| Test Name | oid4vp-1final-verifier-minimal-cnf-jwk |
|---|---|
| Variant | credential_format=sd_jwt_vc, client_id_prefix=x509_hash, request_method=request_uri_signed, vp_profile=haip, response_mode=direct_post.jwt |
| Test ID | o7GHToYczfembuI https://www.certification.openid.net/log-detail.html?public=true&log=o7GHToYczfembuI |
| Created | 2026-07-19T01:50:46.829836124Z |
| Description | CodeB OID4VP HAIP verifier - 2026-07-19 v2 |
| Test Version | 5.2.0 |
| Test Owner | 111972090125569840012 https://accounts.google.com |
| Plan ID | Wa46KCPHMZ5EV https://www.certification.openid.net/plan-detail.html?public=true&plan=Wa46KCPHMZ5EV |
| Exported From | https://www.certification.openid.net |
| Exported By | 111972090125569840012 https://accounts.google.com |
| Suite Version | 5.2.0 |
| Exported | 2026-07-19 01:57:08 (UTC) |
| Status: FINISHED Result: PASSED |
| SUCCESS 53 FAILURE 0 WARNING 0 REVIEW 0 INFO 8 |
| 2026-07-19 01:50:46 |
INFO
|
TEST-RUNNER
Test instance o7GHToYczfembuI created
|
||||||||||||||||
|
||||||||||||||||||
| 2026-07-19 01:50:46 |
SUCCESS
|
OIDCCGenerateServerConfiguration
Generated default server configuration
|
||
|
||||
| 2026-07-19 01:50:46 |
SetRequestUriParameterSupportedToTrueInServerConfiguration
Enabled request_uri support in server configuration
|
|||
|
||||
| 2026-07-19 01:50:46 |
|
RegisterClientRequestObjectTrustAnchor
Registered client request object trust anchor certificate
|
||
|
||||
| 2026-07-19 01:50:46 | SUCCESS |
EnsureClientRequestObjectTrustAnchorConfigured
Request Object Trust Anchor is configured
|
|
|
||
| 2026-07-19 01:50:46 |
|
oid4vp-1final-verifier-minimal-cnf-jwk
Setup Done
|
|
|
||
| 2026-07-19 01:50:50 |
INCOMING
|
oid4vp-1final-verifier-minimal-cnf-jwk
Incoming HTTP request to /test/a/codeb-oid4vp-haip-v2/authorize
|
||||||||||||||||||||||||
|
||||||||||||||||||||||||||
| Authorization endpoint |
| 2026-07-19 01:50:50 |
FetchRequestUriAndExtractRequestObject
Fetching request object from request_uri
|
|||
|
||||
| 2026-07-19 01:50:50 |
|
FetchRequestUriAndExtractRequestObject
HTTP request
|
||||||||
|
||||||||||
| 2026-07-19 01:50:51 |
RESPONSE
|
FetchRequestUriAndExtractRequestObject
HTTP response
|
||||||||
|
||||||||||
| 2026-07-19 01:50:51 |
FetchRequestUriAndExtractRequestObject
Downloaded request object
|
|||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
FetchRequestUriAndExtractRequestObject
Parsed request object
|
||||||
|
||||||||
| 2026-07-19 01:50:51 | SUCCESS |
EnsureRequestUriIsHttps
request_uri is a https url
|
||
|
||||
| 2026-07-19 01:50:51 |
SUCCESS
|
EnsureRequestUriHasNoFragment
request_uri does not contain a fragment
|
||
|
||||
| 2026-07-19 01:50:51 |
SUCCESS
|
ExtractAndValidateX509HashClientId
Client ID matched
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
ValidateRequestObjectTypIsOAuthQauthReqJwt
Request object typ header is valid
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
OIDCCValidateRequestObjectExp
Request object contains a valid exp claim, expiry time
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
ValidateRequestObjectIat
iat claim is valid
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
EnsureNumericRequestObjectClaimsAreNotNull
None of the claims expected to have numeric values, have null values
|
||
|
||||
| 2026-07-19 01:50:51 |
ValidateRequestObjectMaxAge
Request object does not contain a max_age claim
|
|
|
|
||
| 2026-07-19 01:50:51 | SUCCESS |
EnsureRequestObjectDoesNotContainRequestOrRequestUri
Request object does not contain request or request_uri
|
|
|
||
| 2026-07-19 01:50:51 | SUCCESS |
EnsureRequestObjectDoesNotContainSubWithClientId
Request object does not contain Client Id in sub
|
|
|
||
| 2026-07-19 01:50:51 | SUCCESS |
ValidateRequestObjectIssIfPresent
iss claim matches the client id
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
ValidateRequestObjectAudForVP
Request object aud claim is valid
|
||||||
|
||||||||
| 2026-07-19 01:50:51 | SUCCESS |
ValidateRequestObjectSignatureAgainstX5cHeader
Request object x5c chain validated and signature verified
|
||||||
|
||||||||
| 2026-07-19 01:50:51 |
SUCCESS
|
EnsureClientIdInAuthorizationRequestParametersMatchRequestObject
client_id http request parameter value matches client_id in request object
|
|
|
||
| 2026-07-19 01:50:51 | INFO |
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
|
||||||
|
||||||||
| 2026-07-19 01:50:51 | SUCCESS |
EnsureOptionalAuthorizationRequestParametersMatchRequestObject
All http request parameters and request object claims match
|
|
|
||
| 2026-07-19 01:50:51 |
SUCCESS
|
CheckForUnexpectedParametersInVpAuthorizationEndpointHttpRequest
All HTTP authorization request parameters are expected
|
||||
|
||||||
| 2026-07-19 01:50:51 | SUCCESS |
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
ExtractNonceFromAuthorizationRequest
Extracted nonce
|
||
|
||||
| 2026-07-19 01:50:51 | INFO |
EnsureAuthorizationRequestContainsPkceCodeChallenge
Skipped evaluation due to missing required element: effective_authorization_endpoint_request code_challenge
|
||||||
|
||||||||
| 2026-07-19 01:50:51 |
SUCCESS
|
EnsureResponseTypeIsVpToken
Response type is expected value
|
||
|
||||
| 2026-07-19 01:50:51 |
SUCCESS
|
ValidateResponseMode
response_mode is direct_post.jwt
|
|
|
||
| 2026-07-19 01:50:51 |
SUCCESS
|
CheckNoClientIdSchemeParameter
client_id_scheme parameter is not present, as expected.
|
|
|
||
| 2026-07-19 01:50:51 | SUCCESS |
CheckNoScopeParameter
scope parameter is not present, as expected.
|
|
|
||
| 2026-07-19 01:50:51 | SUCCESS |
CheckRequestUriMethodParameter
request_uri_method parameter is not present.
|
|
|
||
| 2026-07-19 01:50:51 | INFO |
WarnIfRequestUriMethodInRequestObject
Skipped evaluation due to missing required string: authorization_request_object
|
||
|
||||
| 2026-07-19 01:50:51 | INFO |
EnsureNoWalletNonceInRequestObject
Skipped evaluation due to missing required string: authorization_request_object
|
||
|
||||
| 2026-07-19 01:50:51 |
SUCCESS
|
CheckForUnexpectedParametersInVpAuthorizationRequest
All authorization parameters are expected
|
||||
|
||||||
| 2026-07-19 01:50:51 | SUCCESS |
CheckNoTransactionDataInVpAuthorizationRequest
Authorization request does not contain transaction_data
|
|
|
||
| 2026-07-19 01:50:51 | INFO |
ExtractVerifierInfoFromAuthorizationRequest
Skipped evaluation due to missing required element: effective_authorization_endpoint_request verifier_info
|
||||||
|
||||||||
| 2026-07-19 01:50:51 | INFO |
ValidateVerifierInfo
Skipped evaluation due to missing required element: effective_authorization_endpoint_request verifier_info
|
||||||
|
||||||||
| 2026-07-19 01:50:51 | INFO |
CheckForUnexpectedParametersInVerifierInfo
Skipped evaluation due to missing required element: effective_authorization_endpoint_request verifier_info
|
||||||
|
||||||||
| 2026-07-19 01:50:51 | SUCCESS |
EnsureValidResponseUriForAuthorizationEndpointRequest
response_uri is valid https url with no fragment
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
CheckNoRedirectUriInVpAuthorizationRequest
Authorization request does not contain 'redirect_uri'
|
|
|
||
| 2026-07-19 01:50:51 |
SUCCESS
|
CheckNoPresentationDefinitionInVpAuthorizationRequest
Authorization request does not contain presentation_definition or presentation_definition_uri
|
|
|
||
| 2026-07-19 01:50:51 | SUCCESS |
VP1FinalCheckForUnexpectedParametersInVpClientMetadata
All client_metadata parameters are expected
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
VP1FinalValidateVpFormatsSupportedInClientMetadata
vp_formats_supported contains valid dc+sd-jwt format
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
VP1FinalCheckForKeyIdInClientMetadataJWKs
All keys in client_metadata.jwks have unique kid values
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
VP1FinalValidateClientMetadataJwksForEncryptedResponse
client_metadata.jwks contains valid encryption key(s) with alg
|
||
|
||||
| Validate the JWK set in client_metadata |
| 2026-07-19 01:50:51 |
SUCCESS
|
MapJwksToValidationLocation
Selected the JWK set in client_metadata for validation
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
EnsureJwksHasNoPrivateOrSymmetricKeyMaterial
The JWK set in client_metadata contains only public key material
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
ValidateJwksStructure
The JWK set in client_metadata is structurally valid
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
ParseUsableJwksKeys
All usable keys in the JWK set in client_metadata parse successfully
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
WarnOnUnusableJwksKeys
All keys in the JWK set in client_metadata use a supported key type, curve and algorithm
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
ValidateVpClientMetadataEncryptionForHaip
client_metadata encryption parameters satisfy HAIP & OID4VP requirements
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
VP1FinalCheckEncryptionKeyNotReused
Verifier response-encryption key(s) were not seen in a previous Authorization Request
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
ExtractDCQLQueryFromAuthorizationRequest
Extracted dcql_query from authorization request
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
ValidateDCQLQuery
DCQL query input is valid
|
||||
|
||||||
| 2026-07-19 01:50:51 | SUCCESS |
CheckForUnexpectedParametersInDcqlQuery
DCQL query input is valid
|
||||
|
||||||
| 2026-07-19 01:50:51 |
SUCCESS
|
CheckDCQLQueryCredentialFormatMatchesTestConfiguration
DCQL query credential format matches test configuration
|
||||
|
||||||
| 2026-07-19 01:50:51 |
SUCCESS
|
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
|
||
|
||||
| 2026-07-19 01:50:51 |
|
CreateSdJwtKbCredentialWithMinimalCnf
Filtered SD-JWT disclosures to DCQL requested claims
|
||||||
|
||||||||
| 2026-07-19 01:50:51 |
|
CreateSdJwtKbCredentialWithMinimalCnf
Created an SD-JWT+KB
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
AddVP1FinalDCQLVPTokenToAuthorizationEndpointResponseParams
Added credential in DCQL 'vp_token' authorization endpoint response parameter
|
||
|
||||
| 2026-07-19 01:50:51 |
|
VP1FinalEncryptVPResponse
Encrypted the response
|
||||||||||||||
|
||||||||||||||||
| 2026-07-19 01:50:51 |
|
CallDirectPostEndpoint
HTTP request
|
||||||||
|
||||||||||
| 2026-07-19 01:50:51 |
RESPONSE
|
CallDirectPostEndpoint
HTTP response
|
||||||||
|
||||||||||
| 2026-07-19 01:50:51 |
SUCCESS
|
CallDirectPostEndpoint
Parsed response uri endpoint response
|
||||||||||
|
||||||||||||
| 2026-07-19 01:50:51 | SUCCESS |
EnsureHttpStatusCodeIs200
https://phone.codeb.io/oidc.ashx?action=vp-response&id=Dh4aOV_sqKUgCN2qPJyFtg endpoint returned the expected http status
|
||||
|
||||||
| 2026-07-19 01:50:51 | SUCCESS |
EnsureContentTypeJson
endpoint_response Content-Type: header is application/json
|
|
|
||
| 2026-07-19 01:50:51 | SUCCESS |
ValidateDirectPostResponse
Direct post response contains only 'redirect_uri'.
|
|
|
||
| 2026-07-19 01:50:51 | SUCCESS |
ValidateDirectPostResponseRedirectUriWhenPresent
redirect_uri in direct_post response body is a non-empty string
|
||
|
||||
| 2026-07-19 01:50:51 | SUCCESS |
VP1FinalEnsureDirectPostResponseHasRedirectUriForHaip
Verifier included redirect_uri in the response to the wallet's POST
|
||
|
||||
| 2026-07-19 01:50:51 |
OUTGOING
|
oid4vp-1final-verifier-minimal-cnf-jwk
Response to HTTP request to test instance o7GHToYczfembuI
|
||||
|
||||||
| 2026-07-19 01:50:51 |
FINISHED
|
oid4vp-1final-verifier-minimal-cnf-jwk
Test has run to completion
|
||
|
||||
| 2026-07-19 01:51:08 |
|
TEST-RUNNER
Alias has now been claimed by another test
|
||||
|
||||||