Example flask_op error: ERR_INVALID_REDIRECT

[AkanshDivker]

Receiving an ERR_INVALID_REDIRECT on https://127.0.0.1:5000/verify/user when trying to login with the flask_op example project. Based on the debug log, seems to be related to cookie error?

2022-12-08 09:33:07,680 root DEBUG Configured logging using dictionary
2022-12-08 09:33:07,760 oidcop.oidc.add_on.custom_scopes WARNING The custom_scopes add on is deprecated. The `scopes_to_claims` config option should be used instead.
2022-12-08 09:33:07,776 werkzeug INFO WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
 * Running on https://127.0.0.1:5000
2022-12-08 09:33:07,776 werkzeug INFO Press CTRL+C to quit
2022-12-08 09:33:07,778 werkzeug INFO  * Restarting with stat
2022-12-08 09:33:08,257 root DEBUG Configured logging using dictionary
2022-12-08 09:33:08,335 oidcop.oidc.add_on.custom_scopes WARNING The custom_scopes add on is deprecated. The `scopes_to_claims` config option should be used instead.
2022-12-08 09:33:08,348 werkzeug WARNING  * Debugger is active!
2022-12-08 09:33:08,351 werkzeug INFO  * Debugger PIN: 887-454-030
2022-12-08 09:34:00,436 oidcmsg.configure INFO At the "provider_config" endpoint
2022-12-08 09:34:00,437 oidcmsg.configure INFO request: {}
2022-12-08 09:34:00,437 oidcmsg.configure INFO Response args: {'response_args': {'subject_types_supported': ['public', 'pairwise'], 'grant_types_supported': ['authorization_code', 'implicit', 'urn:ietf:params:oauth:grant-type:jwt-bearer', 'refresh_token'], 'request_object_signing_alg_values_supported': ['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512', 'PS256', 'PS384', 'PS512'], 'registration_endpoint': 'https://127.0.0.1:5000/registration', 'introspection_endpoint': 'https://127.0.0.1:5000/introspection', 'claims_parameter_supported': True, 'request_parameter_supported': True, 'request_uri_parameter_supported': True, 'response_types_supported': ['code', 'token', 'id_token', 'code token', 'code id_token', 'id_token token', 'code id_token token', 'none'], 'response_modes_supported': ['query', 'fragment', 'form_post'], 'request_object_encryption_alg_values_supported': ['RSA-OAEP', 'RSA-OAEP-256', 'A128KW', 'A192KW', 'A256KW', 'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW'], 'request_object_encryption_enc_values_supported': ['A128CBC-HS256', 'A192CBC-HS384', 'A256CBC-HS512', 'A128GCM', 'A192GCM', 'A256GCM'], 'claim_types_supported': ['normal', 'aggregated', 'distributed'], 'authorization_endpoint': 'https://127.0.0.1:5000/authorization', 'token_endpoint_auth_signing_alg_values_supported': ['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512', 'PS256', 'PS384', 'PS512'], 'token_endpoint_auth_methods_supported': ['client_secret_post', 'client_secret_basic', 'client_secret_jwt', 'private_key_jwt'], 'token_endpoint': 'https://127.0.0.1:5000/token', 'userinfo_signing_alg_values_supported': ['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512', 'PS256', 'PS384', 'PS512'], 'userinfo_encryption_alg_values_supported': ['RSA-OAEP', 'RSA-OAEP-256', 'A128KW', 'A192KW', 'A256KW', 'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW'], 'userinfo_encryption_enc_values_supported': ['A128CBC-HS256', 'A192CBC-HS384', 'A256CBC-HS512', 'A128GCM', 'A192GCM', 'A256GCM'], 'client_authn_method': ['bearer_header', 'bearer_body'], 'userinfo_endpoint': 'https://127.0.0.1:5000/userinfo', 'frontchannel_logout_supported': True, 'frontchannel_logout_session_supported': True, 'backchannel_logout_supported': True, 'backchannel_logout_session_supported': True, 'check_session_iframe': 'https://127.0.0.1:5000/check_session_iframe', 'end_session_endpoint': 'https://127.0.0.1:5000/session', 'issuer': 'https://127.0.0.1:5000', 'version': '3.0', 'acr_values_supported': ['urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword'], 'jwks_uri': 'https://127.0.0.1:5000/static/jwks.json', 'scopes_supported': ['phone', 'email', 'openid', 'research_and_scholarship', 'profile', 'address', 'offline_access'], 'claims_supported': ['name', 'birthdate', 'given_name', 'updated_at', 'eduperson_scoped_affiliation', 'middle_name', 'gender', 'phone_number_verified', 'sub', 'family_name', 'zoneinfo', 'nickname', 'iss', 'email', 'website', 'phone_number', 'preferred_username', 'profile', 'locale', 'picture', 'address', 'email_verified'], 'id_token_signing_alg_values_supported': ['RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512', 'PS256', 'PS384', 'PS512'], 'id_token_encryption_alg_values_supported': ['RSA-OAEP', 'RSA-OAEP-256', 'A128KW', 'A192KW', 'A256KW', 'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW'], 'id_token_encryption_enc_values_supported': ['A128CBC-HS256', 'A192CBC-HS384', 'A256CBC-HS512', 'A128GCM', 'A192GCM', 'A256GCM']}}
2022-12-08 09:34:00,438 oidcmsg.configure DEBUG do_response: {'response': '{"version": "3.0", "token_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt"], "claims_parameter_supported": true, "request_parameter_supported": true, "request_uri_parameter_supported": true, "require_request_uri_registration": true, "grant_types_supported": ["authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer", "refresh_token"], "subject_types_supported": ["public", "pairwise"], "request_object_signing_alg_values_supported": ["RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512"], "registration_endpoint": "https://127.0.0.1:5000/registration", "introspection_endpoint": "https://127.0.0.1:5000/introspection", "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token", "code id_token token", "none"], "response_modes_supported": ["query", "fragment", "form_post"], "request_object_encryption_alg_values_supported": ["RSA-OAEP", "RSA-OAEP-256", "A128KW", "A192KW", "A256KW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW"], "request_object_encryption_enc_values_supported": ["A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM"], "claim_types_supported": ["normal", "aggregated", "distributed"], "authorization_endpoint": "https://127.0.0.1:5000/authorization", "token_endpoint_auth_signing_alg_values_supported": ["RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512"], "token_endpoint": "https://127.0.0.1:5000/token", "userinfo_signing_alg_values_supported": ["RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512"], "userinfo_encryption_alg_values_supported": ["RSA-OAEP", "RSA-OAEP-256", "A128KW", "A192KW", "A256KW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW"], "userinfo_encryption_enc_values_supported": ["A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM"], "client_authn_method": ["bearer_header", "bearer_body"], "userinfo_endpoint": "https://127.0.0.1:5000/userinfo", "frontchannel_logout_supported": true, "frontchannel_logout_session_supported": true, "backchannel_logout_supported": true, "backchannel_logout_session_supported": true, "check_session_iframe": "https://127.0.0.1:5000/check_session_iframe", "end_session_endpoint": "https://127.0.0.1:5000/session", "issuer": "https://127.0.0.1:5000", "acr_values_supported": ["urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword"], "jwks_uri": "https://127.0.0.1:5000/static/jwks.json", "scopes_supported": ["phone", "email", "openid", "research_and_scholarship", "profile", "address", "offline_access"], "claims_supported": ["name", "birthdate", "given_name", "updated_at", "eduperson_scoped_affiliation", "middle_name", "gender", "phone_number_verified", "sub", "family_name", "zoneinfo", "nickname", "iss", "email", "website", "phone_number", "preferred_username", "profile", "locale", "picture", "address", "email_verified"], "id_token_signing_alg_values_supported": ["RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512"], "id_token_encryption_alg_values_supported": ["RSA-OAEP", "RSA-OAEP-256", "A128KW", "A192KW", "A256KW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW"], "id_token_encryption_enc_values_supported": ["A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM"]}', 'http_headers': [('Content-type', 'application/json; charset=utf-8'), ('Pragma', 'no-cache'), ('Cache-Control', 'no-store')]}
2022-12-08 09:34:00,438 oidcmsg.configure DEBUG response_placement: body
2022-12-08 09:34:00,439 oidcmsg.configure INFO Response: {"version": "3.0", "token_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt"], "claims_parameter_supported": true, "request_parameter_supported": true, "request_uri_parameter_supported": true, "require_request_uri_registration": true, "grant_types_supported": ["authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer", "refresh_token"], "subject_types_supported": ["public", "pairwise"], "request_object_signing_alg_values_supported": ["RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512"], "registration_endpoint": "https://127.0.0.1:5000/registration", "introspection_endpoint": "https://127.0.0.1:5000/introspection", "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token", "code id_token token", "none"], "response_modes_supported": ["query", "fragment", "form_post"], "request_object_encryption_alg_values_supported": ["RSA-OAEP", "RSA-OAEP-256", "A128KW", "A192KW", "A256KW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW"], "request_object_encryption_enc_values_supported": ["A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM"], "claim_types_supported": ["normal", "aggregated", "distributed"], "authorization_endpoint": "https://127.0.0.1:5000/authorization", "token_endpoint_auth_signing_alg_values_supported": ["RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512"], "token_endpoint": "https://127.0.0.1:5000/token", "userinfo_signing_alg_values_supported": ["RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512"], "userinfo_encryption_alg_values_supported": ["RSA-OAEP", "RSA-OAEP-256", "A128KW", "A192KW", "A256KW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW"], "userinfo_encryption_enc_values_supported": ["A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM"], "client_authn_method": ["bearer_header", "bearer_body"], "userinfo_endpoint": "https://127.0.0.1:5000/userinfo", "frontchannel_logout_supported": true, "frontchannel_logout_session_supported": true, "backchannel_logout_supported": true, "backchannel_logout_session_supported": true, "check_session_iframe": "https://127.0.0.1:5000/check_session_iframe", "end_session_endpoint": "https://127.0.0.1:5000/session", "issuer": "https://127.0.0.1:5000", "acr_values_supported": ["urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocolPassword"], "jwks_uri": "https://127.0.0.1:5000/static/jwks.json", "scopes_supported": ["phone", "email", "openid", "research_and_scholarship", "profile", "address", "offline_access"], "claims_supported": ["name", "birthdate", "given_name", "updated_at", "eduperson_scoped_affiliation", "middle_name", "gender", "phone_number_verified", "sub", "family_name", "zoneinfo", "nickname", "iss", "email", "website", "phone_number", "preferred_username", "profile", "locale", "picture", "address", "email_verified"], "id_token_signing_alg_values_supported": ["RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512"], "id_token_encryption_alg_values_supported": ["RSA-OAEP", "RSA-OAEP-256", "A128KW", "A192KW", "A256KW", "ECDH-ES", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW"], "id_token_encryption_enc_values_supported": ["A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM"]}
2022-12-08 09:34:00,439 werkzeug INFO 127.0.0.1 - - [08/Dec/2022 09:34:00] "GET /.well-known/openid-configuration HTTP/1.1" 200 -
2022-12-08 09:34:00,557 werkzeug INFO 127.0.0.1 - - [08/Dec/2022 09:34:00] "GET /static/jwks.json HTTP/1.1" 200 -
2022-12-08 09:34:00,586 oidcmsg.configure INFO At the "registration" endpoint
2022-12-08 09:34:00,588 oidcmsg.configure INFO request: {'application_type': 'web', 'response_types': ['code'], 'contacts': ['ops@example.com'], 'token_endpoint_auth_method': 'client_secret_basic', 'backchannel_logout_uri': 'https://{domain}:{port}/bc_logout/local', 'frontchannel_logout_uri': 'https://{domain}:{port}/fc_logout/local', 'redirect_uris': ['https://{domain}:{port}/authz_cb/local'], 'jwks_uri': 'https://127.0.0.1:8090/static/jwks.json', 'post_logout_redirect_uri': 'https://{domain}:{port}/session_logout/local', 'frontchannel_logout_session_required': True, 'grant_types': ['authorization_code']}
2022-12-08 09:34:00,588 oidcop.oidc.registration DEBUG Stored client info in CDB under cid=lod59mvIUYF3TwLmXzFjLg
2022-12-08 09:34:00,588 oidcop.oidc.registration DEBUG _cinfo: {'client_id': 'lod59mvIUYF3TwLmXzFjLg', 'client_salt': '7HTgtSrbGnE', 'registration_access_token': 'SJr_rWfGMdeUDuqdkr-j92fhwU0WmJb6Gni-t58wXWo', 'registration_client_uri': 'https://127.0.0.1:5000/registration_api?client_id=lod59mvIUYF3TwLmXzFjLg', 'client_id_issued_at': 1670510040, 'client_secret': '78d13b323235ef02c6c9588397210233741a1053be49b763ba2d7953', 'client_secret_expires_at': 1673102040}
2022-12-08 09:34:00,711 oidcop.oidc.registration DEBUG found 15 keys for client_id=lod59mvIUYF3TwLmXzFjLg
2022-12-08 09:34:00,711 oidcop.oidc.registration DEBUG Stored updated client info in CDB under cid=lod59mvIUYF3TwLmXzFjLg
2022-12-08 09:34:00,711 oidcop.oidc.registration DEBUG ClientInfo: {'client_id': 'lod59mvIUYF3TwLmXzFjLg', 'client_salt': '7HTgtSrbGnE', 'registration_access_token': 'SJr_rWfGMdeUDuqdkr-j92fhwU0WmJb6Gni-t58wXWo', 'registration_client_uri': 'https://127.0.0.1:5000/registration_api?client_id=lod59mvIUYF3TwLmXzFjLg', 'client_id_issued_at': 1670510040, 'client_secret': '78d13b323235ef02c6c9588397210233741a1053be49b763ba2d7953', 'client_secret_expires_at': 1673102040, 'application_type': 'web', 'response_types': ['code'], 'contacts': ['ops@example.com'], 'token_endpoint_auth_method': 'client_secret_basic', 'backchannel_logout_uri': 'https://{domain}:{port}/bc_logout/local', 'frontchannel_logout_uri': 'https://{domain}:{port}/fc_logout/local', 'jwks_uri': 'https://127.0.0.1:8090/static/jwks.json', 'post_logout_redirect_uri': ('https://{domain}:{port}/session_logout/local', ''), 'frontchannel_logout_session_required': True, 'grant_types': ['authorization_code'], 'redirect_uris': [('https://{domain}:{port}/authz_cb/local', {})]}
2022-12-08 09:34:00,712 oidcop.oidc.registration INFO registration_response: {'client_id': 'lod59mvIUYF3TwLmXzFjLg', 'registration_access_token': 'SJr_rWfGMdeUDuqdkr-j92fhwU0WmJb6Gni-t58wXWo', 'registration_client_uri': 'https://127.0.0.1:5000/registration_api?client_id=lod59mvIUYF3TwLmXzFjLg', 'client_id_issued_at': 1670510040, 'client_secret': '78d13b323235ef02c6c9588397210233741a1053be49b763ba2d7953', 'client_secret_expires_at': 1673102040, 'application_type': 'web', 'response_types': ['code'], 'contacts': ['ops@example.com'], 'token_endpoint_auth_method': 'client_secret_basic', 'backchannel_logout_uri': 'https://{domain}:{port}/bc_logout/local', 'frontchannel_logout_uri': 'https://{domain}:{port}/fc_logout/local', 'jwks_uri': 'https://127.0.0.1:8090/static/jwks.json', 'post_logout_redirect_uri': 'https://{domain}:{port}/session_logout/local', 'frontchannel_logout_session_required': True, 'grant_types': ['authorization_code'], 'redirect_uris': ['https://{domain}:{port}/authz_cb/local']}
2022-12-08 09:34:00,712 oidcmsg.configure INFO Response args: {'response_args': <oidcmsg.oidc.RegistrationResponse object at 0x000002CED098BC70>, 'cookie': {'name': 'oidc_op_rp', 'value': '1670510040|hsg6KoD2SgkawFcz|pD+bb7nMYVBUeXeQeqU/t5yFsQuqGXvINy1jzmOD+9NTQ5DKFLB9ObeGvWymg7CPV5P9+bDIVQeHBr5CS2B6sO24BQEyA8FTW6wksrKxOc+whTxUShut5SUfscK72g/Qqqq5oMLKr0U=|9wMwG16b2pucQWhBZi15Ng==', 'samesite': 'None', 'httponly': True, 'secure': True}, 'response_code': 201}
2022-12-08 09:34:00,712 oidcmsg.configure DEBUG do_response: {'response': '{"client_id": "lod59mvIUYF3TwLmXzFjLg", "registration_access_token": "SJr_rWfGMdeUDuqdkr-j92fhwU0WmJb6Gni-t58wXWo", "registration_client_uri": "https://127.0.0.1:5000/registration_api?client_id=lod59mvIUYF3TwLmXzFjLg", "client_id_issued_at": 1670510040, "client_secret": "78d13b323235ef02c6c9588397210233741a1053be49b763ba2d7953", "client_secret_expires_at": 1673102040, "application_type": "web", "response_types": ["code"], "contacts": ["ops@example.com"], "token_endpoint_auth_method": "client_secret_basic", "backchannel_logout_uri": "https://{domain}:{port}/bc_logout/local", "frontchannel_logout_uri": "https://{domain}:{port}/fc_logout/local", "jwks_uri": "https://127.0.0.1:8090/static/jwks.json", "post_logout_redirect_uri": "https://{domain}:{port}/session_logout/local", "frontchannel_logout_session_required": true, "grant_types": ["authorization_code"], "redirect_uris": ["https://{domain}:{port}/authz_cb/local"]}', 'http_headers': [('Content-type', 'application/json; charset=utf-8'), ('Pragma', 'no-cache'), ('Cache-Control', 'no-store')], 'cookie': {'name': 'oidc_op_rp', 'value': '1670510040|hsg6KoD2SgkawFcz|pD+bb7nMYVBUeXeQeqU/t5yFsQuqGXvINy1jzmOD+9NTQ5DKFLB9ObeGvWymg7CPV5P9+bDIVQeHBr5CS2B6sO24BQEyA8FTW6wksrKxOc+whTxUShut5SUfscK72g/Qqqq5oMLKr0U=|9wMwG16b2pucQWhBZi15Ng==', 'samesite': 'None', 'httponly': True, 'secure': True}, 'response_code': 201}
2022-12-08 09:34:00,713 oidcmsg.configure DEBUG response_placement: body
2022-12-08 09:34:00,713 oidcmsg.configure INFO Response: {"client_id": "lod59mvIUYF3TwLmXzFjLg", "registration_access_token": "SJr_rWfGMdeUDuqdkr-j92fhwU0WmJb6Gni-t58wXWo", "registration_client_uri": "https://127.0.0.1:5000/registration_api?client_id=lod59mvIUYF3TwLmXzFjLg", "client_id_issued_at": 1670510040, "client_secret": "78d13b323235ef02c6c9588397210233741a1053be49b763ba2d7953", "client_secret_expires_at": 1673102040, "application_type": "web", "response_types": ["code"], "contacts": ["ops@example.com"], "token_endpoint_auth_method": "client_secret_basic", "backchannel_logout_uri": "https://{domain}:{port}/bc_logout/local", "frontchannel_logout_uri": "https://{domain}:{port}/fc_logout/local", "jwks_uri": "https://127.0.0.1:8090/static/jwks.json", "post_logout_redirect_uri": "https://{domain}:{port}/session_logout/local", "frontchannel_logout_session_required": true, "grant_types": ["authorization_code"], "redirect_uris": ["https://{domain}:{port}/authz_cb/local"]}
2022-12-08 09:34:00,713 werkzeug INFO 127.0.0.1 - - [08/Dec/2022 09:34:00] "POST /registration HTTP/1.1" 201 -
2022-12-08 09:34:00,772 oidcmsg.configure INFO At the "authorization" endpoint
2022-12-08 09:34:00,773 oidcmsg.configure INFO request: {'redirect_uri': 'https://{domain}:{port}/authz_cb/local', 'scope': 'openid profile email address phone', 'response_type': 'code', 'nonce': 'NM2HJkMJmVOXpD53wAifWElS', 'claims': {'id_token': {'acr': {'value': 'https://refeds.org/profile/mfa'}}}, 'state': 'GR0s4yzGFGYLeZ2bZ8WIaqiCLVNrQtez', 'code_challenge': '3I-tJnulfqsMOUxI1K7pRt8aooJdjvsQQRu_sOmLh5U', 'code_challenge_method': 'S256', 'client_id': 'lod59mvIUYF3TwLmXzFjLg'}
2022-12-08 09:34:00,773 oidcop.oauth2.authorization DEBUG parse_cookie@process_request
2022-12-08 09:34:00,773 oidcop.cookie_handler DEBUG Looking for 'oidc_op' cookies
2022-12-08 09:34:00,774 oidcop.cookie_handler DEBUG Cookie: {'name': 'oidc_op', 'value': '1670508637|2Abf1GJjKISjIkPV|AFbZJANeX9WA+g1a2WwOnQ5Yv1jzxhepjNU0kic1GLFOXjwUspp0owgN6imLisqRCh7JcDDxnBNKMRk7DD13FUaahw1yixM6ut5Z1CAE9YdtagE1zFaAGaXfW/qS0W19ZniwLCAvy0anNwTyTZUmS7k6VAVHBA8/bkryEfj/vCU5YKCZjRSYtSaQGUaWYC0zrXLy8oEKdMMDCGEYDO6ivOOiAMT6vVmILNtiqlYL3p/UknYDDRlKjaebNKBXkabueYvaqA+4q4E5LA6iCUyWYYQ33CakHYu0tuRV1SHegq7ZHYRDshAG0/7PjjV+N3J83q/SjYoJFawZ75Ohb10JVEQWzzpOMxhbNt6XgJlbtE406HVm6Tce1eBLMFQEm7IYKVJxKfZrA5Vu7KNGJSGQYBMlFiT1bjkGZ9BYIJfO23HERGraMd904/DrWPDlhMJ4tgv8lnOiG9mZRsD45M15HfbigDVMwTSTziTPZ6v5LomHt27fcuTVaROYCxA8qy2suKSRxj1ZTo644T+ddHr7l2ubuJ5HpXejT2w6GXK77hqYejLXnXjTz+1KQN9FjTTrahu3y3o3sH3FwYc2f5DP1CvY9B2bnw==|uP9Bi4bKSUZzREPJTLVzzA=='}
2022-12-08 09:34:00,774 oidcop.cookie_handler DEBUG Decryption failed
2022-12-08 09:34:00,774 oidcop.cookie_handler DEBUG Could not verify oidc_op cookie
2022-12-08 09:34:00,774 oidcop.cookie_handler DEBUG Cookie: {'name': 'sman', 'value': '1670508637|/427/UMGtwYPCriL|bSiWundxgbx734YmLF3JEcmQ/25lTu85WztaDfbgBw/RWqqWPJUlBBn3UVdgA/D9CXEVVxfjfRUr++X7Zg4DHf31iBWg6+2NewLdP6U+21q+rgsVRR4ODnKSPEN5wrft6hX9t3NOYC3E4OUrxRqjVgc=|3h6NsYyku1btS2IgvtUqJw=='}
2022-12-08 09:34:00,774 oidcop.cookie_handler DEBUG Cookie: {'name': 'session', 'value': 'eyJvcF9pZGVudGlmaWVyIjoiZmxhc2tfcHJvdmlkZXIifQ.Y5H12A.B4dbTUr7JP9k5UkQ1dkJQ24wRhI'}
2022-12-08 09:34:00,774 oidcop.oauth2.authorization DEBUG Max age: 0
2022-12-08 09:34:00,775 oidcop.user_authn.user DEBUG Value cookies: []
2022-12-08 09:34:00,775 oidcop.user_authn.user DEBUG authenticated_as: cookie info={}
2022-12-08 09:34:00,775 oidcop.oauth2.authorization INFO No active authentication
2022-12-08 09:34:00,775 oidcop.oauth2.authorization DEBUG Known clients: ['lod59mvIUYF3TwLmXzFjLg']
2022-12-08 09:34:00,776 root DEBUG JWT header: {'alg': 'RS256', 'kid': 'ejZtWnRjX0RINEpBZWdrdzdOT0NFbGM1VkpoUURCMXVlaUJKV3Q0alZpaw'}
2022-12-08 09:34:00,780 oidcmsg.configure INFO Response args: {'http_response': '<!doctype html>\n\n<html lang="en">\n<head>\n    <meta charset="utf-8">\n    <title>Please login</title>\n</head>\n\n<body>\n<h1>Testing log in</h1>\n\n<form action="/verify/user" method="post">\n    <input type="hidden" name="token" value="eyJhbGciOiJSUzI1NiIsImtpZCI6ImVqWnRXblJqWDBSSU5FcEJaV2RyZHpkT1QwTkZiR00xVmtwb1VVUkNNWFZsYVVKS1YzUTBhbFpwYXcifQ.eyJxdWVyeSI6ICJyZWRpcmVjdF91cmk9aHR0cHMlM0ElMkYlMkYlN0Jkb21haW4lN0QlM0ElN0Jwb3J0JTdEJTJGYXV0aHpfY2IlMkZsb2NhbCZzY29wZT1vcGVuaWQrcHJvZmlsZStlbWFpbCthZGRyZXNzK3Bob25lJnJlc3BvbnNlX3R5cGU9Y29kZSZub25jZT1OTTJISmtNSm1WT1hwRDUzd0FpZldFbFMmY2xhaW1zPSU3QiUyMmlkX3Rva2VuJTIyJTNBKyU3QiUyMmFjciUyMiUzQSslN0IlMjJ2YWx1ZSUyMiUzQSslMjJodHRwcyUzQSUyRiUyRnJlZmVkcy5vcmclMkZwcm9maWxlJTJGbWZhJTIyJTdEJTdEJTdEJnN0YXRlPUdSMHM0eXpHRkdZTGVaMmJaOFdJYXFpQ0xWTnJRdGV6JmNvZGVfY2hhbGxlbmdlPTNJLXRKbnVsZnFzTU9VeEkxSzdwUnQ4YW9vSmRqdnNRUVJ1X3NPbUxoNVUmY29kZV9jaGFsbGVuZ2VfbWV0aG9kPVMyNTYmY2xpZW50X2lkPWxvZDU5bXZJVVlGM1R3TG1YekZqTGciLCAiYXV0aG5fY2xhc3NfcmVmIjogInVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOkludGVybmV0UHJvdG9jb2xQYXNzd29yZCIsICJyZXR1cm5fdXJpIjogImh0dHBzOi8ve2RvbWFpbn06e3BvcnR9L2F1dGh6X2NiL2xvY2FsIiwgImlzcyI6ICJodHRwczovLzEyNy4wLjAuMTo1MDAwIiwgImlhdCI6IDE2NzA1MTAwNDB9.esd4p_facwWZ8BFdJ0KcWbs5oJUB8wTmz4IS7qjbNLyyH0g3QeykvWeXoM1fZ-aaeBSOmKcCdz42MoeNokpW9-ku8nYqtmgewmTZDAwkDkYsI-lgKCV-aCNm9PZs7ujEgY2uKPEQgdDt06rjqLf_tSw50FQmBubbdN840eXb7elmuzvdB3iMRSpULx-cKva6VYz-xf6UG_VwuG4vTGxir3_yuKew7ZJcpbHKNfEL6DxdIPIH2jm3FaeBmqfa8YYeeeWqiwzPEkQvCBmRk2Ju9779MH6rJCfx2UDDllH_S9eCV9-H7fNO6RJekoomTd2cpiwEZ5xv63AnMBBFxwsBAw">\n\n    <p>\n        <label for="username">Nickname</label>\n        <input type="text" id="username" name="username" autofocus\n               required>\n    </p>\n\n    <p>\n        <label for="password">Secret sauce</label>\n        <input type="password" id="password" name="password" required>\n    </p>\n\n    <p>\n        <img src="" alt="">\n    </p>\n    <p>\n        <a href=""></a>\n    </p>\n    <p>\n        <a href=""></a>\n    </p>\n\n    <input type="submit" value="Get me in!">\n</form>\n</body>\n</html>', 'return_uri': 'https://{domain}:{port}/authz_cb/local'}
2022-12-08 09:34:00,780 werkzeug INFO 127.0.0.1 - - [08/Dec/2022 09:34:00] "GET /authorization?redirect_uri=https%3A%2F%2F%7Bdomain%7D%3A%7Bport%7D%2Fauthz_cb%2Flocal&scope=openid+profile+email+address+phone&response_type=code&nonce=NM2HJkMJmVOXpD53wAifWElS&claims=%7B%22id_token%22%3A+%7B%22acr%22%3A+%7B%22value%22%3A+%22https%3A%2F%2Frefeds.org%2Fprofile%2Fmfa%22%7D%7D%7D&state=GR0s4yzGFGYLeZ2bZ8WIaqiCLVNrQtez&code_challenge=3I-tJnulfqsMOUxI1K7pRt8aooJdjvsQQRu_sOmLh5U&code_challenge_method=S256&client_id=lod59mvIUYF3TwLmXzFjLg HTTP/1.1" 200 -
2022-12-08 09:34:46,310 oidcop.oauth2.authorization DEBUG response type: ['code']
2022-12-08 09:34:46,310 oidcop.oauth2.authorization DEBUG Known clients: ['lod59mvIUYF3TwLmXzFjLg']
2022-12-08 09:34:46,311 oidcop.oauth2.authorization DEBUG resp_info: {'response_args': <oidcmsg.oidc.AuthorizationResponse object at 0x000002CED0A6FB80>, 'fragment_enc': False, 'session_id': 'Z0FBQUFBQmprZllHejEydHpfVVNqWFFsQXpLN09iQTFMbUxFZDFYU29FNzI0M1pYdVZVQnhnX05CWldrcmNMdThqdVVmNkVzd0RyNkhWbkZ5Z3dKR2NfOHV3MUhjckpiUXFSamI2OEttNkRwN1pNRWMzV0lNUHZ4REtxN1hrZlJ2aTlOcVNHc0M3Ny1BREJBYUZYX0g0bnJWMjhTUzFMRmlBOG5MT3FOSlJQSmFXQ2s3RWNOWDVBMjZXWWxQbUNkWFFKWVVLRjUxY1N2UkVMdTJpbDJPNy1xTkdGWWZSRFpSZllYQkJpa2JkVWNyYjJabFRvV2U3Yz0=', 'return_uri': 'https://{domain}:{port}/authz_cb/local', 'cookie': [{'name': 'oidc_op', 'value': '1670510086|DDkGNmGp5/VMs1VY|HUTrDi0RYBuiCj6IJfYRsG1xv9p90BDeGExOQCbzsWb2L9oJu7N+1nHxsHOqePn0j+zDqx163ibwV7Hs2n4fEV5uka2G/DjwyuAZ1ux5+DW/+fTd047Vwz6SQx6y3nqbLW2uVNW1DtkWijo4syyzhhanmAmSCIWODavwv9Xmqd8w1i7J47n+ljCL+63aOsyo/UIOnz1ULVHWmWs8VAjEE82GRQgW+k8qZO44c2Uvx/6br2r7Vxr+qP4HhIRwhf1kLDLdmVanfvCVKnD1Gzu1bBpCWIMYp4kni8lBNFtjA1JxZdeOVJF7+olzHU+Pj/PdYgi9UfQ7tnhQAmJSWj1iK4l32g5p6VJ3lC4Xt4hSCc+33+qW0ZNrpLVgB2wY7wJeOGfDNnXyp2OuIHqG8pXeDR+y3w1VZVYBqC+ImJdXfPv40iZuuT63RCmCPGCSwuavcyxLW2M9Bs7h4jnz/uJuHwDu2UfB8zVzQN0WLEYCu8CUDWtHuDvSK+Qg1UgrnY1Nh3oJ6uNeV+lhXP6r8ZfqQFx1qGxIHTVRj8Pmk5GCHhBn3tiTJnygNZZm9vzszqccU05YYtdOXwhBgOnnYnxSvowdHCVDUg==|fZHNjAYJ9dyEdaYz4by0oQ==', 'samesite': 'None', 'httponly': True, 'secure': True}]}
2022-12-08 09:34:46,311 oidcop.oauth2.authorization DEBUG compute_session_state: client_id=lod59mvIUYF3TwLmXzFjLg, origin=https://{domain}:{port}/authz_cb/local, opbs=1670510086|7/QwpTS791/Fq7WY|aZiKgDJSaBECzb6KI5OWHrJYS1AM3fif1wKd9buAiELlxTLGKq413MzZN8AcLHatj6hCkAsXnfr1q4CTk5A1eQnSblNN58UHNQeEF8CV2e1rgflIJ+yLmX+mda6c7OTw+76APTupmsdiLYKokH/JFGw=|C1eVf4akOBUb4TFIUboPwA==, salt=dpcFT6lvu0jBeIU2X8zHYg
2022-12-08 09:34:46,311 oidcmsg.configure DEBUG do_response: {'response': 'https://{domain}:{port}/authz_cb/local?state=GR0s4yzGFGYLeZ2bZ8WIaqiCLVNrQtez&scope=openid+profile+email+address+phone&code=Z0FBQUFBQmprZllHVWxYLTMyVG1wS21fRVFqUlNoazRBOHpBUWozTjc1S0M0cTdfcnpYX2VHOXllczZHUHVuTFdNTU85UXd2OUpETGNNelNiMEVlZWp5eVhVMVRoczhLM2VjMWpJRVhzTTJDVnpSUXVwNnhVcUphb0NhVTRVdlJidXZFVkdnWURVSTJUMGtKLVRuc214bk9JTzZ2aWFweVBqUllxR1Z5c043cG9fY1R4NEZNS2J3ZmNtSWdLN2I5WEJVb2lvaW9oem1meFJMa0RxbWNjT1ZNeFNEeWp5VU13VTdkLXFaMUMwdVRhSElLbHlKUzFlZ3lyZDdNbWNtWUFvemlZaWl2SGZlNnhnemo1VHEzVDlEVHVuQzM1c05wVjU5cVZjV0J1azR0OE1xRURnRjI5NEQyX2J2N2IyckVuQjA4Vmw5TW5iRTZJVTgyaW5wOWVNZmdjSk1WODZIMkptRy0wMmc4NHd5MmNGUzB0bjlHS3c3Yl91aGJnZ2hRNnZzbVd2SVR1d3lOZDl3LXoxcTRWaVZxVXRvUXJ1U2VBZWNQYnVtWFRzVU5LemVfVElJR0xOc00yODBnTGZxbWFUZnhiNFdxekx2cVJURjhEaDhkRXo5WC1FUHRxc0VKVVFVNHYzSDdiNkdHbFF6RXZ3Y2tuTU96ekJyRGN6dWtQQ2lYV1phRkVkbnBOdm5KSFNleDNkVzRQT0NkdkU3QWxBWF9BU0ZjcnVFVTB6Ym54VVhGc1lER2JIX1lWMHJJZjVBRVJkLXMtVDVRMmZLOWMweVZtUVlodk9DN0lhVHZBaHp4T1lXZVp2MHE3MUF4VFNCOXFuTGxydWludDRlUnBYblQyblpGcVBwZw%3D%3D&session_state=b5bfe20e1864df11e6bea081c57aba0db56f55c243625983af67f1825a16377f.dpcFT6lvu0jBeIU2X8zHYg&iss=https%3A%2F%2F127.0.0.1%3A5000&client_id=lod59mvIUYF3TwLmXzFjLg', 'http_headers': [('Content-type', 'application/x-www-form-urlencoded'), ('Pragma', 'no-cache'), ('Cache-Control', 'no-store')], 'cookie': [{'name': 'oidc_op', 'value': '1670510086|DDkGNmGp5/VMs1VY|HUTrDi0RYBuiCj6IJfYRsG1xv9p90BDeGExOQCbzsWb2L9oJu7N+1nHxsHOqePn0j+zDqx163ibwV7Hs2n4fEV5uka2G/DjwyuAZ1ux5+DW/+fTd047Vwz6SQx6y3nqbLW2uVNW1DtkWijo4syyzhhanmAmSCIWODavwv9Xmqd8w1i7J47n+ljCL+63aOsyo/UIOnz1ULVHWmWs8VAjEE82GRQgW+k8qZO44c2Uvx/6br2r7Vxr+qP4HhIRwhf1kLDLdmVanfvCVKnD1Gzu1bBpCWIMYp4kni8lBNFtjA1JxZdeOVJF7+olzHU+Pj/PdYgi9UfQ7tnhQAmJSWj1iK4l32g5p6VJ3lC4Xt4hSCc+33+qW0ZNrpLVgB2wY7wJeOGfDNnXyp2OuIHqG8pXeDR+y3w1VZVYBqC+ImJdXfPv40iZuuT63RCmCPGCSwuavcyxLW2M9Bs7h4jnz/uJuHwDu2UfB8zVzQN0WLEYCu8CUDWtHuDvSK+Qg1UgrnY1Nh3oJ6uNeV+lhXP6r8ZfqQFx1qGxIHTVRj8Pmk5GCHhBn3tiTJnygNZZm9vzszqccU05YYtdOXwhBgOnnYnxSvowdHCVDUg==|fZHNjAYJ9dyEdaYz4by0oQ==', 'samesite': 'None', 'httponly': True, 'secure': True}, {'name': 'sman', 'value': '1670510086|7/QwpTS791/Fq7WY|aZiKgDJSaBECzb6KI5OWHrJYS1AM3fif1wKd9buAiELlxTLGKq413MzZN8AcLHatj6hCkAsXnfr1q4CTk5A1eQnSblNN58UHNQeEF8CV2e1rgflIJ+yLmX+mda6c7OTw+76APTupmsdiLYKokH/JFGw=|C1eVf4akOBUb4TFIUboPwA==', 'samesite': 'None', 'httponly': True, 'secure': True}]}
2022-12-08 09:34:46,312 oidcmsg.configure DEBUG response_placement: url
2022-12-08 09:34:46,312 oidcmsg.configure INFO Redirect to: https://{domain}:{port}/authz_cb/local?state=GR0s4yzGFGYLeZ2bZ8WIaqiCLVNrQtez&scope=openid+profile+email+address+phone&code=Z0FBQUFBQmprZllHVWxYLTMyVG1wS21fRVFqUlNoazRBOHpBUWozTjc1S0M0cTdfcnpYX2VHOXllczZHUHVuTFdNTU85UXd2OUpETGNNelNiMEVlZWp5eVhVMVRoczhLM2VjMWpJRVhzTTJDVnpSUXVwNnhVcUphb0NhVTRVdlJidXZFVkdnWURVSTJUMGtKLVRuc214bk9JTzZ2aWFweVBqUllxR1Z5c043cG9fY1R4NEZNS2J3ZmNtSWdLN2I5WEJVb2lvaW9oem1meFJMa0RxbWNjT1ZNeFNEeWp5VU13VTdkLXFaMUMwdVRhSElLbHlKUzFlZ3lyZDdNbWNtWUFvemlZaWl2SGZlNnhnemo1VHEzVDlEVHVuQzM1c05wVjU5cVZjV0J1azR0OE1xRURnRjI5NEQyX2J2N2IyckVuQjA4Vmw5TW5iRTZJVTgyaW5wOWVNZmdjSk1WODZIMkptRy0wMmc4NHd5MmNGUzB0bjlHS3c3Yl91aGJnZ2hRNnZzbVd2SVR1d3lOZDl3LXoxcTRWaVZxVXRvUXJ1U2VBZWNQYnVtWFRzVU5LemVfVElJR0xOc00yODBnTGZxbWFUZnhiNFdxekx2cVJURjhEaDhkRXo5WC1FUHRxc0VKVVFVNHYzSDdiNkdHbFF6RXZ3Y2tuTU96ekJyRGN6dWtQQ2lYV1phRkVkbnBOdm5KSFNleDNkVzRQT0NkdkU3QWxBWF9BU0ZjcnVFVTB6Ym54VVhGc1lER2JIX1lWMHJJZjVBRVJkLXMtVDVRMmZLOWMweVZtUVlodk9DN0lhVHZBaHp4T1lXZVp2MHE3MUF4VFNCOXFuTGxydWludDRlUnBYblQyblpGcVBwZw%3D%3D&session_state=b5bfe20e1864df11e6bea081c57aba0db56f55c243625983af67f1825a16377f.dpcFT6lvu0jBeIU2X8zHYg&iss=https%3A%2F%2F127.0.0.1%3A5000&client_id=lod59mvIUYF3TwLmXzFjLg
2022-12-08 09:34:46,313 werkzeug INFO 127.0.0.1 - - [08/Dec/2022 09:34:46] "POST /verify/user HTTP/1.1" 302 -