| Test Name | oid4vp-1final-verifier-invalid-credential-signature |
|---|---|
| Variant | credential_format=sd_jwt_vc, client_id_prefix=x509_hash, request_method=request_uri_signed, vp_profile=haip, response_mode=direct_post.jwt |
| Test ID | 9lPV6b0ZLJkNs4H https://www.certification.openid.net/log-detail.html?public=true&log=9lPV6b0ZLJkNs4H |
| Created | 2026-07-19T01:51:48.960238767Z |
| Description | CodeB OID4VP HAIP verifier - 2026-07-19 v2 |
| Test Version | 5.2.0 |
| Test Owner | 111972090125569840012 https://accounts.google.com |
| Plan ID | Wa46KCPHMZ5EV https://www.certification.openid.net/plan-detail.html?public=true&plan=Wa46KCPHMZ5EV |
| Exported From | https://www.certification.openid.net |
| Exported By | 111972090125569840012 https://accounts.google.com |
| Suite Version | 5.2.0 |
| Exported | 2026-07-19 01:57:08 (UTC) |
| Status: FINISHED Result: PASSED |
| SUCCESS 49 FAILURE 0 WARNING 0 REVIEW 0 INFO 8 |
| 2026-07-19 01:51:48 |
INFO
|
TEST-RUNNER
Test instance 9lPV6b0ZLJkNs4H created
|
||||||||||||||||
|
||||||||||||||||||
| 2026-07-19 01:51:48 |
SUCCESS
|
OIDCCGenerateServerConfiguration
Generated default server configuration
|
||
|
||||
| 2026-07-19 01:51:48 |
SetRequestUriParameterSupportedToTrueInServerConfiguration
Enabled request_uri support in server configuration
|
|||
|
||||
| 2026-07-19 01:51:48 |
|
RegisterClientRequestObjectTrustAnchor
Registered client request object trust anchor certificate
|
||
|
||||
| 2026-07-19 01:51:48 | SUCCESS |
EnsureClientRequestObjectTrustAnchorConfigured
Request Object Trust Anchor is configured
|
|
|
||
| 2026-07-19 01:51:48 |
|
oid4vp-1final-verifier-invalid-credential-signature
Setup Done
|
|
|
||
| 2026-07-19 01:51:53 |
INCOMING
|
oid4vp-1final-verifier-invalid-credential-signature
Incoming HTTP request to /test/a/codeb-oid4vp-haip-v2/authorize
|
||||||||||||||||||||||||
|
||||||||||||||||||||||||||
| Authorization endpoint |
| 2026-07-19 01:51:53 |
FetchRequestUriAndExtractRequestObject
Fetching request object from request_uri
|
|||
|
||||
| 2026-07-19 01:51:53 |
|
FetchRequestUriAndExtractRequestObject
HTTP request
|
||||||||
|
||||||||||
| 2026-07-19 01:51:53 |
RESPONSE
|
FetchRequestUriAndExtractRequestObject
HTTP response
|
||||||||
|
||||||||||
| 2026-07-19 01:51:53 |
FetchRequestUriAndExtractRequestObject
Downloaded request object
|
|||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
FetchRequestUriAndExtractRequestObject
Parsed request object
|
||||||
|
||||||||
| 2026-07-19 01:51:53 | SUCCESS |
EnsureRequestUriIsHttps
request_uri is a https url
|
||
|
||||
| 2026-07-19 01:51:53 |
SUCCESS
|
EnsureRequestUriHasNoFragment
request_uri does not contain a fragment
|
||
|
||||
| 2026-07-19 01:51:53 |
SUCCESS
|
ExtractAndValidateX509HashClientId
Client ID matched
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
ValidateRequestObjectTypIsOAuthQauthReqJwt
Request object typ header is valid
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
OIDCCValidateRequestObjectExp
Request object contains a valid exp claim, expiry time
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
ValidateRequestObjectIat
iat claim is valid
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
EnsureNumericRequestObjectClaimsAreNotNull
None of the claims expected to have numeric values, have null values
|
||
|
||||
| 2026-07-19 01:51:53 |
ValidateRequestObjectMaxAge
Request object does not contain a max_age claim
|
|
|
|
||
| 2026-07-19 01:51:53 | SUCCESS |
EnsureRequestObjectDoesNotContainRequestOrRequestUri
Request object does not contain request or request_uri
|
|
|
||
| 2026-07-19 01:51:53 | SUCCESS |
EnsureRequestObjectDoesNotContainSubWithClientId
Request object does not contain Client Id in sub
|
|
|
||
| 2026-07-19 01:51:53 | SUCCESS |
ValidateRequestObjectIssIfPresent
iss claim matches the client id
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
ValidateRequestObjectAudForVP
Request object aud claim is valid
|
||||||
|
||||||||
| 2026-07-19 01:51:53 | SUCCESS |
ValidateRequestObjectSignatureAgainstX5cHeader
Request object x5c chain validated and signature verified
|
||||||
|
||||||||
| 2026-07-19 01:51:53 |
SUCCESS
|
EnsureClientIdInAuthorizationRequestParametersMatchRequestObject
client_id http request parameter value matches client_id in request object
|
|
|
||
| 2026-07-19 01:51:53 | INFO |
ValidateEncryptedRequestObjectHasKid
Skipped evaluation due to missing required element: authorization_request_object jwe_header
|
||||||
|
||||||||
| 2026-07-19 01:51:53 | SUCCESS |
EnsureOptionalAuthorizationRequestParametersMatchRequestObject
All http request parameters and request object claims match
|
|
|
||
| 2026-07-19 01:51:53 |
SUCCESS
|
CheckForUnexpectedParametersInVpAuthorizationEndpointHttpRequest
All HTTP authorization request parameters are expected
|
||||
|
||||||
| 2026-07-19 01:51:53 | SUCCESS |
CreateEffectiveAuthorizationRequestParameters
Merged http request parameters with request object claims
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
ExtractNonceFromAuthorizationRequest
Extracted nonce
|
||
|
||||
| 2026-07-19 01:51:53 | INFO |
EnsureAuthorizationRequestContainsPkceCodeChallenge
Skipped evaluation due to missing required element: effective_authorization_endpoint_request code_challenge
|
||||||
|
||||||||
| 2026-07-19 01:51:53 |
SUCCESS
|
EnsureResponseTypeIsVpToken
Response type is expected value
|
||
|
||||
| 2026-07-19 01:51:53 |
SUCCESS
|
ValidateResponseMode
response_mode is direct_post.jwt
|
|
|
||
| 2026-07-19 01:51:53 |
SUCCESS
|
CheckNoClientIdSchemeParameter
client_id_scheme parameter is not present, as expected.
|
|
|
||
| 2026-07-19 01:51:53 | SUCCESS |
CheckNoScopeParameter
scope parameter is not present, as expected.
|
|
|
||
| 2026-07-19 01:51:53 | SUCCESS |
CheckRequestUriMethodParameter
request_uri_method parameter is not present.
|
|
|
||
| 2026-07-19 01:51:53 | INFO |
WarnIfRequestUriMethodInRequestObject
Skipped evaluation due to missing required string: authorization_request_object
|
||
|
||||
| 2026-07-19 01:51:53 | INFO |
EnsureNoWalletNonceInRequestObject
Skipped evaluation due to missing required string: authorization_request_object
|
||
|
||||
| 2026-07-19 01:51:53 |
SUCCESS
|
CheckForUnexpectedParametersInVpAuthorizationRequest
All authorization parameters are expected
|
||||
|
||||||
| 2026-07-19 01:51:53 | SUCCESS |
CheckNoTransactionDataInVpAuthorizationRequest
Authorization request does not contain transaction_data
|
|
|
||
| 2026-07-19 01:51:53 | INFO |
ExtractVerifierInfoFromAuthorizationRequest
Skipped evaluation due to missing required element: effective_authorization_endpoint_request verifier_info
|
||||||
|
||||||||
| 2026-07-19 01:51:53 | INFO |
ValidateVerifierInfo
Skipped evaluation due to missing required element: effective_authorization_endpoint_request verifier_info
|
||||||
|
||||||||
| 2026-07-19 01:51:53 | INFO |
CheckForUnexpectedParametersInVerifierInfo
Skipped evaluation due to missing required element: effective_authorization_endpoint_request verifier_info
|
||||||
|
||||||||
| 2026-07-19 01:51:53 | SUCCESS |
EnsureValidResponseUriForAuthorizationEndpointRequest
response_uri is valid https url with no fragment
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
CheckNoRedirectUriInVpAuthorizationRequest
Authorization request does not contain 'redirect_uri'
|
|
|
||
| 2026-07-19 01:51:53 |
SUCCESS
|
CheckNoPresentationDefinitionInVpAuthorizationRequest
Authorization request does not contain presentation_definition or presentation_definition_uri
|
|
|
||
| 2026-07-19 01:51:53 | SUCCESS |
VP1FinalCheckForUnexpectedParametersInVpClientMetadata
All client_metadata parameters are expected
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
VP1FinalValidateVpFormatsSupportedInClientMetadata
vp_formats_supported contains valid dc+sd-jwt format
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
VP1FinalCheckForKeyIdInClientMetadataJWKs
All keys in client_metadata.jwks have unique kid values
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
VP1FinalValidateClientMetadataJwksForEncryptedResponse
client_metadata.jwks contains valid encryption key(s) with alg
|
||
|
||||
| Validate the JWK set in client_metadata |
| 2026-07-19 01:51:53 |
SUCCESS
|
MapJwksToValidationLocation
Selected the JWK set in client_metadata for validation
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
EnsureJwksHasNoPrivateOrSymmetricKeyMaterial
The JWK set in client_metadata contains only public key material
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
ValidateJwksStructure
The JWK set in client_metadata is structurally valid
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
ParseUsableJwksKeys
All usable keys in the JWK set in client_metadata parse successfully
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
WarnOnUnusableJwksKeys
All keys in the JWK set in client_metadata use a supported key type, curve and algorithm
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
ValidateVpClientMetadataEncryptionForHaip
client_metadata encryption parameters satisfy HAIP & OID4VP requirements
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
VP1FinalCheckEncryptionKeyNotReused
Verifier response-encryption key(s) were not seen in a previous Authorization Request
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
ExtractDCQLQueryFromAuthorizationRequest
Extracted dcql_query from authorization request
|
||
|
||||
| 2026-07-19 01:51:53 | SUCCESS |
ValidateDCQLQuery
DCQL query input is valid
|
||||
|
||||||
| 2026-07-19 01:51:53 | SUCCESS |
CheckForUnexpectedParametersInDcqlQuery
DCQL query input is valid
|
||||
|
||||||
| 2026-07-19 01:51:53 |
SUCCESS
|
CheckDCQLQueryCredentialFormatMatchesTestConfiguration
DCQL query credential format matches test configuration
|
||||
|
||||||
| 2026-07-19 01:51:53 |
SUCCESS
|
CreateAuthorizationEndpointResponseParams
Added authorization_endpoint_response_params to environment
|
||
|
||||
| 2026-07-19 01:51:53 |
|
CreateSdJwtKbCredential
Filtered SD-JWT disclosures to DCQL requested claims
|
||||||
|
||||||||
| 2026-07-19 01:51:53 |
|
CreateSdJwtKbCredential
Created an SD-JWT+KB
|
||
|
||||
| 2026-07-19 01:51:53 |
|
InvalidateSdJwtCredentialSignature
Invalidated issuer signature in SD-JWT credential and recomputed KB-JWT sd_hash
|
|
|
||
| 2026-07-19 01:51:53 | SUCCESS |
AddVP1FinalDCQLVPTokenToAuthorizationEndpointResponseParams
Added credential in DCQL 'vp_token' authorization endpoint response parameter
|
||
|
||||
| 2026-07-19 01:51:53 |
|
VP1FinalEncryptVPResponse
Encrypted the response
|
||||||||||||||
|
||||||||||||||||
| 2026-07-19 01:51:53 |
|
CallDirectPostEndpoint
HTTP request
|
||||||||
|
||||||||||
| 2026-07-19 01:51:54 |
RESPONSE
|
CallDirectPostEndpoint
HTTP response
|
||||||||
|
||||||||||
| 2026-07-19 01:51:54 |
SUCCESS
|
CallDirectPostEndpoint
Parsed response uri endpoint response
|
||||||||||
|
||||||||||||
| 2026-07-19 01:51:54 | SUCCESS |
EnsureHttpStatusCodeIs4xx
https://phone.codeb.io/oidc.ashx?action=vp-response&id=2mMGGVYU66-5n_mL-ubNdg endpoint http status code was 400
|
|
|
||
| 2026-07-19 01:51:54 |
OUTGOING
|
oid4vp-1final-verifier-invalid-credential-signature
Response to HTTP request to test instance 9lPV6b0ZLJkNs4H
|
||||
|
||||||
| 2026-07-19 01:51:54 |
FINISHED
|
oid4vp-1final-verifier-invalid-credential-signature
Test has run to completion
|
||
|
||||
| 2026-07-19 01:52:13 |
|
TEST-RUNNER
Alias has now been claimed by another test
|
||||
|
||||||