+M3p/yhRW6OGrOSM3eDsl0vzgfIOC80VQxFyWjntAQs6vUHjkchDcyfqGz7RIbBeH7ohbor4E0vLYUv6qW5udJjnG+ijxKkiPsiLHQ==" ],
    "exp" : 1600380785143,
    "alg" : "PS512",
    "n" : "xElekwNK6xpIG7zBUKEAkdakDwswh8tWLh1UunPh-MvMkF7D9a3XSDQe95A-nlIT762aQ2n7yDYeDUoFMjDQ9PfdtTF3FV-AeHA3eD2TCdD3869IY1HxXG2gIiy025iFuJXodTGhcyJrhCZnSY3giQ6PHzWaU6BGzrTf_-vO1_KQx9jbvo48ux12jAqLlRV1cMEZFJEE_00Un_PSsMBawB7nl0E6CWyamNOo1hA54LiOugQKc6pbJkSZy1QuN-XaSxzeiJaZgb-6TYWx-VHV1H6oTkZ3REBcKd2Yob5QuDWOT7FavNo2Yphe0-iqWU4Ye2s-a89zbPb2WrN-OITBMw"
  }, {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "sig",
    "crv" : "",
    "kid" : "34a4e220-2110-4544-b975-3b3b311c01ec_sig_rsa1_5",
    "x5c" : [ "MIIDAzCCAeugAwIBAgIgK2L8NuIPbVEIFE4QHZLvujASzZogKLs/UVICW5hMojkwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTUyMTEyNTdaFw0yMDA5MTcyMjEzMDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc8IsTjLurVZkM+pjimxKpIJdbOkAvIVLRD3mUnW2XOqxw9HQJL27NwQ3qTD6it0Kji6mYrrm73gPSM62rISpI2cjyPP0RYTXJB8qCoBYpU+D6cVmGSI74z9jY5oZoR9qTfjH3Lzupegz0FTwkkoCWUmkK6ByHelvanThc5Owv0c9DPFvuVlcmc59+HapDO/j4rvJWEK39p/LKM8hUmNLlS41OH3zdAnH86rG1wrGraW3o8cZ3Tx8uwxG3zRed3JRb8LYq2PEUzaMgKvAIUsyFuOr9AHGT30pTBx6MNuu/alG0YueR4krmJUNGMxNoJdSpBe74QTdKTjHhd3Z+8UmTAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEADnTd4X2Xn1thV0HuyqKFiGNKGMCPD7CF1+ID4hGuBgifzMUW7rh1HVqqnqMwbWthKjCU2DR7HbZo9wfiVlbdGAuO+Jaswyok0SrEZGh+opsdg+bIxTAxu64YJAxasMQl0t0OE+mw+B15jrzt+btjZmNMmhvS3hBFxpA8xWqmqhJ0UKJu9znH6HtSwf53wPe6gCGLeYaI6FahC99+jIBClArkc5IPbDHtyPv9zPtiB2jXAHl7pT1WP3LUefAnnq4cRasJxOzXlHpXeSMjZUvIdWrVX/HC5ro5P2s7Pdq7HDqcCN1lSWG26qApTbFosipC2oN0ENXsJic6/oY5naqNYA==" ],
    "exp" : 1600380785143,
    "alg" : "RSA1_5",
    "n" : "nPCLE4y7q1WZDPqY4psSqSCXWzpALyFS0Q95lJ1tlzqscPR0CS9uzcEN6kw-ordCo4upmK65u94D0jOtqyEqSNnI8jz9EWE1yQfKgqAWKVPg-nFZhkiO-M_Y2OaGaEfak34x9y87qXoM9BU8JJKAllJpCugch3pb2p04XOTsL9HPQzxb7lZXJnOffh2qQzv4-K7yVhCt_afyyjPIVJjS5UuNTh983QJx_OqxtcKxq2lt6PHGd08fLsMRt80XndyUW_C2KtjxFM2jICrwCFLMhbjq_QBxk99KUwcejDbrv2pRtGLnkeJK5iVDRjMTaCXUqQXu-EE3Sk4x4Xd2fvFJkw"
  }, {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "sig",
    "crv" : "",
    "kid" : "bd989804-f0ab-4cb9-9311-8b6cb435c822_sig_rsa-oaep",
    "x5c" : [ "MIIDAzCCAeugAwIBAgIgF9eVMALd8LSK01M0lcCso/lqv3p3IDoZ+h8ZlC6jZdYwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTUyMTEyNTdaFw0yMDA5MTcyMjEzMDVaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUtuAqs1gRCIKRp4KBD56ZDYdUwPO4UVKrmhDTT4MNLuB/t96T88bRnkj/mDRISF5sqQ4aPNh7NcbAz4qrjSiadlib4Ls60zCWErB0TqgVFTxikdIQbU8NXU58EsxRu0USkEfpOtvp4ApKQaJqmiq6kjAnnyyfpMVw5bHeMk5hezCawf8lvtNsTRyLFYG9Gj6aSx1gYrVngCJA3Onpd3MOvd26eFLc4ulMDXT7fJ/raP9yvLWDuyup8VotDZ3n/DzK5rK3oKLUSHHG8E/iV1Mm4xDCdf2R/msvsIWAP84fm4rH+3jixHUATkK9VtpiD33yiRq7PlWb41DjE7tc/ut5AgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEACln3rGksNAiWZkGQkUOYJG6yNAtGQvdBEWyPYS41meU2GRwveO+H6OrAPLIA/qUXUXwWuEpW3cf1MZlPWa+fGGjeB/wcPOalHi0l1jhSqcZrKbysmnpWYgQkllcFkrO54SOQBAWThwVRfvYFjlUCxb0rKqiDOG1I18BWJ4qfSZNaTZfXrjwMajN1reOQ1OmDJT2KGb8e29Cs1jXezAu/s1F9s/aVAR6PZ07Xt0FL4hIKUmgUv+VXCIg0BxOR6KOB8HH1vIaS9hP3Lb4ML2NCwD99EmvlTqjZrYigaGvpYsqmHU+SchpXb4ThEZt4i0BQbt4vRJoxOPYr6uTmTRYsJQ==" ],
    "exp" : 1600380785143,
    "alg" : "RSA-OAEP",
    "n" : "1LbgKrNYEQiCkaeCgQ-emQ2HVMDzuFFSq5oQ00-DDS7gf7fek_PG0Z5I_5g0SEhebKkOGjzYezXGwM-Kq40omnZYm-C7OtMwlhKwdE6oFRU8YpHSEG1PDV1OfBLMUbtFEpBH6Trb6eAKSkGiapoqupIwJ58sn6TFcOWx3jJOYXswmsH_Jb7TbE0cixWBvRo-mksdYGK1Z4AiQNzp6XdzDr3dunhS3OLpTA10-3yf62j_cry1g7srqfFaLQ2d5_w8yuayt6Ci1EhxxvBP4ldTJuMQwnX9kf5rL7CFgD_OH5uKx_t44sR1AE5CvVbaYg998okauz5Vm-NQ4xO7XP7reQ"
  }, {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "enc",
    "crv" : "",
    "kid" : "953ad70b-3d1f-4ca7-a651-828f14d3c258_enc_rs256",
    "x5c" : [ "MIIDAzCCAeugAwIBAgIgbfUkb0YyS+PI5SvOSV0O2xB0H3Az3hq0h/R+4sQsBykwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTUyMTEyNTdaFw0yMDA5MTcyMjEzMDdaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4nUVq7NDuwKy521uC0VXULkmuSBV7EHWsXfN1fp0Kt7oEYZyY+yeKJwVIpPoH5Dd13NITq9skt04DLVn8hEfs9vlbK6Zm663dDPXVOJqYpXau1yqvAxV4havADcxkaH+wL00KKQrPYBXjqwODT9cWWvXa6aAupexm1CBMhkdg99bAuhx+KXdc4fOevFfHhFuvP5LZs4XDchDOqbqtc87crCyNR+jGD5mpoxulyycou+p1uWGiSnovA5zkJZlqQVBsEI51gAhqwLVRTDLjny2d6rLhEAGSqgI6jZcZCoiHow6RyFJCKRzjM8R6YIKH6GHQayJH/Mqoqjh73FPD2AWFAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEA30295/c7EUnJ03BVskrr7KQmrSf495vM6oM2EgxaiaRbtovSJ5/dY1dbvzuXjRhQo3pUj47tvDJIPC7ln/jfJOrHtmXRBgbGQfGRkEfcDyBMkMOsWgS0rLHZsK1IqSf6Gi/AbQLIj10AXh2JmHbHEgtF8lvDa0msCeYUmGr6aGlCFo0rqpSXE6jnO80M7p9GL3iBkfMrh0CKJWogRNwWSaiJmDdwpjyL1ipQfM++PnuTPU1Xa/kthGpGAoKNm9tkWrL9HDBYEBHHCntinJ6D6fKCZJul/81SGqnL8x3Or38jDWTTerfRGvndvVzUrhDZn8EdzN17ZESwj8nPzP1X1w==" ],
    "exp" : 1600380787551,
    "alg" : "RS256",
    "n" : "-J1FauzQ7sCsudtbgtFV1C5JrkgVexB1rF3zdX6dCre6BGGcmPsniicFSKT6B-Q3ddzSE6vbJLdOAy1Z_IRH7Pb5WyumZuut3Qz11TiamKV2rtcqrwMVeIWrwA3MZGh_sC9NCikKz2AV46sDg0_XFlr12umgLqXsZtQgTIZHYPfWwLocfil3XOHznrxXx4Rbrz-S2bOFw3IQzqm6rXPO3KwsjUfoxg-ZqaMbpcsnKLvqdblhokp6LwOc5CWZakFQbBCOdYAIasC1UUwy458tneqy4RABkqoCOo2XGQqIh6MOkchSQikc4zPEemCCh-hh0GsiR_zKqKo4e9xTw9gFhQ"
  }, {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "enc",
    "crv" : "",
    "kid" : "c4374ee1-6844-4853-93cb-1fb12b6dde3b_enc_rs384",
    "x5c" : [ "MIIDBDCCAeygAwIBAgIhAMNE0K3M/x3pw/jtFzriCVy5YQ+d9kXqnttxAY/6g9ZIMA0GCSqGSIb3DQEBDAUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTE1MjExMjU4WhcNMjAwOTE3MjIxMzA3WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvnN4edLoWrgHilF5iDI9356Z6WDvescdEYaQZ4cgiaX3V9YeG1kxxfVX6/CaS2nrqBHXO8Jvxbvexcr66pMwVmhtn1cuGZeDdSK7uitisWJsLbHKfiVeV9BOjkfUhkACzGEIu8MMXHGM/8DeD3UiJZKkfDX7aN7Kh0HwZMDaC4WNHOsQfiAUFRCCsm0DTszYapUglbyY/ZUrA10TSpzZ8gzT1A3nLGPS0+wVdmLcSfuD+t4CQPi+lpsDzeUO/WJPQGvFwrua9taj+cYduUwJZhhjKuyWOekA4EblczIMndat2soQXtftAPzK6iVOfcT0LrGQUiFRDzsWFk7Re8J5QIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQEMBQADggEBAGyLO5g49FGIoD1bdMy75WUei2gKCAyVGcMGJevCj9N7FxkbX/VdkfQm/an/57oMR+d2b+S8inL05pnPzuO+AUKK1aUtORJAYE3fANBeCEKQjgCge3R8yUd6LnXAhRvf8PJZZnA+p1bccno6XP46b5Na0IaebKtFqpIYhQadXdRXFLGhIeYVLIDsH7pLfSVuHcP7gczmbW20JxgL9suolLfM881RL6pz2MZ7VajnwOZ60KhPfCe5wlMSNnTUpgeDA8IvAtVDRDXhn2M4W/8rJ9G71jOv9KJ8BZg0awzBTbx5SJ2BoUzU/65jHzgoVKtrDLOWtk8D3OD3KWzesoHT0jQ=" ],
    "exp" : 1600380787551,
    "alg" : "RS384",
    "n" : "mvnN4edLoWrgHilF5iDI9356Z6WDvescdEYaQZ4cgiaX3V9YeG1kxxfVX6_CaS2nrqBHXO8Jvxbvexcr66pMwVmhtn1cuGZeDdSK7uitisWJsLbHKfiVeV9BOjkfUhkACzGEIu8MMXHGM_8DeD3UiJZKkfDX7aN7Kh0HwZMDaC4WNHOsQfiAUFRCCsm0DTszYapUglbyY_ZUrA10TSpzZ8gzT1A3nLGPS0-wVdmLcSfuD-t4CQPi-lpsDzeUO_WJPQGvFwrua9taj-cYduUwJZhhjKuyWOekA4EblczIMndat2soQXtftAPzK6iVOfcT0LrGQUiFRDzsWFk7Re8J5Q"
  }, {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "enc",
    "crv" : "",
    "kid" : "6d6246fa-0f90-46ba-95a5-ca558677c5f4_enc_rs512",
    "x5c" : [ "MIIDAzCCAeugAwIBAgIgWaz0qd5fVr62SSumCt4cTGDfKwJHoNIwl2pvIUJzLuQwDQYJKoZIhvcNAQENBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTUyMTEyNThaFw0yMDA5MTcyMjEzMDdaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuxTHKH0dbFeA6RVkTxAvAL1/ebKtc+5weaAcfN+znuJsxubBk0wZXI0QwINdHfmb6OJjbytI+YUKxEy3fzt7ijDUNyz4XYhU6KxjruSWqw+7FuqiCQQXbX8w8TKrf6j8yW5zDJP2VfvAxpzSwQKiDjC+ObxeGMwBvE2dbu2BZPr5ZLBXq4D4JGC/XQfzChrn0GW9vvu3bhvRAM+Rsmicg6iBJ3MiK0wU6u0uTmxnB7jrpVV+kpD9+ajkoQB1xUv6DRekIfDp78Wd1bEMebJA8/gTs0NTnGotetEm80d6n9YNu5yqiZq515bUrsIOYI+JXQe/KVDdcAoCOJA0hrI8BAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQ0FAAOCAQEAFjke4gg9Ixp3oT0caeNiljkll2f/De2BBgKqlDSzwBJ/q+4uy0YB5g8N/bU0H4bzjahryXiPTPBythL9/fMmGadIDR0B8KYawmi8CdmLEI7q4mCC/dxNX2kAw6SiAt6BJy9Ll0xSY50ilj762gVREgi6iGGecYrQTXckeK68WH/7JS5KCLxCzleqo7aasH6LoyLt0lQjzvq/lE+9+LQBumVP5Ny3B9L9X72K8qP1k0cgIgzO/k0h5oGKNM2Av46a7+21siuMUeef9YuZmA11alSI8nkNIbNXKShbf+z8z5/v1QrYuu16/GAHLOqXUo5KY1zg+m315dV7EZteSIAtMQ==" ],
    "exp" : 1600380787551,
    "alg" : "RS512",
    "n" : "rsUxyh9HWxXgOkVZE8QLwC9f3myrXPucHmgHHzfs57ibMbmwZNMGVyNEMCDXR35m-jiY28rSPmFCsRMt387e4ow1Dcs-F2IVOisY67klqsPuxbqogkEF21_MPEyq3-o_MlucwyT9lX7wMac0sECog4wvjm8XhjMAbxNnW7tgWT6-WSwV6uA-CRgv10H8woa59Blvb77t24b0QDPkbJonIOogSdzIitMFOrtLk5sZwe466VVfpKQ_fmo5KEAdcVL-g0XpCHw6e_FndWxDHmyQPP4E7NDU5xqLXrRJvNHep_WDbucqomaudeW1K7CDmCPiV0HvylQ3XAKAjiQNIayPAQ"
  }, {
    "kty" : "EC",
    "use" : "enc",
    "crv" : "P-256",
    "kid" : "1857bd15-950b-4fe1-adf4-9182c7217829_enc_es256",
    "x5c" : [ "MIIBeDCCAR6gAwIBAgIhAPcrts29j++iFe9Qjq2lgKmk/Lbaw65T8PtgIQPUAcMCMAoGCCqGSM49BAMCMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTE1MjExMjU4WhcNMjAwOTE3MjIxMzA3WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEg+u0ZeRoVsiUuWQ+83eP7/8ZK2zu9c9t/2366pJYJ9QSn4q4QV+uTTtoilS5ZTPodsghdwHXNOGEEfpcT1VxrKMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMAoGCCqGSM49BAMCA0gAMEUCIQDpAfMHRINRRSG1KNvwstjN6vn5z8elz8E2O4Z0mmp9cwIgfm3YX4YRPQkbb1Kkruau3wpexg5e4vQkJRbI8q1FLjk=" ],
    "x" : "g-u0ZeRoVsiUuWQ-83eP7_8ZK2zu9c9t_2366pJYJ9Q",
    "y" : "Ep-KuEFfrk07aIpUuWUz6HbIIXcB1zThhBH6XE9Vcaw",
    "exp" : 1600380787551,
    "alg" : "ES256"
  }, {
    "kty" : "EC",
    "use" : "enc",
    "crv" : "P-384",
    "kid" : "201f8fa0-6a98-4779-9872-92b7dc2e624a_enc_es384",
    "x5c" : [ "MIIBtTCCATugAwIBAgIhAL7zmFYNQFRWfNPFrZ5L9cIm+TXv18OML/NjnwWTMVvZMAoGCCqGSM49BAMDMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTE1MjExMjU4WhcNMjAwOTE3MjIxMzA3WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEW4JAldaB82dA1QDVboZlsMFhD86OkpY0vJEZLCdOjqjpmkM6P3YeR0MnE/RfdIdV1LEYWJuZmmjTzYul8olkpWbqYMBujQ0Gb554yYa/Alhx+r0IPnymo8pMnxgNsjRxoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwCgYIKoZIzj0EAwMDaAAwZQIxAKvcvsxgtYHQ/umL5Uf8GlPLFC6iSjkHe9HpTGJKAqwJZkEFthPuUuk7PY2JukVPXgIwPa/1C0EcP0MrC9FiYte+f7Jq0tcY4FWhNdgejkLUS8UpUMUubEkwWoUIs7UQu1cc" ],
    "x" : "W4JAldaB82dA1QDVboZlsMFhD86OkpY0vJEZLCdOjqjpmkM6P3YeR0MnE_RfdIdV",
    "y" : "1LEYWJuZmmjTzYul8olkpWbqYMBujQ0Gb554yYa_Alhx-r0IPnymo8pMnxgNsjRx",
    "exp" : 1600380787551,
    "alg" : "ES384"
  }, {
    "kty" : "EC",
    "use" : "enc",
    "crv" : "P-521",
    "kid" : "627fab40-6617-485f-bdb9-1d8651049ff2_enc_es512",
    "x5c" : [ "MIICADCCAWGgAwIBAgIhAL3V8/kx8JMw355KGaIItaYWFtSEjKkXSStPUz6FpN6IMAoGCCqGSM49BAMEMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTE1MjExMjU4WhcNMjAwOTE3MjIxMzA3WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBd9fLBQ/2dpfkHbzQ9BiH/Z3fs8tilubDCLYEzdY5LV7UmjoP6TZQk+3bXuys+/gZwfkti8TrTTWg635wCwWnuLUA7Vf5/xAZ/de6D0JwL4MnO3kKEKEoZ7BXbEyf//inCxFdcKJRe1IS9z4Lrs4tpW9HT0rRNrui7LLGDD1Kxp8L3oWjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADAKBggqhkjOPQQDBAOBjAAwgYgCQgC+cZn7iYyxGwYjMipn94aajcjBZ313G5JFucBHkP92H7vTfiBvQ9mV1Da1erLPXfxmB8A00XGrpR5KKQ7nTGpjAwJCAPQhUxc7a8ndAAuxbACgskYWBhxzN/SeiUtyd4F3Gn9/fpSSKRu95th7CzQLROL4xvrOS00A3kI3Bz+KXghEoyLB" ],
    "x" : "AXfXywUP9naX5B280PQYh_2d37PLYpbmwwi2BM3WOS1e1Jo6D-k2UJPt217srPv4GcH5LYvE6001oOt-cAsFp7i1",
    "y" : "7Vf5_xAZ_de6D0JwL4MnO3kKEKEoZ7BXbEyf__inCxFdcKJRe1IS9z4Lrs4tpW9HT0rRNrui7LLGDD1Kxp8L3oU",
    "exp" : 1600380787551,
    "alg" : "ES512"
  }, {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "enc",
    "crv" : "",
    "kid" : "27b62ca2-9aee-4fc9-a957-7ddde57a9323_enc_ps256",
    "x5c" : [ "MIIDbDCCAiCgAwIBAgIhAMlVcXoIF0LkxNppc9OKnd1SvjfMDYBQFqb1Bi3iK6JeMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIDAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMB4XDTIwMDkxNTIxMTI1OFoXDTIwMDkxNzIyMTMwN1owITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnHmJALyd2vbEMCJN6FEGnCyDqqZaqzyXm6q7SLiYQbQrSeLD2/qQ9NSe2V3WfBy+Xc0Pm+3ezsc4GbCgcZiS9UDd0iuNwRYnICfxoxnKyTUpLY77JZmHpt4yU4rRjcwtY66z5stjMq7/aiGLu7be2KB6HPFUrAjcFseSljMP3ej6Pl/D1sRdPEiUCPA7dlqc30l0Ls/uAVGLoaINxx7/+w7xAb941FbgYgdo/dNkprms1AVIzb/u76zYFghz4TLKpcympk6QpvWhqLiRGU/g6sujFohOi5f+hh7ODx8HNoeCHmRD6YT7euL857uHlOnkiHxv25KB8PGRrz/4nOLQECAwEAAaMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIAOCAQEAViOGTkg0vrokoDPiwxVzFDfed6yPhsHyX3pNOPWzYerjX9FUyeAtnzUqnhZJu5/Gybpn1Sl7B/kLSub5a9hZIhK7TvNLFIge3CG0L0OwZuIub3LaErL5QABiW6c2Ep+bH+bCcEe48OKq90DOjS3qSfdcwfOV0HWkZKnoLyxlHtUWqjPfAVUgX7TNKFwPCj3/MmEAp0M+OAgq5YSr65/haA/Imo4a0PSx0DnWnCa08qS9iD+H6ijTe50B0MaJb4d5eI+Uc5l+aJ83KitZz47xyxunX/H4ZhhLWSUBTX9hktJIPyA1dlE8qfZHvyrc/LpZbgD8mf/vjUq1yxSwiAPhmQ==" ],
    "exp" : 1600380787551,
    "alg" : "PS256",
    "n" : "mceYkAvJ3a9sQwIk3oUQacLIOqplqrPJebqrtIuJhBtCtJ4sPb-pD01J7ZXdZ8HL5dzQ-b7d7OxzgZsKBxmJL1QN3SK43BFicgJ_GjGcrJNSktjvslmYem3jJTitGNzC1jrrPmy2Myrv9qIYu7tt7YoHoc8VSsCNwWx5KWMw_d6Po-X8PWxF08SJQI8Dt2WpzfSXQuz-4BUYuhog3HHv_7DvEBv3jUVuBiB2j902SmuazUBUjNv-7vrNgWCHPhMsqlzKamTpCm9aGouJEZT-Dqy6MWiE6Ll_6GHs4PHwc2h4IeZEPphPt64vznu4eU6eSIfG_bkoHw8ZGvP_ic4tAQ"
  }, {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "enc",
    "crv" : "",
    "kid" : "51c09054-01a6-4b1f-ab32-154c02059fc1_enc_ps384",
    "x5c" : [ "MIIDazCCAh+gAwIBAgIgJUv+6DcpkPboACnT7QjPfNzYrczKbRgVgl0vVzYkTHcwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIDAgEwMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTE1MjExMjU5WhcNMjAwOTE3MjIxMzA3WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuekrbJF9MR4iu4MuLY7DfWGzz/XL22fx1A31S78N6tAoGPpdXaYQGyUHqoyIwU7b0zA3+cKX5CydAENKQ2SQYtoVjZuxb65PKYgS/J9uSxNJMIlaBwC8lDGpriC8DJoln3DlnX3CDAkKX6ZMiI3iB4HMtmZ3UyjrblxxJorEubGvj1S3CirUyLgB7vvKrbhoBru320404vEfm22/AwxA7PYhxQpm6Hre/A9frKpi+wNM2Mn1Fi3hg8/yJR77C6DLuyNarqr0gLBCRoRFJvLfgzQ9RZ7hVY2/Zl9mePB6QamVqY/ipTHFqn8v+2JffzlK7ipU7Ldnhqbw/JToGu/XQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIDAgEwA4IBAQB9qiIn1YSCHs5FdA/KB7rv+tu4/H+Y+u96x2Xxhnuxe+gICmS7ZuyKDdR3iKdGIHf/KrwR0pLNHzGoirDzS4Qxhu9pw+eLVg1qJD/Z9CI7gyKYGO7ZdzHl0IjaXDcrV/jodwsQxpdkXTQRYvI+4pdiCIu5eEuga+udeXIL3/bfWYJUr842lCBhDeanGLIg/bW/gor0VHFMN0EX/jfau/x50b7Io/k5mMmrpyj8GCwiyyIE9U6OzrPkmFv4itjaIBUweHW6GqsQeEzKlyOYi0IJJcSmUFPyRHc6mhBifQtkN1jvdNyWhLQqY2f7zbk+2Ca1gx6i/ocyXkLeCrozOxhQ" ],
    "exp" : 1600380787551,
    "alg" : "PS384",
    "n" : "uuekrbJF9MR4iu4MuLY7DfWGzz_XL22fx1A31S78N6tAoGPpdXaYQGyUHqoyIwU7b0zA3-cKX5CydAENKQ2SQYtoVjZuxb65PKYgS_J9uSxNJMIlaBwC8lDGpriC8DJoln3DlnX3CDAkKX6ZMiI3iB4HMtmZ3UyjrblxxJorEubGvj1S3CirUyLgB7vvKrbhoBru320404vEfm22_AwxA7PYhxQpm6Hre_A9frKpi-wNM2Mn1Fi3hg8_yJR77C6DLuyNarqr0gLBCRoRFJvLfgzQ9RZ7hVY2_Zl9mePB6QamVqY_ipTHFqn8v-2JffzlK7ipU7Ldnhqbw_JToGu_XQ"
  }, {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "enc",
    "crv" : "",
    "kid" : "1048d4c4-3b9e-4450-954a-3d4886ae2569_enc_ps512",
    "x5c" : [ "MIIDbDCCAiCgAwIBAgIhAIi+5q8X/TfrYHtjI4mtIuunYL+YHQ4EzRwTN6LVq5cZMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIDBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIDBQCiAwIBQDAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMB4XDTIwMDkxNTIxMTI1OVoXDTIwMDkxNzIyMTMwN1owITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAML2ZORkZVEdi1o52skKe4hmr5qBFTHemPPvUbu6ne07u9yEF2EvAocnEzXT0FfOte2K8nkMvodSU88tzRQYH+Z/MCbdq7bWqlPP2kB31sTWlZzp1xKBqyDvVWxO/sudlfluFRwj27UjVFKC4QfW14RgJKTrBCn7hMYU8X+PoesmSPm+YpUl0HcjBMvrk/ZIuavII92y25oovvRN6ui1vpTjzP+qCBxLqe0bQohsRrXrjFUAw9eBTrzDiZUN1GPd3Tp9Tz4YA8vpyHN2MWuE2cXAzuWrfKZdoKxc51wSq+3q9nfwOwdA0oJu4rMvYYUsusvjd6CNyGDtDXjBIjWr6v0CAwEAAaMnMCUwIwYDVR0lBBwwGgYIKwYBBQUHAwEGCCsGAQUFBwMCBgRVHSUAMEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIDBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAIDBQCiAwIBQAOCAQEAX2i4jePikLdFTAt5VV9Z8VtlIt1TDO9PqiJ1ZVpw4eZm+9bCgUCIb0y1W9Dod49UfOui6geaUSGKCPocoPPFp2fyKGbqrjpzE8kiCEf/ytYsqoXwR6zK6TTOj7e0XkN6VUfyLaRrdorjnAzrF91lUs3Ycegn27iE/jFQ735y/rd1mBxSyP17d72KEspKxP4bExa4bT868PaRuPY9UTicTC4Q0sB3QGQcNcUMnaTUTx8ZX0HVPoYDC+CTyqJo1dk2rwoqh6Ehvk8LBlAMUnztWHIfNr4/qignJpgYYLKHjy6Vzdk93LkvFM87nG9Zh6k4KSO8a6tWAObAbu0G9XM1Pg==" ],
    "exp" : 1600380787551,
    "alg" : "PS512",
    "n" : "wvZk5GRlUR2LWjnayQp7iGavmoEVMd6Y8-9Ru7qd7Tu73IQXYS8ChycTNdPQV8617YryeQy-h1JTzy3NFBgf5n8wJt2rttaqU8_aQHfWxNaVnOnXEoGrIO9VbE7-y52V-W4VHCPbtSNUUoLhB9bXhGAkpOsEKfuExhTxf4-h6yZI-b5ilSXQdyMEy-uT9ki5q8gj3bLbmii-9E3q6LW-lOPM_6oIHEup7RtCiGxGteuMVQDD14FOvMOJlQ3UY93dOn1PPhgDy-nIc3Yxa4TZxcDO5at8pl2grFznXBKr7er2d_A7B0DSgm7isy9hhSy6y-N3oI3IYO0NeMEiNavq_Q"
  }, {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "enc",
    "crv" : "",
    "kid" : "47235423-e4bb-4a34-9115-105c5fdd6d3c_enc_rsa1_5",
    "x5c" : [ "MIIDBDCCAeygAwIBAgIhANNZCavf9b3Hd1w74sgjOEQyIbWDybnTH3fhKRtiyhp8MA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwHhcNMjAwOTE1MjExMjU5WhcNMjAwOTE3MjIxMzA3WjAhMR8wHQYDVQQDDBZveEF1dGggQ0EgQ2VydGlmaWNhdGVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIEPD8/DkXtf9uqydYpokABuwhw/xO+vZoVit7OPwt4dxSliwct7ucTjmuWg8eD+Gt8E16Izwqt90d0EHTC8Lt5A1qgKtlnomCTQ23eUr3fx6Qj1XBepbt1nGhbqennOVfayrOcW0NtDr1q2dsH39o7ufof6pXFh+eCqGUnAhtcxET8xoqLUu+DTV5/BEPkSLhthxiDeNHfwJDNzHu8v8ssbO79s9lE7F8W30FuTEq0H2ANKD3ZFqKC+4NcR1K6D0aUOgOeMU533Whb0MVqCIhj5VNgFn9mWZzNyzpoKFwEdf4DHcKRoQhWSG6ILG77axqlljqKA3a1S5lJlSU5sPQIDAQABoycwJTAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAwDQYJKoZIhvcNAQELBQADggEBAJw+QSbqRXf6DMecI+RhseQzVO7ROcIk5+BcoI77P9lYeCzCsq8573dWZHCb3jDO/rI6Sc5hMKx2X0yyUaSXZPGmEV/HgAWCCkQQDjZTjetzo+DBmu4a3B63PwqahiP4tbufZNHLReAB0x/fUleVCihFfxExSMtORbEHr9EoXX/HPAGKmhS4mVbbAw1OqQVqrQDNvyrSehzSKdkAkM0lwCm7S2+/IMwX8Jz9fsDoG7vqnGaPhlktAOpPom0loVRbFuWDhzCuHL1Fl68phz1Db+QDxoB937tHyS/losPfbUnNxmS+KkC5zi8XL/HDc+BZkPoMU5AC1bZXIuPhZnk1YWg=" ],
    "exp" : 1600380787551,
    "alg" : "RSA1_5",
    "n" : "yIEPD8_DkXtf9uqydYpokABuwhw_xO-vZoVit7OPwt4dxSliwct7ucTjmuWg8eD-Gt8E16Izwqt90d0EHTC8Lt5A1qgKtlnomCTQ23eUr3fx6Qj1XBepbt1nGhbqennOVfayrOcW0NtDr1q2dsH39o7ufof6pXFh-eCqGUnAhtcxET8xoqLUu-DTV5_BEPkSLhthxiDeNHfwJDNzHu8v8ssbO79s9lE7F8W30FuTEq0H2ANKD3ZFqKC-4NcR1K6D0aUOgOeMU533Whb0MVqCIhj5VNgFn9mWZzNyzpoKFwEdf4DHcKRoQhWSG6ILG77axqlljqKA3a1S5lJlSU5sPQ"
  }, {
    "kty" : "RSA",
    "e" : "AQAB",
    "use" : "enc",
    "crv" : "",
    "kid" : "9a44e014-97de-4d65-91cc-5f5c68028f00_enc_rsa-oaep",
    "x5c" : [ "MIIDAzCCAeugAwIBAgIgIktcqGGutMFEVjY0RR5HY5ONQ0PTCp997vnWWfgrgZ0wDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAwwWb3hBdXRoIENBIENlcnRpZmljYXRlczAeFw0yMDA5MTUyMTEzMDBaFw0yMDA5MTcyMjEzMDdaMCExHzAdBgNVBAMMFm94QXV0aCBDQSBDZXJ0aWZpY2F0ZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbP2lORVs2e2svTiWQisqC15ZQCX0ReNtdRmn5F9/AGvlc+9Gv8PTFHDF+jM40Mu+yyPatPYgl3xtqYb9Uo/vrC6qZuzKnrXk/wzc88zD0dzDsgZv9J/HpOs6296SqG4OpWVGNtQJsvkhETV0yG3/Y7YOiDo5yR/IEI/DD3fjQXG8dbwbhZt7Qm90nwmTF2z8NaERJQGYoZT611RXMkzrRS7N8x3sfTP17lVYkYU3C+bbuDUpv4pq0kP0sI4tajNHFixn6kBQh8VBtGPT8h7wUZfi65SdIUUvwVkI3ixvZytykIMu7A0jMDOKE8P+wj2EYXB2t8LF0MmyI21bqXPiNAgMBAAGjJzAlMCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAicwkTdlijhHpSGnZvKjFy599DNBH5/dnZRuthdGsUEsYHIy+lHESrc4c0Imi+Sd1jsIxDkWbx82GtkHJRAOUCaEi6qIA/UmoGe3KGiEPlJi1MiK6LOZLu4dn+A/Mk/A2fVCa0NfijXnpEjZ/ZOBPtJUwIe8BLYJZUTRnp9dUr+MtjcxmeKSOU7Lw7qBh86eL2gpay+2XAuD0nzj0qyFzm9GyqHg3huqannGfQ33p00bsi/4G3sb+trA5rJXNqY22jUqFpKOB9Jg+AE3ds4eA6wEgoDheQbE24w0N7da6iUt7mW1AzkrUwG0W0Is2CgubTBnH1b14mOB6e77VVKpSBw==" ],
    "exp" : 1600380787551,
    "alg" : "RSA-OAEP",
    "n" : "mz9pTkVbNntrL04lkIrKgteWUAl9EXjbXUZp-RffwBr5XPvRr_D0xRwxfozONDLvssj2rT2IJd8bamG_VKP76wuqmbsyp615P8M3PPMw9Hcw7IGb_Sfx6TrOtvekqhuDqVlRjbUCbL5IRE1dMht_2O2Dog6OckfyBCPww9340FxvHW8G4Wbe0JvdJ8Jkxds_DWhESUBmKGU-tdUVzJM60UuzfMd7H0z9e5VWJGFNwvm27g1Kb-KatJD9LCOLWozRxYsZ-pAUIfFQbRj0_Ie8FGX4uuUnSFFL8FZCN4sb2crcpCDLuwNIzAzihPD_sI9hGFwdrfCxdDJsiNtW6lz4jQ"
  } ]
}

#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Atest_user%40ce-dev5.gluu.org&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 181
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Thu, 17 Sep 2020 18:24:53 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "subject": "acct:test_user@ce-dev5.gluu.org",
    "links": [{
        "rel": "http://openid.net/specs/connect/1.0/issuer",
        "href": "https://ce-dev5.gluu.org"
    }]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: ce-dev5.gluu.org

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7237
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:53 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
  "request_parameter_supported" : true,
  "token_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "introspection_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/introspection",
  "claims_parameter_supported" : true,
  "issuer" : "https://ce-dev5.gluu.org",
  "userinfo_encryption_enc_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "authorization_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/authorize",
  "service_documentation" : "http://gluu.org/docs",
  "id_generation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/id",
  "claims_supported" : [ "oxAuthRedirectURI", "street_address", "country", "zoneinfo", "birthdate", "gender", "formatted", "user_name", "oxAuthIdTokenSignedResponseAlg", "work_phone", "oxAuthScope", "phone_mobile_number", "preferred_username", "locale", "inum", "oxAuthAppType", "updated_at", "nickname", "org_name", "member_of", "email", "website", "email_verified", "profile", "locality", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name" ],
  "scope_to_claims_mapping" : [ {
    "http://photoz.example.com/dev/actions/a3" : [ ]
  }, {
    "profile" : [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ]
  }, {
    "http://photoz.example.com/dev/actions/internalClient" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/see" : [ ]
  }, {
    "openid" : [ ]
  }, {
    "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/view" : [ ]
  }, {
    "permission" : [ ]
  }, {
    "/user" : [ ]
  }, {
    "http://photoz.example.com/dev/scopes/all" : [ ]
  }, {
    "super_gluu_ro_session" : [ ]
  }, {
    "work_phone" : [ "work_phone" ]
  }, {
    "http://photoz.example.com/dev/scopes/view" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/all" : [ ]
  }, {
    "phone" : [ "phone_number_verified", "phone_number" ]
  }, {
    "address" : [ "formatted", "postal_code", "street_address", "locality", "country", "region" ]
  }, {
    "^/user/[^/]+$" : [ ]
  }, {
    "org_name" : [ "org_name" ]
  }, {
    "http://photoz.example.com/dev/actions/remove" : [ ]
  }, {
    "clientinfo" : [ "name", "inum", "oxAuthAppType", "oxAuthIdTokenSignedResponseAlg", "oxAuthRedirectURI", "oxAuthScope" ]
  }, {
    "mobile_phone" : [ "phone_mobile_number" ]
  }, {
    "http://photoz.example.com/dev/actions/a1" : [ ]
  }, {
    "email" : [ "email_verified", "email" ]
  }, {
    "user_name" : [ "user_name" ]
  }, {
    "http://photoz.example.com/dev/actions/a2" : [ ]
  }, {
    "test" : [ "member_of" ]
  }, {
    "http://photoz.example.com/dev/actions/walk" : [ ]
  }, {
    "oxtrust-api-write" : [ ]
  }, {
    "oxd" : [ ]
  }, {
    "uma_protection" : [ ]
  }, {
    "oxtrust-api-read" : [ ]
  }, {
    "^/user/.+$" : [ ]
  }, {
    "modify" : [ ]
  }, {
    "http://photoz.example.com/dev/actions/add" : [ ]
  } ],
  "op_policy_uri" : "http://ox.gluu.org/doku.php?id=oxauth:policy",
  "token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ],
  "tls_client_certificate_bound_access_tokens" : true,
  "response_modes_supported" : [ "fragment", "form_post", "query" ],
  "backchannel_logout_session_supported" : true,
  "token_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/token",
  "response_types_supported" : [ "code token", "id_token", "code", "token", "id_token code", "id_token token", "id_token code token" ],
  "request_uri_parameter_supported" : true,
  "grant_types_supported" : [ "refresh_token", "client_credentials", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket" ],
  "ui_locales_supported" : [ "en", "es" ],
  "userinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/userinfo",
  "op_tos_uri" : "http://ox.gluu.org/doku.php?id=oxauth:tos",
  "auth_level_mapping" : {
    "-1" : [ "auth_ldap_server" ],
    "60" : [ "super_gluu" ],
    "20" : [ "basic_lock" ],
    "10" : [ "basic" ]
  },
  "require_request_uri_registration" : false,
  "id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "frontchannel_logout_session_supported" : true,
  "claims_locales_supported" : [ "en" ],
  "clientinfo_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/clientinfo",
  "request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "session_revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke_session",
  "check_session_iframe" : "https://ce-dev5.gluu.org/oxauth/opiframe.htm",
  "scopes_supported" : [ "^/user/.+$", "http://photoz.example.com/dev/actions/internalClient", "clientinfo", "user_name", "work_phone", "^/user/[^/]+$", "mobile_phone", "http://photoz.example.com/dev/actions/view", "https://ce-dev5.gluu.org/oxauth/restv1/uma/scopes/scim_access", "oxd", "super_gluu_ro_session", "org_name", "email", "http://photoz.example.com/dev/actions/remove", "address", "test", "http://photoz.example.com/dev/actions/all", "http://photoz.example.com/dev/actions/add", "openid", "profile", "uma_protection", "http://photoz.example.com/dev/scopes/view", "permission", "http://photoz.example.com/dev/actions/see", "http://photoz.example.com/dev/scopes/all", "http://photoz.example.com/dev/actions/a1", "http://photoz.example.com/dev/actions/a2", "modify", "oxtrust-api-write", "oxtrust-api-read", "http://photoz.example.com/dev/actions/walk", "phone", "http://photoz.example.com/dev/actions/a3", "/user" ],
  "backchannel_logout_supported" : true,
  "acr_values_supported" : [ "basic_lock", "auth_ldap_server", "super_gluu", "basic" ],
  "request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
  "display_values_supported" : [ "page", "popup" ],
  "userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "claim_types_supported" : [ "normal" ],
  "userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
  "end_session_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/end_session",
  "revocation_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/revoke",
  "token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "frontchannel_logout_supported" : true,
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth/restv1/jwks",
  "subject_types_supported" : [ "public", "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ],
  "registration_endpoint" : "https://ce-dev5.gluu.org/oxauth/restv1/register",
  "id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimAlgA128KWEncA128GCM
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "request_object_encryption_alg" : "A128KW",
  "application_type" : "web",
  "userinfo_encrypted_response_enc" : "A128GCM",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "userinfo_encrypted_response_alg" : "A128KW",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "additional_audience" : [ ],
  "id_token_encrypted_response_alg" : "A128KW",
  "id_token_encrypted_response_enc" : "A128GCM",
  "claims" : "member_of",
  "client_name" : "oxAuth test app",
  "request_object_encryption_enc" : "A128GCM",
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:53 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimAlgA256KWEncA256GCM
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "request_object_encryption_alg" : "A256KW",
  "application_type" : "web",
  "userinfo_encrypted_response_enc" : "A256GCM",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "userinfo_encrypted_response_alg" : "A256KW",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "additional_audience" : [ ],
  "id_token_encrypted_response_alg" : "A256KW",
  "id_token_encrypted_response_enc" : "A256GCM",
  "claims" : "member_of",
  "client_name" : "oxAuth test app",
  "request_object_encryption_enc" : "A256GCM",
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:53 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimAlgRSA15EncA128CBCPLUSHS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "request_object_encryption_alg" : "RSA1_5",
  "application_type" : "web",
  "userinfo_encrypted_response_enc" : "A128CBC+HS256",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "userinfo_encrypted_response_alg" : "RSA1_5",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "additional_audience" : [ ],
  "id_token_encrypted_response_alg" : "RSA1_5",
  "id_token_encrypted_response_enc" : "A128CBC+HS256",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "member_of",
  "client_name" : "oxAuth test app",
  "request_object_encryption_enc" : "A128CBC+HS256",
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:53 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimAlgRSA15EncA256CBCPLUSHS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "request_object_encryption_alg" : "RSA1_5",
  "application_type" : "web",
  "userinfo_encrypted_response_enc" : "A256CBC+HS512",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "userinfo_encrypted_response_alg" : "RSA1_5",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "additional_audience" : [ ],
  "id_token_encrypted_response_alg" : "RSA1_5",
  "id_token_encrypted_response_enc" : "A256CBC+HS512",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "member_of",
  "client_name" : "oxAuth test app",
  "request_object_encryption_enc" : "A256CBC+HS512",
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:53 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimAlgRSAOAEPEncA256GCM
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "request_object_encryption_alg" : "RSA-OAEP",
  "application_type" : "web",
  "userinfo_encrypted_response_enc" : "A256GCM",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "userinfo_encrypted_response_alg" : "RSA-OAEP",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "additional_audience" : [ ],
  "id_token_encrypted_response_alg" : "RSA-OAEP",
  "id_token_encrypted_response_enc" : "A256GCM",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "member_of",
  "client_name" : "oxAuth test app",
  "request_object_encryption_enc" : "A256GCM",
  "response_types" : [ "token", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:53 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimES256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "member_of",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "ES256",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "ES256",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "ES256"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:54 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimES384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "member_of",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "ES384",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "ES384",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "ES384"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:54 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimES512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "member_of",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "ES512",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "ES512",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "ES512"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:54 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimHS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "claims" : "member_of",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "HS256",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "HS256",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "HS256"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:54 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimHS384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "claims" : "member_of",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "HS384",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "HS384",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "HS384"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:54 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimHS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "claims" : "member_of",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "HS512",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "HS512",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "HS512"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:54 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimNone
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "claims" : "member_of",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "none",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "none",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "none"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:54 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimPS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "member_of",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "PS256",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "PS256",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "PS256"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:54 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimPS384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "member_of",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "PS384",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "PS384",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "PS384"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:55 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimPS512
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "member_of",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "PS512",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "PS512",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "PS512"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 400
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:55 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimRS256
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "member_of",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "RS256",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "RS256",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "RS256"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:55 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "error_description": "The value of one of the Client Metadata fields is invalid and the server has rejected this request. Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.",
    "error": "invalid_client_metadata"
}

#######################################################
TEST: authorizationRequestObjectWithMultivaluedClaimRS384
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /oxauth/restv1/register HTTP/1.1
Content-Type: application/json
Accept: application/json
Host: ce-dev5.gluu.org

{
  "application_type" : "web",
  "jwks_uri" : "https://ce-dev5.gluu.org/oxauth-client/test/resources/jwks.json",
  "claims" : "member_of",
  "redirect_uris" : [ "https://ce-dev5.gluu.org/oxauth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
  "request_object_signing_alg" : "RS384",
  "sector_identifier_uri" : "https://ce-dev5.gluu.org/oxauth/sectoridentifier/a55ede29-8f5a-461d-b06e-76caee8d40b5",
  "client_name" : "oxAuth test app",
  "additional_audience" : [ ],
  "userinfo_signed_response_alg" : "RS384",
  "response_types" : [ "token", "id_token" ],
  "id_token_signed_response_alg" : "RS384"
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 500
Cache-Control: no-store
Connection: close
Content-Length: 295
Content-Type: application/json
Date: Thu, 17 Sep 2020 18:24:55 GMT
Pragma: no-cache
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
    "erro