Add support for Proof of Possession tokens, update tests

Author: dmitrizagidulin

lib/api/authn/webid-oidc.js

@@ -31,8 +31,13 @@ function initialize (app, argv) {
 
   // Attach the OIDC API
   app.use('/', middleware(oidc))
+
   // Perform the actual authentication
-  app.use('/', oidc.rs.authenticate())
+  let rsOptions = {
+    allow: { audience: [app.locals.host.serverUri] }
+  }
+  app.use('/', oidc.rs.authenticate(rsOptions))
+
   // Expose session.userId
   app.use('/', (req, res, next) => {
     const userId = oidc.webIdFromClaims(req.claims)

lib/handlers/error-pages.js

@@ -31,6 +31,7 @@ function handler (err, req, res, next) {
   let statusCode = statusCodeFor(err, req, authMethod)
 
   if (statusCode === 401) {
+    debug(err, 'error:', err.error, 'desc:', err.error_description)
     setAuthenticateHeader(req, res, err)
   }
 

lib/requests/login-request.js

@@ -157,7 +157,7 @@ class LoginRequest extends AuthRequest {
   postLoginUrl (validUser) {
     let uri
 
-    if (this.authQueryParams['redirect_uri']) {
+    if (this.authQueryParams['client_id']) {
       // Login request is part of an app's auth flow
       uri = this.authorizeUrl()
     } else if (validUser) {

package.json

@@ -59,7 +59,7 @@
     "node-forge": "^0.6.38",
     "nodemailer": "^3.1.4",
     "nomnom": "^1.8.1",
-    "oidc-auth-manager": "^0.7.3",
+    "oidc-auth-manager": "^0.8.0",
     "oidc-op-express": "^0.0.3",
     "rdflib": "^0.15.0",
     "recursive-readdir": "^2.1.0",
@@ -80,6 +80,7 @@
     "x509": "^0.3.2"
   },
   "devDependencies": {
+    "@trust/oidc-op": "^0.3.0",
     "chai": "^3.5.0",
     "chai-as-promised": "^6.0.0",
     "dirty-chai": "^1.2.2",
@@ -92,9 +93,10 @@
     "proxyquire": "^1.7.10",
     "sinon": "^2.1.0",
     "sinon-chai": "^2.8.0",
-    "solid-auth-oidc": "^0.1.3",
+    "solid-auth-oidc": "^0.2.0",
     "standard": "^8.6.0",
-    "supertest": "^3.0.0"
+    "supertest": "^3.0.0",
+    "whatwg-url": "^6.1.0"
   },
   "main": "index.js",
   "scripts": {

test/integration/acl-oidc-test.js

@@ -2,24 +2,44 @@ const assert = require('chai').assert
 const fs = require('fs-extra')
 const request = require('request')
 const path = require('path')
-const rm = require('../utils').rm
-const nock = require('nock')
+const { loadProvider, rm } = require('../utils')
+const IDToken = require('@trust/oidc-op/src/IDToken')
 
 const ldnode = require('../../index')
 
 const port = 7777
 const serverUri = `https://localhost:7777`
 const rootPath = path.join(__dirname, '../resources/accounts-acl')
 const dbPath = path.join(rootPath, 'db')
+const oidcProviderPath = path.join(dbPath, 'oidc', 'op', 'provider.json')
 const configPath = path.join(rootPath, 'config')
 
 const user1 = 'https://tim.localhost:7777/profile/card#me'
 const timAccountUri = 'https://tim.localhost:7777'
 const user2 = 'https://nicola.localhost:7777/profile/card#me'
 
-const userCredentials = {
-  user1: 'eyJhbGciOiJSUzI1NiIsImtpZCI6IkFWUzVlZk5pRUVNIn0.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo3Nzc3Iiwic3ViIjoiaHR0cHM6Ly90aW0ubG9jYWxob3N0Ojc3NzcvcHJvZmlsZS9jYXJkI21lIiwiYXVkIjoiN2YxYmU5YWE0N2JiMTM3MmIzYmM3NWU5MWRhMzUyYjQiLCJleHAiOjc3OTkyMjkwMDksImlhdCI6MTQ5MjAyOTAwOSwianRpIjoiZWY3OGQwYjY3ZWRjNzJhMSIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUifQ.H9lxCbNc47SfIq3hhHnj48BE-YFnvhCfDH9Jc4PptApTEip8sVj0E_u704K_huhNuWBvuv3cDRDGYZM7CuLnzgJG1BI75nXR9PYAJPK9Ketua2KzIrftNoyKNamGqkoCKFafF4z_rsmtXQ5u1_60SgWRcouXMpcHnnDqINF1JpvS21xjE_LbJ6qgPEhu3rRKcv1hpRdW9dRvjtWb9xu84bAjlRuT02lyDBHgj2utxpE_uqCbj48qlee3GoqWpGkSS-vJ6JA0aWYgnyv8fQsxf9rpdFNzKRoQO6XYMy6niEKj8aKgxjaUlpoGGJ5XtVLHH8AGwjYXR8iznYzJvEcB7Q',
-  user2: 'eyJhbGciOiJSUzI1NiIsImtpZCI6IkFWUzVlZk5pRUVNIn0.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo3Nzc3Iiwic3ViIjoiaHR0cHM6Ly9uaWNvbGEubG9jYWxob3N0Ojc3NzcvcHJvZmlsZS9jYXJkI21lIiwiYXVkIjoiN2YxYmU5YWE0N2JiMTM3MmIzYmM3NWU5MWRhMzUyYjQiLCJleHAiOjc3OTkyMjkwMDksImlhdCI6MTQ5MjAyOTAwOSwianRpIjoiMmQwOTJlZGVkOWI5YTQ5ZSIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUifQ.qs-_pZPZZzaK_pIOQr-T3yMxVPo1Z5R-TwIi_a4Q4Arudu2s9VkoPmsfsCeVc22i6I1uLiaRe_9qROpXd-Oiy0dsMMEtqyQWcc0zxp3RYQs99sAi4pTPOsTjtJwsMRJp4n8nx_TWQ7mS1grZEdSLr53v-2QqTZXVW8cBu4vQ0slXWsKsuaySk-hCMnxk7vHj70uFpuKRjx4CBHkEWXooEyXgcmS8QR-d_peq8Ldkq1Bez4SAQ9sy_4UVaIWoLRqA7gr0Grh7OTHZNdYV_NJoH0mnbCuyS5N5YEI8QuUzuYlSNhgZ_cZ3j1uqw_fs8SIHFtWMghdnT2JdRKUFfn4-vA'
+let oidcProvider
+
+// To be initialized in the before() block
+let userCredentials = {
+  // idp: https://localhost:7777
+  // web id: https://tim.localhost:7777/profile/card#me
+  user1: '',
+  // web id: https://nicola.localhost:7777/profile/card#me
+  user2: ''
+}
+
+function issueIdToken (oidcProvider, webId) {
+  return Promise.resolve()
+    .then(() => {
+      let jwt = IDToken.issue(oidcProvider, {
+        sub: webId,
+        aud: [ serverUri, 'client123' ],
+        azp: 'client123'
+      })
+
+      return jwt.encode()
+    })
 }
 
 const argv = {
@@ -38,11 +58,28 @@ const argv = {
 }
 
 describe('ACL HTTP', function () {
-  var ldp, ldpHttpsServer
+  let ldp, ldpHttpsServer
 
   before(done => {
     ldp = ldnode.createServer(argv)
-    ldpHttpsServer = ldp.listen(port, done)
+
+    loadProvider(oidcProviderPath)
+      .then(provider => {
+        oidcProvider = provider
+
+        return Promise.all([
+          issueIdToken(oidcProvider, user1),
+          issueIdToken(oidcProvider, user2)
+        ])
+      })
+      .then(tokens => {
+        userCredentials.user1 = tokens[0]
+        userCredentials.user2 = tokens[1]
+      })
+      .then(() => {
+        ldpHttpsServer = ldp.listen(port, done)
+      })
+      .catch(console.error)
   })
 
   after(() => {

test/integration/authentication-oidc-test.js

@@ -8,8 +8,9 @@ const SolidAuthOIDC = require('solid-auth-oidc')
 const fetch = require('node-fetch')
 const localStorage = require('localstorage-memory')
 const url = require('url')
-const { URL } = url
+const URL = require('whatwg-url').URL
 global.URL = URL
+global.URLSearchParams = require('whatwg-url').URLSearchParams
 
 const supertest = require('supertest')
 const nock = require('nock')
@@ -358,7 +359,7 @@ describe('Authentication API (OIDC)', () => {
           expect(res.status).to.equal(401)
 
           expect(res.headers.get('www-authenticate'))
-            .to.equal(`Bearer realm="${bobServerUri}", scope="openid"`)
+            .to.equal(`Bearer realm="${bobServerUri}", scope="openid webid"`)
         })
     })
 
@@ -401,7 +402,9 @@ describe('Authentication API (OIDC)', () => {
           authParams.forEach((value, key) => {
             let hiddenField = `<input type="hidden" name="${key}" id="${key}" value="${value}" />`
 
-            expect(pageText).to.match(new RegExp(hiddenField))
+            let fieldRegex = new RegExp(hiddenField)
+
+            expect(pageText).to.match(fieldRegex)
 
             loginFormFields += `${key}=` + encodeURIComponent(value) + '&'
           })
@@ -448,15 +451,18 @@ describe('Authentication API (OIDC)', () => {
     it('should use id token from the callback uri to access shared resource', () => {
       auth.window.location.href = callbackUri
 
+      let protectedResourcePath = bobServerUri + '/shared-with-alice.txt'
+
       return auth.initUserFromResponse(auth.currentClient)
         .then(webId => {
           expect(webId).to.equal(aliceWebId)
 
-          let idToken = auth.idToken
-
-          return fetch(bobServerUri + '/shared-with-alice.txt', {
+          return auth.issuePoPTokenFor(bobServerUri, auth.session)
+        })
+        .then(popToken => {
+          return fetch(protectedResourcePath, {
             headers: {
-              'Authorization': 'Bearer ' + idToken
+              'Authorization': 'Bearer ' + popToken
             }
           })
         })

test/integration/errors-oidc-test.js

@@ -87,7 +87,7 @@ describe('OIDC error handling', function () {
       it('should return a 401 error', () => {
         return server.get('/profile/')
           .set('Authorization', 'Bearer ' + expiredToken)
-          .expect('WWW-Authenticate', 'Bearer realm="https://localhost:3457", scope="openid webid", error="invalid_token", error_description="Access token is expired."')
+          .expect('WWW-Authenticate', 'Bearer realm="https://localhost:3457", scope="openid webid", error="invalid_token", error_description="Access token is expired"')
           .expect(401)
       })
     })

test/resources/accounts-acl/db/oidc/op/provider.json

@@ -43,10 +43,10 @@
   "claim_types_supported": [
     "normal"
   ],
-  "claims_supported": "",
+  "claims_supported": [],
   "claims_parameter_supported": false,
-  "request_parameter_supported": false,
-  "request_uri_parameter_supported": true,
+  "request_parameter_supported": true,
+  "request_uri_parameter_supported": false,
   "require_request_uri_registration": false,
   "check_session_iframe": "https://localhost:7777/session",
   "end_session_endpoint": "https://localhost:7777/logout",

test/resources/accounts-acl/db/oidc/rp/clients/_key_https%3A%2F%2Flocalhost%3A7777.json

@@ -1 +1 @@
-{"provider":{"url":"https://localhost:7777","configuration":{"issuer":"https://localhost:7777","authorization_endpoint":"https://localhost:7777/authorize","token_endpoint":"https://localhost:7777/token","userinfo_endpoint":"https://localhost:7777/userinfo","jwks_uri":"https://localhost:7777/jwks","registration_endpoint":"https://localhost:7777/register","response_types_supported":["code","code token","code id_token","id_token","id_token token","code id_token token","none"],"response_modes_supported":["query","fragment"],"grant_types_supported":["authorization_code","implicit","refresh_token","client_credentials"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256","RS384","RS512","none"],"token_endpoint_auth_methods_supported":["client_secret_basic"],"token_endpoint_auth_signing_alg_values_supported":["RS256"],"display_values_supported":[],"claim_types_supported":["normal"],"claims_supported":"","claims_parameter_supported":false,"request_parameter_supported":false,"request_uri_parameter_supported":true,"require_request_uri_registration":false,"check_session_iframe":"https://localhost:7777/session","end_session_endpoint":"https://localhost:7777/logout"},"jwks":{"keys":[{"kid":"ohtdSKLCdYs","kty":"RSA","alg":"RS256","n":"sxljNM34KhyDZIXX6mjR0GIbs8Z_IzeBfoFDlkxhdf2Tigl_mCZEnc88fBp619e4l3D_t5GfyR0ZWQuhmCUTY8AJuKqdyuV_jU59nvut_izKydgNxBHGeFMd9abG-PTuq6iE3qEyr8A04KAsZZh2Zact5i6Xvb6N1GB4HDMU3LUAcUwkB6QhCpC4BPzwrTQ8DJZEz1O-_cZj9Y60gFvEo1NCLY6ZppYCfI5wqQhaQJ3jsG0TM03w4w2mcWALrIRoCrt-FIVqKHlKaeiioQALlj3Hdv38hljZtO7FykPqZE4N0nn7T1KQyj2LNCYDU_-ibTwdWm9yagdGuEWPCGvVnw","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"gI5JLLhVFG8","kty":"RSA","alg":"RS384","n":"1LvKSpE6v2nhiIdErilavuIRu7aFc3Sej72jtDYAZze6R4dl3-nNnuaNBj8dD3PU16ZD8HQrLKTV6W77udl2yAjar-ZcVpItf7VUX_dCQsRehe7LVC_NgiBVFz88JI_rFF3F2WLC4rIXujv5XdG2v7UyV-KAODrPgY5-jfDJOv11_Klrrpekrtlk98STu71HJYTQR9CzQnMtxBVCOXOIVPVaexnV6gKBSrRtgKHqJxt8FRU3j6xYBwAdeDZaUyeHyUAz2oZkEHmNxoxEj-6yqaTf53AEf3EKbzYHCr4puRJx3H05ZLHkRoUG8utl7CxDsSQPDbwnk2jPufFSmPvR2Q","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"1ZHTLTyLbQs","kty":"RSA","alg":"RS512","n":"uXwK4QaRFmscFO4Sa5nKr5PwL2mWBL9e-omB2cCqqB2V6e7VHq5A_ybEFKXcXDGJKxxc2fHo_PNclUAqIr9Qa98nkQt0bd_F2QxtCqPc-3WcUoe3s3TIVNIOWwp93OAlabBkuNfb7dxnpUjYeGzIs-G7EPhON_5x0h2sC0r3v3Ev_J1mwrR3z9tpUzaODqmI2LKdc3Tu9Ha09CWzb4uRTXC4eVIJoEMxOelvxn6l8CMWLuv2XPaw-pMv33WK4QKfmnwJWO5TLvF2SaYR31oEL3GeG-SwIFTek1xX3cdeNljqsYCzHGHd4PxSqJGI3BPqn55FPCbdx46ZMmlOz_ImFw","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"AVS5efNiEEM","kty":"RSA","alg":"RS256","n":"tQxTzwMoSCCRkiNUyp7CABfMZn8LU56axO31ErnW9qDZ4uuPdSO96nqHBU2JoMbnUjFQ9hufAt3UJPHDDD8kNoOOgEZb-CWnb_349oHb8bn7aIOpX1peukndSJ6Nt8SBvbARkb4ErI2b7V9588R8kPwVdW65BAK4ub1lc4EewKJWv4nVIvtp9m_qlohV321rru573hS3BI5qOX2NY1m_Abz4sBGqJVR1o95MqR2IYUeCSORPj34GSdHNUipMVJrouI7LAoO9dNhCu1q8Efy-Sn1YuCgEyTy_AMDuVgBgf1AHssXRymbE6A_IKys2ZxYZPYAUZflyffdUX9qmhtACaQ","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"ZVFUPkFyy18","kty":"RSA","alg":"RS384","n":"q1VCGGAL3arQ5tG9vMefKaHC9EXJLlJYu7Lgk_8RBPKJ8yejiTkU7xRWwJowK9kLsyYTHvCsJlGc-phNyEAE58QoqmQGePbr80H_q-7fF3H85UsQ5XFg2A06KQYT3dLn57Qzsf-qlJKwrVR3Rrz1XoxYY-IgEHPad86xW5PlwPKiNY1ZaWsOjdeBccsgfCeG5tn13a3GY5BoX90w7b8ly_BsL904-_Yeog_deesQ39oE_XKpORBnDxvUjFtPJIpaPMCHEqAKiVXH_dZrcGUevs9xvDl2Odiku7pUam3atzNQENKwB9HMDjATVdYZfelF9cllDVAUXKFHMenwqoV7PQ","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"mROehy7CZO4","kty":"RSA","alg":"RS512","n":"xq5YLUgQU82zwNtjw6xTbkAxpTp56_lnLy33srWPlZeFypbT8p2hC-918Vn08j-NuvzUeqarFLv7xBUZWrV2ilho_IYQWBZdMYCraBtDoLglctJtb6RzRG7rF0KsiyxsTwLCZ5UwcGpc_ZIrcDTRkmHvgqfA-KKpK_hIAwGC7rwNPDK0E26vuiaH85wnanQaWfdHzHFPW-cUWFbmjOZIQh0XHQSPnjE2JYX7rWWKga_8Oq7CUF_ArEF-8qTGL59GwS4OFcilvwyb53ANHy2bOEidRZCGQo6Kh2EjyjBHNB_YAiOLwfeTstb0fbDfWbfmdO3lW_-lBuGnQMPY5ukG5w","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"it1Z6EDEV5g","kty":"RSA","alg":"RS256","n":"xZgfW761Mad1PHSOINv6kU13aiueEn19Ko3CR5EiuyuO5v8uJMfV24Mg8JTOxq9GuLIzte4CMg-5kFxQVopkqYZ8TP3eHAW6kWbh4j-C3I8vUJiA6LWGblFUsMg_sWvjwMPK4oF2bNeqGSVXSOtg3PMuBdV5wB4IBDikTovgSSbQ2gfgkEil94jOh0_bjzDXMDH6dv8Ong2Fj_bfWUg3MKcm6yVTCwCfqlfgNpcEqm6m3SVVpQRVxvlbsPmBt61w3QgOwC68rTD1BRVsH_DyL8DVsQKsg3PAbKqqNY0HM5YS9VPdFFxKYHiX7hZuNmtcPWDStxWSQNrvn4aaw5Xi5w","e":"AQAB","key_ops":["verify"],"ext":true}]}},"defaults":{"authenticate":{"response_type":"id_token token","display":"page","scope":["openid"]}},"registration":{"client_id":"7f1be9aa47bb1372b3bc75e91da352b4","client_secret":"c48b13e77bd58f8d7208f34cde22e898","redirect_uris":["https://localhost:7777/api/oidc/rp/https%3A%2F%2Flocalhost%3A7777"],"response_types":["code","id_token token","code id_token token"],"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"application_type":"web","client_name":"Solid OIDC RP for https://localhost:7777","id_token_signed_response_alg":"RS256","token_endpoint_auth_method":"client_secret_basic","default_max_age":86400,"post_logout_redirect_uris":["https://localhost:7777/goodbye"],"frontchannel_logout_session_required":false,"registration_access_token":"eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo3Nzc3Iiwic3ViIjoiN2YxYmU5YWE0N2JiMTM3MmIzYmM3NWU5MWRhMzUyYjQiLCJhdWQiOiI3ZjFiZTlhYTQ3YmIxMzcyYjNiYzc1ZTkxZGEzNTJiNCJ9.DNCfFeM-NyvWuZHQNJlVl8gFJaRh0vOZgoUX-88sGeFR0k9KS9poySBX8hNuZ3Lrnx-_A98dH1HbVijXHSC8pn4y1Lzmh-cnM-p8u5NWGxNuZt1uLHj8hdNJW7iY4cIFvCfKq3-eblDVbyTDfIJBGPq5x0kVZ2GC1M6Qo4mufNGiHncZ_QiZDW4l9VRM6mzZ0exoiHU00YwIUaa9rGepOefPuoEqOCE7RIxUrdc3Mwa_qgyDbJj3XO58r9JHMQYP9mcweTvLV9mth-B-Azo0kp4pC4TZSEb-5VPRnDgQME-boxDJIbsNP4LfgNSWqHhp5ZLuz2AzJJVsZH8-qbGPkA","registration_client_uri":"https://localhost:7777/register/7f1be9aa47bb1372b3bc75e91da352b4","client_id_issued_at":1491941281,"client_secret_expires_at":0}}
+{"provider":{"url":"https://localhost:7777","configuration":{"issuer":"https://localhost:7777","authorization_endpoint":"https://localhost:7777/authorize","token_endpoint":"https://localhost:7777/token","userinfo_endpoint":"https://localhost:7777/userinfo","jwks_uri":"https://localhost:7777/jwks","registration_endpoint":"https://localhost:7777/register","response_types_supported":["code","code token","code id_token","id_token","id_token token","code id_token token","none"],"response_modes_supported":["query","fragment"],"grant_types_supported":["authorization_code","implicit","refresh_token","client_credentials"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256","RS384","RS512","none"],"token_endpoint_auth_methods_supported":["client_secret_basic"],"token_endpoint_auth_signing_alg_values_supported":["RS256"],"display_values_supported":[],"claim_types_supported":["normal"],"claims_supported":[],"claims_parameter_supported":false,"request_parameter_supported":true,"request_uri_parameter_supported":false,"require_request_uri_registration":false,"check_session_iframe":"https://localhost:7777/session","end_session_endpoint":"https://localhost:7777/logout"},"jwks":{"keys":[{"kid":"ohtdSKLCdYs","kty":"RSA","alg":"RS256","n":"sxljNM34KhyDZIXX6mjR0GIbs8Z_IzeBfoFDlkxhdf2Tigl_mCZEnc88fBp619e4l3D_t5GfyR0ZWQuhmCUTY8AJuKqdyuV_jU59nvut_izKydgNxBHGeFMd9abG-PTuq6iE3qEyr8A04KAsZZh2Zact5i6Xvb6N1GB4HDMU3LUAcUwkB6QhCpC4BPzwrTQ8DJZEz1O-_cZj9Y60gFvEo1NCLY6ZppYCfI5wqQhaQJ3jsG0TM03w4w2mcWALrIRoCrt-FIVqKHlKaeiioQALlj3Hdv38hljZtO7FykPqZE4N0nn7T1KQyj2LNCYDU_-ibTwdWm9yagdGuEWPCGvVnw","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"gI5JLLhVFG8","kty":"RSA","alg":"RS384","n":"1LvKSpE6v2nhiIdErilavuIRu7aFc3Sej72jtDYAZze6R4dl3-nNnuaNBj8dD3PU16ZD8HQrLKTV6W77udl2yAjar-ZcVpItf7VUX_dCQsRehe7LVC_NgiBVFz88JI_rFF3F2WLC4rIXujv5XdG2v7UyV-KAODrPgY5-jfDJOv11_Klrrpekrtlk98STu71HJYTQR9CzQnMtxBVCOXOIVPVaexnV6gKBSrRtgKHqJxt8FRU3j6xYBwAdeDZaUyeHyUAz2oZkEHmNxoxEj-6yqaTf53AEf3EKbzYHCr4puRJx3H05ZLHkRoUG8utl7CxDsSQPDbwnk2jPufFSmPvR2Q","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"1ZHTLTyLbQs","kty":"RSA","alg":"RS512","n":"uXwK4QaRFmscFO4Sa5nKr5PwL2mWBL9e-omB2cCqqB2V6e7VHq5A_ybEFKXcXDGJKxxc2fHo_PNclUAqIr9Qa98nkQt0bd_F2QxtCqPc-3WcUoe3s3TIVNIOWwp93OAlabBkuNfb7dxnpUjYeGzIs-G7EPhON_5x0h2sC0r3v3Ev_J1mwrR3z9tpUzaODqmI2LKdc3Tu9Ha09CWzb4uRTXC4eVIJoEMxOelvxn6l8CMWLuv2XPaw-pMv33WK4QKfmnwJWO5TLvF2SaYR31oEL3GeG-SwIFTek1xX3cdeNljqsYCzHGHd4PxSqJGI3BPqn55FPCbdx46ZMmlOz_ImFw","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"AVS5efNiEEM","kty":"RSA","alg":"RS256","n":"tQxTzwMoSCCRkiNUyp7CABfMZn8LU56axO31ErnW9qDZ4uuPdSO96nqHBU2JoMbnUjFQ9hufAt3UJPHDDD8kNoOOgEZb-CWnb_349oHb8bn7aIOpX1peukndSJ6Nt8SBvbARkb4ErI2b7V9588R8kPwVdW65BAK4ub1lc4EewKJWv4nVIvtp9m_qlohV321rru573hS3BI5qOX2NY1m_Abz4sBGqJVR1o95MqR2IYUeCSORPj34GSdHNUipMVJrouI7LAoO9dNhCu1q8Efy-Sn1YuCgEyTy_AMDuVgBgf1AHssXRymbE6A_IKys2ZxYZPYAUZflyffdUX9qmhtACaQ","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"ZVFUPkFyy18","kty":"RSA","alg":"RS384","n":"q1VCGGAL3arQ5tG9vMefKaHC9EXJLlJYu7Lgk_8RBPKJ8yejiTkU7xRWwJowK9kLsyYTHvCsJlGc-phNyEAE58QoqmQGePbr80H_q-7fF3H85UsQ5XFg2A06KQYT3dLn57Qzsf-qlJKwrVR3Rrz1XoxYY-IgEHPad86xW5PlwPKiNY1ZaWsOjdeBccsgfCeG5tn13a3GY5BoX90w7b8ly_BsL904-_Yeog_deesQ39oE_XKpORBnDxvUjFtPJIpaPMCHEqAKiVXH_dZrcGUevs9xvDl2Odiku7pUam3atzNQENKwB9HMDjATVdYZfelF9cllDVAUXKFHMenwqoV7PQ","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"mROehy7CZO4","kty":"RSA","alg":"RS512","n":"xq5YLUgQU82zwNtjw6xTbkAxpTp56_lnLy33srWPlZeFypbT8p2hC-918Vn08j-NuvzUeqarFLv7xBUZWrV2ilho_IYQWBZdMYCraBtDoLglctJtb6RzRG7rF0KsiyxsTwLCZ5UwcGpc_ZIrcDTRkmHvgqfA-KKpK_hIAwGC7rwNPDK0E26vuiaH85wnanQaWfdHzHFPW-cUWFbmjOZIQh0XHQSPnjE2JYX7rWWKga_8Oq7CUF_ArEF-8qTGL59GwS4OFcilvwyb53ANHy2bOEidRZCGQo6Kh2EjyjBHNB_YAiOLwfeTstb0fbDfWbfmdO3lW_-lBuGnQMPY5ukG5w","e":"AQAB","key_ops":["verify"],"ext":true},{"kid":"it1Z6EDEV5g","kty":"RSA","alg":"RS256","n":"xZgfW761Mad1PHSOINv6kU13aiueEn19Ko3CR5EiuyuO5v8uJMfV24Mg8JTOxq9GuLIzte4CMg-5kFxQVopkqYZ8TP3eHAW6kWbh4j-C3I8vUJiA6LWGblFUsMg_sWvjwMPK4oF2bNeqGSVXSOtg3PMuBdV5wB4IBDikTovgSSbQ2gfgkEil94jOh0_bjzDXMDH6dv8Ong2Fj_bfWUg3MKcm6yVTCwCfqlfgNpcEqm6m3SVVpQRVxvlbsPmBt61w3QgOwC68rTD1BRVsH_DyL8DVsQKsg3PAbKqqNY0HM5YS9VPdFFxKYHiX7hZuNmtcPWDStxWSQNrvn4aaw5Xi5w","e":"AQAB","key_ops":["verify"],"ext":true}]}},"defaults":{"authenticate":{"response_type":"id_token token","display":"page","scope":["openid"]}},"registration":{"client_id":"7f1be9aa47bb1372b3bc75e91da352b4","client_secret":"c48b13e77bd58f8d7208f34cde22e898","redirect_uris":["https://localhost:7777/api/oidc/rp/https%3A%2F%2Flocalhost%3A7777"],"response_types":["code","id_token token","code id_token token"],"grant_types":["authorization_code","implicit","refresh_token","client_credentials"],"application_type":"web","client_name":"Solid OIDC RP for https://localhost:7777","id_token_signed_response_alg":"RS256","token_endpoint_auth_method":"client_secret_basic","default_max_age":86400,"post_logout_redirect_uris":["https://localhost:7777/goodbye"],"frontchannel_logout_session_required":false,"registration_access_token":"eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo3Nzc3Iiwic3ViIjoiN2YxYmU5YWE0N2JiMTM3MmIzYmM3NWU5MWRhMzUyYjQiLCJhdWQiOiI3ZjFiZTlhYTQ3YmIxMzcyYjNiYzc1ZTkxZGEzNTJiNCJ9.DNCfFeM-NyvWuZHQNJlVl8gFJaRh0vOZgoUX-88sGeFR0k9KS9poySBX8hNuZ3Lrnx-_A98dH1HbVijXHSC8pn4y1Lzmh-cnM-p8u5NWGxNuZt1uLHj8hdNJW7iY4cIFvCfKq3-eblDVbyTDfIJBGPq5x0kVZ2GC1M6Qo4mufNGiHncZ_QiZDW4l9VRM6mzZ0exoiHU00YwIUaa9rGepOefPuoEqOCE7RIxUrdc3Mwa_qgyDbJj3XO58r9JHMQYP9mcweTvLV9mth-B-Azo0kp4pC4TZSEb-5VPRnDgQME-boxDJIbsNP4LfgNSWqHhp5ZLuz2AzJJVsZH8-qbGPkA","registration_client_uri":"https://localhost:7777/register/7f1be9aa47bb1372b3bc75e91da352b4","client_id_issued_at":1491941281,"client_secret_expires_at":0}}