Test detail

Test Name	oidcc-response-type-missing
Variant	client_auth_type=client_secret_basic, server_metadata=static, response_type=code, response_mode=default, client_registration=static_client
Test ID	qmMMi4kJK5pa8eC https://www.certification.openid.net/log-detail.html?public=true&log=qmMMi4kJK5pa8eC
Created	2024-04-25T22:22:53.101462967Z
Description
Test Version	5.1.16
Test Owner	21036854 https://gitlab.com
Plan ID	gg7kXAOPURbNc https://www.certification.openid.net/plan-detail.html?public=true&plan=gg7kXAOPURbNc
Exported From	https://www.certification.openid.net
Exported By	21036854 https://gitlab.com
Suite Version	5.1.16
Exported	2024-04-26 01:05:55 (UTC)

2024-04-25 22:22:53

(7) More

INFO

TEST-RUNNER

Test instance qmMMi4kJK5pa8eC created

baseUrl	https://www.certification.openid.net/test/a/ad04252024test
variant	{ "client_auth_type": "client_secret_basic", "response_type": "code", "server_metadata": "static", "response_mode": "default", "client_registration": "static_client" }
alias	ad04252024test
description
planId	gg7kXAOPURbNc
config	{ "alias": "ad04252024test", "server": { "issuer": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_vy1I5F4c4", "jwks_uri": "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_vy1I5F4c4/.well-known/jwks.json", "authorization_endpoint": "https://gh0stid.authn.cc/oauth2/authorize", "token_endpoint": "https://gh0stid.authn.cc/oauth2/token", "userinfo_endpoint": "https://gh0stid.authn.cc/oauth2/userInfo" }, "client": { "client_id": "3fsi45vsoqf5jr65tsdhr0vjc1", "client_secret": "74k6uj0oqgu1fihmnjvlte3o5sc5tnf59o15an7kvp75touqpcd" }, "client_secret_post": { "client_id": "tiqph3ss01s3n427q82hm70ch", "client_secret": "1pn27ge4pk30gnkf9mngp15m4t09u4u0d58in9dfult8a15i2civ" }, "client2": { "client_id": "657ufjbt2tjc4qb4oln281r20r", "client_secret": "13bgrpol151jajr59nrv2jlall9selesu62iaihstpbs9m326qe2" } }
testName	oidcc-response-type-missing

2024-04-25 22:22:53

(1) More

SUCCESS

CreateRedirectUri

Created redirect URI

redirect_uri

https://www.certification.openid.net/test/a/ad04252024test/callback

2024-04-25 22:22:53

(5) More

SUCCESS

GetStaticServerConfiguration

Found a static server object

issuer	https://cognito-idp.us-east-1.amazonaws.com/us-east-1_vy1I5F4c4
jwks_uri	https://cognito-idp.us-east-1.amazonaws.com/us-east-1_vy1I5F4c4/.well-known/jwks.json
authorization_endpoint	https://gh0stid.authn.cc/oauth2/authorize
token_endpoint	https://gh0stid.authn.cc/oauth2/token
userinfo_endpoint	https://gh0stid.authn.cc/oauth2/userInfo

2024-04-25 22:22:53

(1) More

SUCCESS

CheckServerConfiguration

Found required server configuration keys

required

[
  "authorization_endpoint",
  "token_endpoint",
  "issuer"
]

2024-04-25 22:22:53

(4) More

SUCCESS

ExtractTLSTestValuesFromServerConfiguration

Extracted TLS information from authorization server configuration

registration_endpoint
authorization_endpoint	{ "testHost": "gh0stid.authn.cc", "testPort": 443 }
token_endpoint	{ "testHost": "gh0stid.authn.cc", "testPort": 443 }
userinfo_endpoint	{ "testHost": "gh0stid.authn.cc", "testPort": 443 }

2024-04-25 22:22:53

(1) More

FetchServerKeys

Fetching server key

jwks_uri

https://cognito-idp.us-east-1.amazonaws.com/us-east-1_vy1I5F4c4/.well-known/jwks.json

2024-04-25 22:22:53

(4) More

FetchServerKeys

HTTP request

request_uri	https://cognito-idp.us-east-1.amazonaws.com/us-east-1_vy1I5F4c4/.well-known/jwks.json
request_method	GET
request_headers	{ "Accept": "text/plain, application/json, application/+json, /*", "Content-Length": "0" }
request_body

2024-04-25 22:22:53

(4) More

RESPONSE

FetchServerKeys

HTTP response

response_status_code	200 OK
response_status_text	OK
response_headers	{ "date": "Thu, 25 Apr 2024 22:22:53 GMT", "content-type": "application/json", "content-length": "916", "connection": "keep-alive", "x-amzn-requestid": "0f377428-42b6-4105-bdb8-0f371fd071a0", "cache-control": "public, max-age\u003d86400" }
response_body	{"keys":[{"alg":"RS256","e":"AQAB","kid":"GHBDPMUc54JQQhjFu20BN2iQQ3v5gGx+Rw3/MqwOqxM=","kty":"RSA","n":"pk9pSBQvfQKC-QIxPifnyLdjn4vMrb8eLtS78mLQKhPhFLk-O6zFyV0Ie3i2LCKv7meRPlxXixsqhBxvKFweswtOYfqS04sXOFDsgzrqDIFAxNIlpL4Hr1BlDTwfLy5OsLdNyeAy05gNs-HXYh0XsTSdCsUIj7czWNjq77n1anzWub8jCrokKkMksfJNdzgktPregWhedsl3F1vYjYdFRUE-w1LLHaynizxdswj_OJ6GxB_BCCkuAGIYk6wlTOSOStMVq2IWMThwiEd2PPNKKbAT_WdK9o4hR24p6vHbNIYqLGaCl91vuWwTOv4DeBJL7TkvPHVoUqXIZbhZZVYb3Q","use":"sig"},{"alg":"RS256","e":"AQAB","kid":"m26sRoFkJsrCnVgdRO0sT3aj3swpDqtjVZVnhytY5SQ=","kty":"RSA","n":"uxcVDDkFFNxEElSqe55-rjj9Bt27G3Qe36Zl-b9pRIHDSGvXico8ZcZrJl8wTqSYLcJm2x4emgxsa-LDDBlzxxtErwH7CLCbOckumpzh2k9qdusDQXxJcvWEc79qmiLG2Vq8T4m6s4ggVfqBO644YuVdYeDZLsIwmWZwg0tQqwYfivg7ezoJponxVisaze0_sXWClavLLiDNA3bzC4vKoHmqRRHmTTzgisynQstyWznh17dW5c0If2PVF8meanUSIFjRal6DHJ-qS6-mTZIMp5T1S0Xvr35OoPYDwtOpIeIMm5SOWhpuFQKrg4j8epBB6ZftrZLVxOii8A14gJ0ILQ","use":"sig"}]}

2024-04-25 22:22:53

(1) More

FetchServerKeys

Found JWK set string

jwk_string

{"keys":[{"alg":"RS256","e":"AQAB","kid":"GHBDPMUc54JQQhjFu20BN2iQQ3v5gGx+Rw3/MqwOqxM=","kty":"RSA","n":"pk9pSBQvfQKC-QIxPifnyLdjn4vMrb8eLtS78mLQKhPhFLk-O6zFyV0Ie3i2LCKv7meRPlxXixsqhBxvKFweswtOYfqS04sXOFDsgzrqDIFAxNIlpL4Hr1BlDTwfLy5OsLdNyeAy05gNs-HXYh0XsTSdCsUIj7czWNjq77n1anzWub8jCrokKkMksfJNdzgktPregWhedsl3F1vYjYdFRUE-w1LLHaynizxdswj_OJ6GxB_BCCkuAGIYk6wlTOSOStMVq2IWMThwiEd2PPNKKbAT_WdK9o4hR24p6vHbNIYqLGaCl91vuWwTOv4DeBJL7TkvPHVoUqXIZbhZZVYb3Q","use":"sig"},{"alg":"RS256","e":"AQAB","kid":"m26sRoFkJsrCnVgdRO0sT3aj3swpDqtjVZVnhytY5SQ=","kty":"RSA","n":"uxcVDDkFFNxEElSqe55-rjj9Bt27G3Qe36Zl-b9pRIHDSGvXico8ZcZrJl8wTqSYLcJm2x4emgxsa-LDDBlzxxtErwH7CLCbOckumpzh2k9qdusDQXxJcvWEc79qmiLG2Vq8T4m6s4ggVfqBO644YuVdYeDZLsIwmWZwg0tQqwYfivg7ezoJponxVisaze0_sXWClavLLiDNA3bzC4vKoHmqRRHmTTzgisynQstyWznh17dW5c0If2PVF8meanUSIFjRal6DHJ-qS6-mTZIMp5T1S0Xvr35OoPYDwtOpIeIMm5SOWhpuFQKrg4j8epBB6ZftrZLVxOii8A14gJ0ILQ","use":"sig"}]}

2024-04-25 22:22:53

(1) More

SUCCESS

FetchServerKeys

Found server JWK set

server_jwks

{
  "keys": [
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "GHBDPMUc54JQQhjFu20BN2iQQ3v5gGx+Rw3/MqwOqxM\u003d",
      "kty": "RSA",
      "n": "pk9pSBQvfQKC-QIxPifnyLdjn4vMrb8eLtS78mLQKhPhFLk-O6zFyV0Ie3i2LCKv7meRPlxXixsqhBxvKFweswtOYfqS04sXOFDsgzrqDIFAxNIlpL4Hr1BlDTwfLy5OsLdNyeAy05gNs-HXYh0XsTSdCsUIj7czWNjq77n1anzWub8jCrokKkMksfJNdzgktPregWhedsl3F1vYjYdFRUE-w1LLHaynizxdswj_OJ6GxB_BCCkuAGIYk6wlTOSOStMVq2IWMThwiEd2PPNKKbAT_WdK9o4hR24p6vHbNIYqLGaCl91vuWwTOv4DeBJL7TkvPHVoUqXIZbhZZVYb3Q",
      "use": "sig"
    },
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "m26sRoFkJsrCnVgdRO0sT3aj3swpDqtjVZVnhytY5SQ\u003d",
      "kty": "RSA",
      "n": "uxcVDDkFFNxEElSqe55-rjj9Bt27G3Qe36Zl-b9pRIHDSGvXico8ZcZrJl8wTqSYLcJm2x4emgxsa-LDDBlzxxtErwH7CLCbOckumpzh2k9qdusDQXxJcvWEc79qmiLG2Vq8T4m6s4ggVfqBO644YuVdYeDZLsIwmWZwg0tQqwYfivg7ezoJponxVisaze0_sXWClavLLiDNA3bzC4vKoHmqRRHmTTzgisynQstyWznh17dW5c0If2PVF8meanUSIFjRal6DHJ-qS6-mTZIMp5T1S0Xvr35OoPYDwtOpIeIMm5SOWhpuFQKrg4j8epBB6ZftrZLVxOii8A14gJ0ILQ",
      "use": "sig"
    }
  ]
}

2024-04-25 22:22:53

(1) More

SUCCESS

CheckServerKeysIsValid

Server JWKs is valid

server_jwks

{
  "keys": [
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "GHBDPMUc54JQQhjFu20BN2iQQ3v5gGx+Rw3/MqwOqxM\u003d",
      "kty": "RSA",
      "n": "pk9pSBQvfQKC-QIxPifnyLdjn4vMrb8eLtS78mLQKhPhFLk-O6zFyV0Ie3i2LCKv7meRPlxXixsqhBxvKFweswtOYfqS04sXOFDsgzrqDIFAxNIlpL4Hr1BlDTwfLy5OsLdNyeAy05gNs-HXYh0XsTSdCsUIj7czWNjq77n1anzWub8jCrokKkMksfJNdzgktPregWhedsl3F1vYjYdFRUE-w1LLHaynizxdswj_OJ6GxB_BCCkuAGIYk6wlTOSOStMVq2IWMThwiEd2PPNKKbAT_WdK9o4hR24p6vHbNIYqLGaCl91vuWwTOv4DeBJL7TkvPHVoUqXIZbhZZVYb3Q",
      "use": "sig"
    },
    {
      "alg": "RS256",
      "e": "AQAB",
      "kid": "m26sRoFkJsrCnVgdRO0sT3aj3swpDqtjVZVnhytY5SQ\u003d",
      "kty": "RSA",
      "n": "uxcVDDkFFNxEElSqe55-rjj9Bt27G3Qe36Zl-b9pRIHDSGvXico8ZcZrJl8wTqSYLcJm2x4emgxsa-LDDBlzxxtErwH7CLCbOckumpzh2k9qdusDQXxJcvWEc79qmiLG2Vq8T4m6s4ggVfqBO644YuVdYeDZLsIwmWZwg0tQqwYfivg7ezoJponxVisaze0_sXWClavLLiDNA3bzC4vKoHmqRRHmTTzgisynQstyWznh17dW5c0If2PVF8meanUSIFjRal6DHJ-qS6-mTZIMp5T1S0Xvr35OoPYDwtOpIeIMm5SOWhpuFQKrg4j8epBB6ZftrZLVxOii8A14gJ0ILQ",
      "use": "sig"
    }
  ]
}

2024-04-25 22:22:53	SUCCESS RFC7517-1.1	ValidateServerJWKs Valid server JWKs: keys are valid JSON, contain the required fields and are correctly encoded using unpadded base64url

2024-04-25 22:22:53	SUCCESS OIDCC-10.1	CheckForKeyIdInServerJWKs All keys contain kids

2024-04-25 22:22:53

(1) More

SUCCESS

RFC7517-4.5

CheckDistinctKeyIdValueInServerJWKs

Distinct 'kid' value in all keys of server_jwks

see	https://bitbucket.org/openid/connect/issues/1127

2024-04-25 22:22:53	SUCCESS RFC7518-6.3.2.1	EnsureServerJwksDoesNotContainPrivateOrSymmetricKeys Jwks does not contain any private or symmetric keys

2024-04-25 22:22:53

(2) More

SUCCESS

GetStaticClientConfiguration

Found a static client object

client_id	3fsi45vsoqf5jr65tsdhr0vjc1
client_secret	74k6uj0oqgu1fihmnjvlte3o5sc5tnf59o15an7kvp75touqpcd

2024-04-25 22:22:53

(3) More

INFO

RFC7517-1.1

ValidateClientJWKsPrivatePart

Skipped evaluation due to missing required element: client jwks

path	jwks
mapped
object	client

2024-04-25 22:22:53

(3) More

INFO

ExtractJWKsFromStaticClientConfiguration

Skipped evaluation due to missing required element: client jwks

path	jwks
mapped
object	client

2024-04-25 22:22:53

(3) More

INFO

RFC7517-4.5

CheckDistinctKeyIdValueInClientJWKs

Skipped evaluation due to missing required element: client jwks

path	jwks
mapped
object	client

2024-04-25 22:22:53

(1) More

SetScopeInClientConfigurationToOpenId

Set scope in client configuration to "openid"

scope

openid

2024-04-25 22:22:53

(1) More

SUCCESS

SetProtectedResourceUrlToUserInfoEndpoint

userinfo_endpoint will be used to test access token. The user info is not a mandatory to implement feature in the OpenID Connect specification, but is mandatory for certification.

protected_resource_url

https://gh0stid.authn.cc/oauth2/userInfo

2024-04-25 22:22:53		oidcc-response-type-missing Setup Done

Make request to authorization endpoint

2024-04-25 22:22:53

(3) More

SUCCESS

CreateAuthorizationEndpointRequestFromClientInformation

Created authorization endpoint request

client_id	3fsi45vsoqf5jr65tsdhr0vjc1
redirect_uri	https://www.certification.openid.net/test/a/ad04252024test/callback
scope	openid

2024-04-25 22:22:53

(2) More

CreateRandomStateValue

Created state value

requested_state_length	10
state	Pf6ov8ubv5

2024-04-25 22:22:53

(4) More

SUCCESS

AddStateToAuthorizationEndpointRequest

Added state parameter to request

client_id	3fsi45vsoqf5jr65tsdhr0vjc1
redirect_uri	https://www.certification.openid.net/test/a/ad04252024test/callback
scope	openid
state	Pf6ov8ubv5

2024-04-25 22:22:53

(2) More

CreateRandomNonceValue

Created nonce value

requested_nonce_length	10
nonce	yPNwF3YvFE

2024-04-25 22:22:53

(5) More

SUCCESS

AddNonceToAuthorizationEndpointRequest

Added nonce parameter to request

client_id	3fsi45vsoqf5jr65tsdhr0vjc1
redirect_uri	https://www.certification.openid.net/test/a/ad04252024test/callback
scope	openid
state	Pf6ov8ubv5
nonce	yPNwF3YvFE

2024-04-25 22:22:53		SetAuthorizationEndpointRequestResponseTypeFromEnvironment Miss out the response_type

2024-04-25 22:22:53

(2) More

SUCCESS

BuildPlainRedirectToAuthorizationEndpoint

Sending to authorization endpoint

auth_request

{
  "client_id": "3fsi45vsoqf5jr65tsdhr0vjc1",
  "redirect_uri": "https://www.certification.openid.net/test/a/ad04252024test/callback",
  "scope": "openid",
  "state": "Pf6ov8ubv5",
  "nonce": "yPNwF3YvFE"
}

redirect_to_authorization_endpoint

https://gh0stid.authn.cc/oauth2/authorize?client_id=3fsi45vsoqf5jr65tsdhr0vjc1&redirect_uri=https://www.certification.openid.net/test/a/ad04252024test/callback&scope=openid&state=Pf6ov8ubv5&nonce=yPNwF3YvFE

2024-04-25 22:22:53

(1) More

REDIRECT

oidcc-response-type-missing

Redirecting to authorization endpoint

redirect_to

https://gh0stid.authn.cc/oauth2/authorize?client_id=3fsi45vsoqf5jr65tsdhr0vjc1&redirect_uri=https://www.certification.openid.net/test/a/ad04252024test/callback&scope=openid&state=Pf6ov8ubv5&nonce=yPNwF3YvFE

2024-04-25 22:22:53	REVIEW RFC6749-3.1.1	ExpectResponseTypeMissingErrorPage Upload a screenshot of the error page showing a missing response type error.

2024-04-25 22:23:07

(2) More

TEST-RUNNER

Stopping test due to alias conflict - before this test finished, you have started another test using the same alias. You will need to rerun this test and ensure you complete all steps in this test before you move onto the next test. Please check that the alias in your test configuration is unique, for example include your company name in it.

alias	ad04252024test
new_test_id	G8ueSJmhm8RQZ2q

Unregister dynamically registered client

2024-04-25 22:23:07		UnregisterDynamicallyRegisteredClient Couldn't find registration_access_token.

2024-04-25 22:23:07	INTERRUPTED	oidcc-response-type-missing Test was interrupted before it could complete. Stopping test due to alias conflict - before this test finished, you have started another test using the same alias. You will need to rerun this test and ensure you complete all steps in this test before you move onto the next test. Please check that the alias in your test configuration is unique, for example include your company name in it.

Test Summary

Test Results