| Test Name | oid4vp-1final-verifier-happy-flow |
|---|---|
| Variant | credential_format=sd_jwt_vc, client_id_prefix=x509_hash, request_method=request_uri_signed, vp_profile=haip, response_mode=direct_post.jwt |
| Test ID | 37dSrF4Cca83809 https://www.certification.openid.net/log-detail.html?public=true&log=37dSrF4Cca83809 |
| Created | 2026-07-19T01:50:30.930700445Z |
| Description | CodeB OID4VP HAIP verifier - 2026-07-19 v2 |
| Test Version | 5.2.0 |
| Test Owner | 111972090125569840012 https://accounts.google.com |
| Plan ID | Wa46KCPHMZ5EV https://www.certification.openid.net/plan-detail.html?public=true&plan=Wa46KCPHMZ5EV |
| Exported From | https://www.certification.openid.net |
| Exported By | 111972090125569840012 https://accounts.google.com |
| Suite Version | 5.2.0 |
| Exported | 2026-07-19 01:57:08 (UTC) |
| Status: FINISHED Result: PASSED |
| SUCCESS 57 FAILURE 0 WARNING 0 REVIEW 0 INFO 8 |
| 2026-07-19 01:50:30 |
INFO
|
TEST-RUNNER
Test instance 37dSrF4Cca83809 created
|
||||||||||||||||
|
||||||||||||||||||
| 2026-07-19 01:50:30 |
SUCCESS
|
OIDCCGenerateServerConfiguration
Generated default server configuration
|
||
|
||||
| 2026-07-19 01:50:30 |
SetRequestUriParameterSupportedToTrueInServerConfiguration
Enabled request_uri support in server configuration
|
|||
|
||||
| 2026-07-19 01:50:30 |
|
RegisterClientRequestObjectTrustAnchor
Registered client request object trust anchor certificate
|
||
|
||||
| 2026-07-19 01:50:30 | SUCCESS |
EnsureClientRequestObjectTrustAnchorConfigured
Request Object Trust Anchor is configured
|
|
|
||
| 2026-07-19 01:50:30 |
|
oid4vp-1final-verifier-happy-flow
Setup Done
|
|
|
||
| 2026-07-19 01:50:34 |
INCOMING
|
oid4vp-1final-verifier-happy-flow
Incoming HTTP request to /test/a/codeb-oid4vp-haip-v2/authorize
|
||||||||||||||||||||||||
|
||||||||||||||||||||||||||
| Authorization endpoint |
| 2026-07-19 01:50:34 |
FetchRequestUriAndExtractRequestObject
Fetching request object from request_uri
|
|||
|
||||
| 2026-07-19 01:50:34 |
|
FetchRequestUriAndExtractRequestObject
HTTP request
|
||||||||
|
||||||||||
| 2026-07-19 01:50:35 |
RESPONSE
|
FetchRequestUriAndExtractRequestObject
HTTP response
|
||||||||
|
||||||||||
| 2026-07-19 01:50:35 |
FetchRequestUriAndExtractRequestObject
Downloaded request object
|
|||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
FetchRequestUriAndExtractRequestObject
Parsed request object
|
||||||
|
||||||||
| 2026-07-19 01:50:35 | SUCCESS |
EnsureRequestUriIsHttps
request_uri is a https url
|
||
|
||||
| 2026-07-19 01:50:35 |
SUCCESS
|
EnsureRequestUriHasNoFragment
request_uri does not contain a fragment
|
||
|
||||
| 2026-07-19 01:50:35 |
SUCCESS
|
ExtractAndValidateX509HashClientId
Client ID matched
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
ValidateRequestObjectTypIsOAuthQauthReqJwt
Request object typ header is valid
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
OIDCCValidateRequestObjectExp
Request object contains a valid exp claim, expiry time
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
ValidateRequestObjectIat
iat claim is valid
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
EnsureNumericRequestObjectClaimsAreNotNull
None of the claims expected to have numeric values, have null values
|
||
|
||||
| 2026-07-19 01:50:35 |
ValidateRequestObjectMaxAge
Request object does not contain a max_age claim
|
|
|
|
||
| 2026-07-19 01:50:35 | SUCCESS |
EnsureRequestObjectDoesNotContainRequestOrRequestUri
Request object does not contain request or request_uri
|
|
|
||
| 2026-07-19 01:50:35 | SUCCESS |
EnsureRequestObjectDoesNotContainSubWithClientId
Request object does not contain Client Id in sub
|
|
|
||
| 2026-07-19 01:50:35 | SUCCESS |
ValidateRequestObjectIssIfPresent
iss claim matches the client id
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
ValidateRequestObjectAudForVP
Request object aud claim is valid
|
||||||
|
||||||||
| 2026-07-19 01:50:35 | SUCCESS |
ValidateRequestObjectSignatureAgainstX5cHeader
Request object x5c chain validated and signature verified
|
||||||
|
||||||||
| 2026-07-19 01:50:35 |
SUCCESS
|
EnsureClientIdInAuthorizationRequestParametersMatchRequestObject
client_id http request parameter value matches client_id in request object
|
|
|
||
| 2026-07-19 01:50:35 | INFO |
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
|
||||||
|
||||||||
| 2026-07-19 01:50:35 | SUCCESS |
EnsureOptionalAuthorizationRequestParametersMatchRequestObject
All http request parameters and request object claims match
|
|
|
||
| 2026-07-19 01:50:35 |
SUCCESS
|
CheckForUnexpectedParametersInVpAuthorizationEndpointHttpRequest
All HTTP authorization request parameters are expected
|
||||
|
||||||
| 2026-07-19 01:50:35 | SUCCESS |
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
ExtractNonceFromAuthorizationRequest
Extracted nonce
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
CheckForInvalidCharsInNonce
Nonce contains only URL safe characters
|
|
|
||
| 2026-07-19 01:50:35 | SUCCESS |
VP1FinalCheckNonceMinimumLength
Nonce is at least 16 characters. Section 5.2 of OID4VP 1.0 Final does not impose a minimum length; this check flags obviously-too-short nonces that cannot plausibly satisfy the spec's "sufficient entropy" requirement.
|
|
|
||
| 2026-07-19 01:50:35 | SUCCESS |
VP1FinalCheckNonceMaximumLength
Nonce does not exceed 43 characters. Section 5.2 of OID4VP 1.0 Final requires the nonce to be a "fresh, cryptographically random number with sufficient entropy" but does not specify its length. To promote interoperability we expect nonces no longer than 43 characters (the longest the conformance suite itself generates as a verifier when testing a wallet); longer values may not be accepted by all wallets.
|
||||
|
||||||
| 2026-07-19 01:50:35 | SUCCESS |
VP1FinalEnsureMinimumNonceEntropy
Nonce appears to have sufficient entropy. Section 5.2 of OID4VP 1.0 Final requires the nonce to be a "fresh, cryptographically random number with sufficient entropy"; OpenID4VP PR #722 (https://github.com/openid/OpenID4VP/pull/722/changes) recommends at least 128 bits.
|
||||||
|
||||||||
| 2026-07-19 01:50:35 | INFO |
EnsureAuthorizationRequestContainsPkceCodeChallenge
Skipped evaluation due to missing required element: effective_authorization_endpoint_request code_challenge
|
||||||
|
||||||||
| 2026-07-19 01:50:35 |
SUCCESS
|
EnsureResponseTypeIsVpToken
Response type is expected value
|
||
|
||||
| 2026-07-19 01:50:35 |
SUCCESS
|
ValidateResponseMode
response_mode is direct_post.jwt
|
|
|
||
| 2026-07-19 01:50:35 |
SUCCESS
|
CheckNoClientIdSchemeParameter
client_id_scheme parameter is not present, as expected.
|
|
|
||
| 2026-07-19 01:50:35 | SUCCESS |
CheckNoScopeParameter
scope parameter is not present, as expected.
|
|
|
||
| 2026-07-19 01:50:35 | SUCCESS |
CheckRequestUriMethodParameter
request_uri_method parameter is not present.
|
|
|
||
| 2026-07-19 01:50:35 | INFO |
WarnIfRequestUriMethodInRequestObject
Skipped evaluation due to missing required string: authorization_request_object
|
||
|
||||
| 2026-07-19 01:50:35 | INFO |
EnsureNoWalletNonceInRequestObject
Skipped evaluation due to missing required string: authorization_request_object
|
||
|
||||
| 2026-07-19 01:50:35 |
SUCCESS
|
CheckForUnexpectedParametersInVpAuthorizationRequest
All authorization parameters are expected
|
||||
|
||||||
| 2026-07-19 01:50:35 | SUCCESS |
CheckNoTransactionDataInVpAuthorizationRequest
Authorization request does not contain transaction_data
|
|
|
||
| 2026-07-19 01:50:35 | INFO |
ExtractVerifierInfoFromAuthorizationRequest
Skipped evaluation due to missing required element: effective_authorization_endpoint_request verifier_info
|
||||||
|
||||||||
| 2026-07-19 01:50:35 | INFO |
ValidateVerifierInfo
Skipped evaluation due to missing required element: effective_authorization_endpoint_request verifier_info
|
||||||
|
||||||||
| 2026-07-19 01:50:35 | INFO |
CheckForUnexpectedParametersInVerifierInfo
Skipped evaluation due to missing required element: effective_authorization_endpoint_request verifier_info
|
||||||
|
||||||||
| 2026-07-19 01:50:35 | SUCCESS |
EnsureValidResponseUriForAuthorizationEndpointRequest
response_uri is valid https url with no fragment
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
CheckNoRedirectUriInVpAuthorizationRequest
Authorization request does not contain 'redirect_uri'
|
|
|
||
| 2026-07-19 01:50:35 |
SUCCESS
|
CheckNoPresentationDefinitionInVpAuthorizationRequest
Authorization request does not contain presentation_definition or presentation_definition_uri
|
|
|
||
| 2026-07-19 01:50:35 | SUCCESS |
VP1FinalCheckForUnexpectedParametersInVpClientMetadata
All client_metadata parameters are expected
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
VP1FinalValidateVpFormatsSupportedInClientMetadata
vp_formats_supported contains valid dc+sd-jwt format
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
VP1FinalCheckForKeyIdInClientMetadataJWKs
All keys in client_metadata.jwks have unique kid values
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
VP1FinalValidateClientMetadataJwksForEncryptedResponse
client_metadata.jwks contains valid encryption key(s) with alg
|
||
|
||||
| Validate the JWK set in client_metadata |
| 2026-07-19 01:50:35 |
SUCCESS
|
MapJwksToValidationLocation
Selected the JWK set in client_metadata for validation
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
EnsureJwksHasNoPrivateOrSymmetricKeyMaterial
The JWK set in client_metadata contains only public key material
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
ValidateJwksStructure
The JWK set in client_metadata is structurally valid
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
ParseUsableJwksKeys
All usable keys in the JWK set in client_metadata parse successfully
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
WarnOnUnusableJwksKeys
All keys in the JWK set in client_metadata use a supported key type, curve and algorithm
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
ValidateVpClientMetadataEncryptionForHaip
client_metadata encryption parameters satisfy HAIP & OID4VP requirements
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
VP1FinalCheckEncryptionKeyNotReused
Verifier response-encryption key(s) were not seen in a previous Authorization Request
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
ExtractDCQLQueryFromAuthorizationRequest
Extracted dcql_query from authorization request
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
ValidateDCQLQuery
DCQL query input is valid
|
||||
|
||||||
| 2026-07-19 01:50:35 | SUCCESS |
CheckForUnexpectedParametersInDcqlQuery
DCQL query input is valid
|
||||
|
||||||
| 2026-07-19 01:50:35 |
SUCCESS
|
CheckDCQLQueryCredentialFormatMatchesTestConfiguration
DCQL query credential format matches test configuration
|
||||
|
||||||
| 2026-07-19 01:50:35 |
SUCCESS
|
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
|
||
|
||||
| 2026-07-19 01:50:35 |
|
CreateSdJwtKbCredential
Filtered SD-JWT disclosures to DCQL requested claims
|
||||||
|
||||||||
| 2026-07-19 01:50:35 |
|
CreateSdJwtKbCredential
Created an SD-JWT+KB
|
||
|
||||
| 2026-07-19 01:50:35 | SUCCESS |
AddVP1FinalDCQLVPTokenToAuthorizationEndpointResponseParams
Added credential in DCQL 'vp_token' authorization endpoint response parameter
|
||
|
||||
| 2026-07-19 01:50:35 |
|
VP1FinalEncryptVPResponse
Encrypted the response
|
||||||||||||||
|
||||||||||||||||
| 2026-07-19 01:50:35 |
|
CallDirectPostEndpoint
HTTP request
|
||||||||
|
||||||||||
| 2026-07-19 01:50:36 |
RESPONSE
|
CallDirectPostEndpoint
HTTP response
|
||||||||
|
||||||||||
| 2026-07-19 01:50:36 |
SUCCESS
|
CallDirectPostEndpoint
Parsed response uri endpoint response
|
||||||||||
|
||||||||||||
| 2026-07-19 01:50:36 | SUCCESS |
EnsureHttpStatusCodeIs200
https://phone.codeb.io/oidc.ashx?action=vp-response&id=0dZm2Y4RrD3_SeRLM3gB8A endpoint returned the expected http status
|
||||
|
||||||
| 2026-07-19 01:50:36 | SUCCESS |
EnsureContentTypeJson
endpoint_response Content-Type: header is application/json
|
|
|
||
| 2026-07-19 01:50:36 | SUCCESS |
ValidateDirectPostResponse
Direct post response contains only 'redirect_uri'.
|
|
|
||
| 2026-07-19 01:50:36 | SUCCESS |
ValidateDirectPostResponseRedirectUriWhenPresent
redirect_uri in direct_post response body is a non-empty string
|
||
|
||||
| 2026-07-19 01:50:36 | SUCCESS |
VP1FinalEnsureDirectPostResponseHasRedirectUriForHaip
Verifier included redirect_uri in the response to the wallet's POST
|
||
|
||||
| 2026-07-19 01:50:36 |
OUTGOING
|
oid4vp-1final-verifier-happy-flow
Response to HTTP request to test instance 37dSrF4Cca83809
|
||||
|
||||||
| 2026-07-19 01:50:36 |
FINISHED
|
oid4vp-1final-verifier-happy-flow
Test has run to completion
|
||
|
||||
| 2026-07-19 01:50:46 |
|
TEST-RUNNER
Alias has now been claimed by another test
|
||||
|
||||||