panva/all pass.txt Secret

## all pass.txt
✓ ID Token rp-id_token-bad-sig-rs256 @code-basic: 2368ms
✓ ID Token rp-id_token-bad-sig-rs256 @id_token-implicit: 1925ms
✓ ID Token rp-id_token-bad-sig-rs256 @id_token+token-implicit: 1882ms
✓ ID Token rp-id_token-bad-sig-rs256 @code+id_token-hybrid: 1889ms
✓ ID Token rp-id_token-bad-sig-rs256 @code+token-hybrid: 2364ms
✓ ID Token rp-id_token-bad-sig-rs256 @code+id_token+token-hybrid: 1893ms
✓ nonce Request Parameter rp-nonce-unless-code-flow @id_token-implicit: 1898ms
✓ nonce Request Parameter rp-nonce-unless-code-flow @id_token+token-implicit: 1860ms
✓ nonce Request Parameter rp-nonce-unless-code-flow @code+id_token-hybrid: 2350ms
✓ nonce Request Parameter rp-nonce-unless-code-flow @code+token-hybrid: 2332ms
✓ nonce Request Parameter rp-nonce-unless-code-flow @code+id_token+token-hybrid: 2348ms

11 passing (25s)

## rp-id_token-bad-sig-rs256.js
function reject() {
  throw new Error('expected a rejection');
}

describe('rp-id_token-bad-sig-rs256', function () { // < test framework
  // test will be executed for all relevant profiles with their respective response_type
  forEach({
    '@code-basic': 'code',
    '@id_token-implicit': 'id_token',
    '@id_token+token-implicit': 'id_token token',
    '@code+id_token-hybrid': 'code id_token',
    '@code+token-hybrid': 'code token',
    '@code+id_token+token-hybrid': 'code id_token token',
  }, (response_type, profile) => {
    it(profile, async function () { // < test framework, failed assertions and uncaught errors will fail the test

      // setup phase
      const { client } = await register('rp-id_token-bad-sig-rs256', { id_token_signed_response_alg: 'RS256' }); // < discovery + dynamic registration wrapper
      assert.equal(client.id_token_signed_response_alg, 'RS256'); // < assert the registration outcome, client will be expecting RS256 id token sigs
      const nonce = String(Math.random());
      const authorization = await got(client.authorizationUrl({ redirect_uri, nonce, response_type }), noFollow); // < http request to the authorization
      const params = client.callbackParams(authorization.headers.location.replace('#', '?')); // < use the location header to extract the callback parameters

      // assertion phase
      try {
        await client.authorizationCallback(redirect_uri, params, { nonce });
        reject(); // < in case previous statement does not throw/reject
      } catch (err) {
        assert.equal(err.message, 'invalid signature'); // < assert the error message
      }
    });
  });
});

## rp-nonce-unless-code-flow.js
describe('rp-nonce-unless-code-flow', function () { // < test framework, failed assertions and uncaught errors will fail the test
  forEach({
    '@id_token-implicit': 'id_token',
    '@id_token+token-implicit': 'id_token token',
    '@code+id_token-hybrid': 'code id_token',
    '@code+token-hybrid': 'code token',
    '@code+id_token+token-hybrid': 'code id_token token',
  }, (response_type, profile) => {
    it(profile, async function () { // < test framework
      const { client } = await register('rp-nonce-unless-code-flow', { }); // < discovery + dynamic registration wrapper
      const nonce = String(Math.random());
      const authorization = await got(client.authorizationUrl({ nonce, redirect_uri, response_type }), noFollow);
      const params = client.callbackParams(authorization.headers.location.replace('#', '?'));
      const tokens = await client.authorizationCallback(redirect_uri, params, { nonce });
      assert(tokens); // < assert the result presence
    });
  });
});

## specific fail.txt
1) ID Token rp-id_token-bad-sig-rs256 @code-basic
✓ ID Token rp-id_token-bad-sig-rs256 @id_token-implicit: 1925ms
✓ ID Token rp-id_token-bad-sig-rs256 @id_token+token-implicit: 1882ms
✓ ID Token rp-id_token-bad-sig-rs256 @code+id_token-hybrid: 1889ms
✓ ID Token rp-id_token-bad-sig-rs256 @code+token-hybrid: 2364ms
✓ ID Token rp-id_token-bad-sig-rs256 @code+id_token+token-hybrid: 1893ms
✓ nonce Request Parameter rp-nonce-unless-code-flow @id_token-implicit: 1898ms
2) nonce Request Parameter rp-nonce-unless-code-flow @id_token+token-implicit
✓ nonce Request Parameter rp-nonce-unless-code-flow @code+id_token-hybrid: 2350ms
✓ nonce Request Parameter rp-nonce-unless-code-flow @code+token-hybrid: 2332ms
✓ nonce Request Parameter rp-nonce-unless-code-flow @code+id_token+token-hybrid: 2348ms

9 passing (25s)
2 failing

1) ID Token rp-id_token-bad-sig-rs256 @code-basic:

    AssertionError: 'invalid signature' == 'expected a rejection'
    + expected - actual

    -expected a rejection
    +invalid signature

2) nonce Request Parameter rp-nonce-unless-code-flow @id_token+token-implicit:

    AssertionError: true == undefined
    + expected - actual

    -undefined
    +true


npm ERR! Test failed.  See above for more details.
	✓ ID Token rp-id_token-bad-sig-rs256 @code-basic: 2368ms
	✓ ID Token rp-id_token-bad-sig-rs256 @id_token-implicit: 1925ms
	✓ ID Token rp-id_token-bad-sig-rs256 @id_token+token-implicit: 1882ms
	✓ ID Token rp-id_token-bad-sig-rs256 @code+id_token-hybrid: 1889ms
	✓ ID Token rp-id_token-bad-sig-rs256 @code+token-hybrid: 2364ms
	✓ ID Token rp-id_token-bad-sig-rs256 @code+id_token+token-hybrid: 1893ms
	✓ nonce Request Parameter rp-nonce-unless-code-flow @id_token-implicit: 1898ms
	✓ nonce Request Parameter rp-nonce-unless-code-flow @id_token+token-implicit: 1860ms
	✓ nonce Request Parameter rp-nonce-unless-code-flow @code+id_token-hybrid: 2350ms
	✓ nonce Request Parameter rp-nonce-unless-code-flow @code+token-hybrid: 2332ms
	✓ nonce Request Parameter rp-nonce-unless-code-flow @code+id_token+token-hybrid: 2348ms

	11 passing (25s)
	function reject() {
	throw new Error('expected a rejection');
	}

	describe('rp-id_token-bad-sig-rs256', function () { // < test framework
	// test will be executed for all relevant profiles with their respective response_type
	forEach({
	'@code-basic': 'code',
	'@id_token-implicit': 'id_token',
	'@id_token+token-implicit': 'id_token token',
	'@code+id_token-hybrid': 'code id_token',
	'@code+token-hybrid': 'code token',
	'@code+id_token+token-hybrid': 'code id_token token',
	}, (response_type, profile) => {
	it(profile, async function () { // < test framework, failed assertions and uncaught errors will fail the test

	// setup phase
	const { client } = await register('rp-id_token-bad-sig-rs256', { id_token_signed_response_alg: 'RS256' }); // < discovery + dynamic registration wrapper
	assert.equal(client.id_token_signed_response_alg, 'RS256'); // < assert the registration outcome, client will be expecting RS256 id token sigs
	const nonce = String(Math.random());
	const authorization = await got(client.authorizationUrl({ redirect_uri, nonce, response_type }), noFollow); // < http request to the authorization
	const params = client.callbackParams(authorization.headers.location.replace('#', '?')); // < use the location header to extract the callback parameters

	// assertion phase
	try {
	await client.authorizationCallback(redirect_uri, params, { nonce });
	reject(); // < in case previous statement does not throw/reject
	} catch (err) {
	assert.equal(err.message, 'invalid signature'); // < assert the error message
	}
	});
	});
	});
	describe('rp-nonce-unless-code-flow', function () { // < test framework, failed assertions and uncaught errors will fail the test
	forEach({
	'@id_token-implicit': 'id_token',
	'@id_token+token-implicit': 'id_token token',
	'@code+id_token-hybrid': 'code id_token',
	'@code+token-hybrid': 'code token',
	'@code+id_token+token-hybrid': 'code id_token token',
	}, (response_type, profile) => {
	it(profile, async function () { // < test framework
	const { client } = await register('rp-nonce-unless-code-flow', { }); // < discovery + dynamic registration wrapper
	const nonce = String(Math.random());
	const authorization = await got(client.authorizationUrl({ nonce, redirect_uri, response_type }), noFollow);
	const params = client.callbackParams(authorization.headers.location.replace('#', '?'));
	const tokens = await client.authorizationCallback(redirect_uri, params, { nonce });
	assert(tokens); // < assert the result presence
	});
	});
	});
	1) ID Token rp-id_token-bad-sig-rs256 @code-basic
	✓ ID Token rp-id_token-bad-sig-rs256 @id_token-implicit: 1925ms
	✓ ID Token rp-id_token-bad-sig-rs256 @id_token+token-implicit: 1882ms
	✓ ID Token rp-id_token-bad-sig-rs256 @code+id_token-hybrid: 1889ms
	✓ ID Token rp-id_token-bad-sig-rs256 @code+token-hybrid: 2364ms
	✓ ID Token rp-id_token-bad-sig-rs256 @code+id_token+token-hybrid: 1893ms
	✓ nonce Request Parameter rp-nonce-unless-code-flow @id_token-implicit: 1898ms
	2) nonce Request Parameter rp-nonce-unless-code-flow @id_token+token-implicit
	✓ nonce Request Parameter rp-nonce-unless-code-flow @code+id_token-hybrid: 2350ms
	✓ nonce Request Parameter rp-nonce-unless-code-flow @code+token-hybrid: 2332ms
	✓ nonce Request Parameter rp-nonce-unless-code-flow @code+id_token+token-hybrid: 2348ms

	9 passing (25s)
	2 failing

	1) ID Token rp-id_token-bad-sig-rs256 @code-basic:

	AssertionError: 'invalid signature' == 'expected a rejection'
	+ expected - actual

	-expected a rejection
	+invalid signature

	2) nonce Request Parameter rp-nonce-unless-code-flow @id_token+token-implicit:

	AssertionError: true == undefined
	+ expected - actual

	-undefined
	+true



	npm ERR! Test failed. See above for more details.