peppelinux
commented
4 months ago ciao @tobiaspc, do you use https://github.com/italia/spid-cie-oidc-django/releases/tag/v1.3.2?
Closed tobiaspc closed 3 months ago
peppelinux
commented
4 months ago ciao @tobiaspc, do you use https://github.com/italia/spid-cie-oidc-django/releases/tag/v1.3.2?
tobiaspc
commented
4 months ago Yes, our fork is based on v1.3.2 with two changes: We always resolve and return fresh trust chains, and modify the serialization to include subordinate statements as well.
Before v1.3.2, subordinate statements were part of the chain, but the chain was nested, as reported in #307. In v1.3.2, the nesting issue reported in #307 was fixed, but two additional continue statements were also included in the serialization function.
We don't know if the continue statements were added on purpose, but we believe they are the source of the issue, resulting in trust chains containing only entity configurations, without any entity statements.
peppelinux
commented
4 months ago thank you for the analsys @tobiaspc
the release 1.3.2 added an unit test to be sure that hte trust chain is consistent https://github.com/italia/spid-cie-oidc-django/commit/87467470e7c491e91d0e6bb95ada85ec6f71ca77#diff-0883c6743fcae978d35256008daee4b830b82c88781f280104dcc34a13a020f5R135
if you still find the issue, could you please provide the PR with your fork that aims to resolve this issue?
Expected Behavior
Resolve endpoint responds with a complete trust chain that conforms to the specification.
Current Behavior
Resolve endpoint responds with a trust chain that only contains entity configurations. Entity statements are missing.
Possible Solution
We resolved the issue in our test setup by removing a single continue statement, see here.
Steps to Reproduce
curl "http://op.a-wayf.local:8002/oidc/op/resolve?sub=http://op.a-wayf.local:8002/oidc/op&anchor=http://ta.a-wayf.local:8000"Resolve response
``` { "iss": "http://op.a-wayf.local:8002/oidc/op", "sub": "http://op.a-wayf.local:8002/oidc/op", "iat": 1709036716, "exp": 1709133083, "trust_marks": [], "metadata": { "federation_entity": { "federation_resolve_endpoint": "http://op.a-wayf.local:8002/oidc/op/resolve", "organization_name": "CIE OIDC identity provider", "homepage_uri": "http://op.a-wayf.local:8002", "policy_uri": "http://op.a-wayf.local:8002/oidc/op/en/website/legal-information", "logo_uri": "http://op.a-wayf.local:8002/static/svg/logo-cie.svg", "contacts": [ "tech@example.it" ] }, "openid_provider": { "authorization_endpoint": "http://op.a-wayf.local:8002/oidc/op/authorization", "revocation_endpoint": "http://op.a-wayf.local:8002/oidc/op/revocation", "id_token_encryption_alg_values_supported": [ "RSA-OAEP" ], "id_token_encryption_enc_values_supported": [ "A128CBC-HS256" ], "token_endpoint": "http://op.a-wayf.local:8002/oidc/op/token", "userinfo_endpoint": "http://op.a-wayf.local:8002/oidc/op/userinfo", "introspection_endpoint": "http://op.a-wayf.local:8002/oidc/op/introspection", "claims_parameter_supported": true, "contacts": [ "ops@https://idp.it" ], "code_challenge_methods_supported": [ "S256" ], "client_registration_types_supported": [ "automatic" ], "request_authentication_methods_supported": { "ar": [ "request_object" ] }, "acr_values_supported": [ "https://www.spid.gov.it/SpidL1", "https://www.spid.gov.it/SpidL2", "https://www.spid.gov.it/SpidL3" ], "claims_supported": [ "given_name", "family_name", "birthdate", "gender", "phone_number", "https://attributes.eid.gov.it/fiscal_number", "phone_number_verified", "email", "address", "document_details", "https://attributes.eid.gov.it/physical_phone_number" ], "grant_types_supported": [ "authorization_code", "refresh_token" ], "id_token_signing_alg_values_supported": [ "RS256", "ES256" ], "issuer": "http://op.a-wayf.local:8002/oidc/op", "jwks_uri": "http://op.a-wayf.local:8002/oidc/op/openid_provider/jwks.json", "signed_jwks_uri": "http://op.a-wayf.local:8002/oidc/op/openid_provider/jwks.jose", "jwks": { "keys": [ { "kty": "RSA", "use": "sig", "e": "AQAB", "n": "rJoSYv1stwlbM11tR9SYGIJuzqlJe2bv2N35oPRbwV_epjNWvGG2ZqEj53YFMC8AMZNFhuLa_LNwr1kLVE-jXQe8xjiLhe7DgMf1OnSzq9yAEXVo19BPBwkgJe2jp9HIgM_nfbIsUbSSkFAM2CKvGb0Bk2GvvqXZ12P-fpbVyA9hIQr6rNTqnCGx2-v4oViGG4u_3iTw7D1ZvLWmrmZOaKnDAqG3MJSdQ-2ggQ-Aiahg48si9C9D_JgnBV9tJ2eCS58ZC6kVG5sftElQVdH6e26mz464TZj5QgCwZCTsAQfIvBoXSdCKxpnvsFfrajz4q9BiXAryxIOl5fLmCFVNhw", "kid": "Pd2N9-TZz_AWS3GFCkoYdRaXXls8YPhx_d_Ez7JwjQI" } ] }, "scopes_supported": [ "openid", "offline_access" ], "logo_uri": "http://op.a-wayf.local:8002/static/images/logo-cie.png", "organization_name": "SPID OIDC identity provider", "op_policy_uri": "http://op.a-wayf.local:8002/oidc/op/en/website/legal-information", "request_parameter_supported": true, "request_uri_parameter_supported": true, "require_request_uri_registration": true, "response_types_supported": [ "code" ], "response_modes_supported": [ "query", "form_post" ], "subject_types_supported": [ "pairwise", "public" ], "token_endpoint_auth_methods_supported": [ "private_key_jwt" ], "token_endpoint_auth_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "userinfo_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256" ], "userinfo_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ], "userinfo_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256" ], "request_object_encryption_enc_values_supported": [ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ], "request_object_signing_alg_values_supported": [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ] } }, "trust_chain": [ "eyJ0eXAiOiJlbnRpdHktc3RhdGVtZW50K2p3dCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiWmhTb2FPZWRWT3NCdzZtMnZjbHdTV2lxcW5HZU9TdFQtZ1VjbG90XzY3dyJ9.eyJleHAiOjE3MDkzMDM5MDMsImlhdCI6MTcwOTEzMTEwMywiaXNzIjoiaHR0cDovL29wLmEtd2F5Zi5sb2NhbDo4MDAyL29pZGMvb3AiLCJzdWIiOiJodHRwOi8vb3AuYS13YXlmLmxvY2FsOjgwMDIvb2lkYy9vcCIsImp3a3MiOnsia2V5cyI6W3sia3R5IjoiUlNBIiwiZSI6IkFRQUIiLCJuIjoidGczYUU5ZmQ2bHRYek5yaW1fNENHS1lXZkMzbnFjX3R2NFhqYXc0NzNDY3JmaXFEemVUS0hmUmZidmJxYjFEd21JNGZ2Q09pNTFFVmNtS0xuVGh6WHluQVVweVV2c3d2TDhfdXpnRFdPMVJTbUJHMUwwUkUtQ2tLaWg0a2VYaDFrdTloTnMxX1YtODJkSzVvTE9SLVZKTG5oWkNxVGhSNEhINlRxTGpqV3JyWGZzSFZSdmF1SmlsWDZGeEdiNUpGb2MyN1Z4eGRIMmM2UDJTSEM5d3VCOHRuZkc3T1NyU0QxZzJoN2xUWGJJZm03OGEwb3A2N2RfanVwemtvS29DVG16a1IyenZ3VFZWRGQ5OXZrRExZMldYbWI4aEl3RzZkUVpYWWxraHFBWUt6VHVUWjB0alZoME9ycWZEeFl0TEgzd1F6emFKT1Jld1pZcUx5QjA5UDh3Iiwia2lkIjoiWmhTb2FPZWRWT3NCdzZtMnZjbHdTV2lxcW5HZU9TdFQtZ1VjbG90XzY3dyJ9XX0sIm1ldGFkYXRhIjp7ImZlZGVyYXRpb25fZW50aXR5Ijp7ImZlZGVyYXRpb25fcmVzb2x2ZV9lbmRwb2ludCI6Imh0dHA6Ly9vcC5hLXdheWYubG9jYWw6ODAwMi9vaWRjL29wL3Jlc29sdmUiLCJvcmdhbml6YXRpb25fbmFtZSI6IkNJRSBPSURDIGlkZW50aXR5IHByb3ZpZGVyIiwiaG9tZXBhZ2VfdXJpIjoiaHR0cDovL29wLmEtd2F5Zi5sb2NhbDo4MDAyIiwicG9saWN5X3VyaSI6Imh0dHA6Ly9vcC5hLXdheWYubG9jYWw6ODAwMi9vaWRjL29wL2VuL3dlYnNpdGUvbGVnYWwtaW5mb3JtYXRpb24iLCJsb2dvX3VyaSI6Imh0dHA6Ly9vcC5hLXdheWYubG9jYWw6ODAwMi9zdGF0aWMvc3ZnL2xvZ28tY2llLnN2ZyIsImNvbnRhY3RzIjpbInRlY2hAZXhhbXBsZS5pdCJdfSwib3BlbmlkX3Byb3ZpZGVyIjp7ImF1dGhvcml6YXRpb25fZW5kcG9pbnQiOiJodHRwOi8vb3AuYS13YXlmLmxvY2FsOjgwMDIvb2lkYy9vcC9hdXRob3JpemF0aW9uIiwicmV2b2NhdGlvbl9lbmRwb2ludCI6Imh0dHA6Ly9vcC5hLXdheWYubG9jYWw6ODAwMi9vaWRjL29wL3Jldm9jYXRpb24iLCJpZF90b2tlbl9lbmNyeXB0aW9uX2FsZ192YWx1ZXNfc3VwcG9ydGVkIjpbIlJTQS1PQUVQIl0sImlkX3Rva2VuX2VuY3J5cHRpb25fZW5jX3ZhbHVlc19zdXBwb3J0ZWQiOlsiQTEyOENCQy1IUzI1NiJdLCJ0b2tlbl9lbmRwb2ludCI6Imh0dHA6Ly9vcC5hLXdheWYubG9jYWw6ODAwMi9vaWRjL29wL3Rva2VuIiwidXNlcmluZm9fZW5kcG9pbnQiOiJodHRwOi8vb3AuYS13YXlmLmxvY2FsOjgwMDIvb2lkYy9vcC91c2VyaW5mbyIsImludHJvc3BlY3Rpb25fZW5kcG9pbnQiOiJodHRwOi8vb3AuYS13YXlmLmxvY2FsOjgwMDIvb2lkYy9vcC9pbnRyb3NwZWN0aW9uIiwiY2xhaW1zX3BhcmFtZXRlcl9zdXBwb3J0ZWQiOnRydWUsImNvbnRhY3RzIjpbIm9wc0BodHRwczovL2lkcC5pdCJdLCJjb2RlX2NoYWxsZW5nZV9tZXRob2RzX3N1cHBvcnRlZCI6WyJTMjU2Il0sImNsaWVudF9yZWdpc3RyYXRpb25fdHlwZXNfc3VwcG9ydGVkIjpbImF1dG9tYXRpYyJdLCJyZXF1ZXN0X2F1dGhlbnRpY2F0aW9uX21ldGhvZHNfc3VwcG9ydGVkIjp7ImFyIjpbInJlcXVlc3Rfb2JqZWN0Il19LCJhY3JfdmFsdWVzX3N1cHBvcnRlZCI6WyJodHRwczovL3d3dy5zcGlkLmdvdi5pdC9TcGlkTDEiLCJodHRwczovL3d3dy5zcGlkLmdvdi5pdC9TcGlkTDIiLCJodHRwczovL3d3dy5zcGlkLmdvdi5pdC9TcGlkTDMiXSwiY2xhaW1zX3N1cHBvcnRlZCI6WyJnaXZlbl9uYW1lIiwiZmFtaWx5X25hbWUiLCJiaXJ0aGRhdGUiLCJnZW5kZXIiLCJwaG9uZV9udW1iZXIiLCJodHRwczovL2F0dHJpYnV0ZXMuZWlkLmdvdi5pdC9maXNjYWxfbnVtYmVyIiwicGhvbmVfbnVtYmVyX3ZlcmlmaWVkIiwiZW1haWwiLCJhZGRyZXNzIiwiZG9jdW1lbnRfZGV0YWlscyIsImh0dHBzOi8vYXR0cmlidXRlcy5laWQuZ292Lml0L3BoeXNpY2FsX3Bob25lX251bWJlciJdLCJncmFudF90eXBlc19zdXBwb3J0ZWQiOlsiYXV0aG9yaXphdGlvbl9jb2RlIiwicmVmcmVzaF90b2tlbiJdLCJpZF90b2tlbl9zaWduaW5nX2FsZ192YWx1ZXNfc3VwcG9ydGVkIjpbIlJTMjU2IiwiRVMyNTYiXSwiaXNzdWVyIjoiaHR0cDovL29wLmEtd2F5Zi5sb2NhbDo4MDAyL29pZGMvb3AiLCJqd2tzX3VyaSI6Imh0dHA6Ly9vcC5hLXdheWYubG9jYWw6ODAwMi9vaWRjL29wL29wZW5pZF9wcm92aWRlci9qd2tzLmpzb24iLCJzaWduZWRfandrc191cmkiOiJodHRwOi8vb3AuYS13YXlmLmxvY2FsOjgwMDIvb2lkYy9vcC9vcGVuaWRfcHJvdmlkZXIvandrcy5qb3NlIiwiandrcyI6eyJrZXlzIjpbeyJrdHkiOiJSU0EiLCJ1c2UiOiJzaWciLCJlIjoiQVFBQiIsIm4iOiJySm9TWXYxc3R3bGJNMTF0UjlTWUdJSnV6cWxKZTJidjJOMzVvUFJid1ZfZXBqTld2R0cyWnFFajUzWUZNQzhBTVpORmh1TGFfTE53cjFrTFZFLWpYUWU4eGppTGhlN0RnTWYxT25TenE5eUFFWFZvMTlCUEJ3a2dKZTJqcDlISWdNX25mYklzVWJTU2tGQU0yQ0t2R2IwQmsyR3Z2cVhaMTJQLWZwYlZ5QTloSVFyNnJOVHFuQ0d4Mi12NG9WaUdHNHVfM2lUdzdEMVp2TFdtcm1aT2FLbkRBcUczTUpTZFEtMmdnUS1BaWFoZzQ4c2k5QzlEX0pnbkJWOXRKMmVDUzU4WkM2a1ZHNXNmdEVsUVZkSDZlMjZtejQ2NFRaajVRZ0N3WkNUc0FRZkl2Qm9YU2RDS3hwbnZzRmZyYWp6NHE5QmlYQXJ5eElPbDVmTG1DRlZOaHciLCJraWQiOiJQZDJOOS1UWnpfQVdTM0dGQ2tvWWRSYVhYbHM4WVBoeF9kX0V6N0p3alFJIn1dfSwic2NvcGVzX3N1cHBvcnRlZCI6WyJvcGVuaWQiLCJvZmZsaW5lX2FjY2VzcyJdLCJsb2dvX3VyaSI6Imh0dHA6Ly9vcC5hLXdheWYubG9jYWw6ODAwMi9zdGF0aWMvaW1hZ2VzL2xvZ28tY2llLnBuZyIsIm9yZ2FuaXphdGlvbl9uYW1lIjoiU1BJRCBPSURDIGlkZW50aXR5IHByb3ZpZGVyIiwib3BfcG9saWN5X3VyaSI6Imh0dHA6Ly9vcC5hLXdheWYubG9jYWw6ODAwMi9vaWRjL29wL2VuL3dlYnNpdGUvbGVnYWwtaW5mb3JtYXRpb24iLCJyZXF1ZXN0X3BhcmFtZXRlcl9zdXBwb3J0ZWQiOnRydWUsInJlcXVlc3RfdXJpX3BhcmFtZXRlcl9zdXBwb3J0ZWQiOnRydWUsInJlcXVpcmVfcmVxdWVzdF91cmlfcmVnaXN0cmF0aW9uIjp0cnVlLCJyZXNwb25zZV90eXBlc19zdXBwb3J0ZWQiOlsiY29kZSJdLCJyZXNwb25zZV9tb2Rlc19zdXBwb3J0ZWQiOlsicXVlcnkiLCJmb3JtX3Bvc3QiXSwic3ViamVjdF90eXBlc19zdXBwb3J0ZWQiOlsicGFpcndpc2UiLCJwdWJsaWMiXSwidG9rZW5fZW5kcG9pbnRfYXV0aF9tZXRob2RzX3N1cHBvcnRlZCI6WyJwcml2YXRlX2tleV9qd3QiXSwidG9rZW5fZW5kcG9pbnRfYXV0aF9zaWduaW5nX2FsZ192YWx1ZXNfc3VwcG9ydGVkIjpbIlJTMjU2IiwiUlMzODQiLCJSUzUxMiIsIkVTMjU2IiwiRVMzODQiLCJFUzUxMiJdLCJ1c2VyaW5mb19lbmNyeXB0aW9uX2FsZ192YWx1ZXNfc3VwcG9ydGVkIjpbIlJTQS1PQUVQIiwiUlNBLU9BRVAtMjU2Il0sInVzZXJpbmZvX2VuY3J5cHRpb25fZW5jX3ZhbHVlc19zdXBwb3J0ZWQiOlsiQTEyOENCQy1IUzI1NiIsIkExOTJDQkMtSFMzODQiLCJBMjU2Q0JDLUhTNTEyIiwiQTEyOEdDTSIsIkExOTJHQ00iLCJBMjU2R0NNIl0sInVzZXJpbmZvX3NpZ25pbmdfYWxnX3ZhbHVlc19zdXBwb3J0ZWQiOlsiUlMyNTYiLCJSUzM4NCIsIlJTNTEyIiwiRVMyNTYiLCJFUzM4NCIsIkVTNTEyIl0sInJlcXVlc3Rfb2JqZWN0X2VuY3J5cHRpb25fYWxnX3ZhbHVlc19zdXBwb3J0ZWQiOlsiUlNBLU9BRVAiLCJSU0EtT0FFUC0yNTYiXSwicmVxdWVzdF9vYmplY3RfZW5jcnlwdGlvbl9lbmNfdmFsdWVzX3N1cHBvcnRlZCI6WyJBMTI4Q0JDLUhTMjU2IiwiQTE5MkNCQy1IUzM4NCIsIkEyNTZDQkMtSFM1MTIiLCJBMTI4R0NNIiwiQTE5MkdDTSIsIkEyNTZHQ00iXSwicmVxdWVzdF9vYmplY3Rfc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRlZCI6WyJSUzI1NiIsIlJTMzg0IiwiUlM1MTIiLCJFUzI1NiIsIkVTMzg0IiwiRVM1MTIiXX19LCJhdXRob3JpdHlfaGludHMiOlsiaHR0cDovL3RhLmEtd2F5Zi5sb2NhbDo4MDAwIl19.Zuh9FJUvJ3fR6wxloFicGSiC1nyN071xV3TpUhbMjYbxwrCmHsKNxA7Ys0Djyfx9k1um8IAnEy1G759DTlhx-3xW1LN9x1-kb7DEG4A8BJ2oMuB28xZ-kZFzARtyyWBVzaxkDzmEaHVZHXj248dFId6fNkqS--fosPBAYSMceDeT-pAT7K0KfjLY5Idk8-JNkIMOYC68iw8dHpYGCWGkuFBqeIkMDM3lULHd6HaiVR0uehQAji-Pax0ZS3HBk25mjHwjOVSIUfpS3KM-GZp-bI2bcfodw7Tffp4JVDF9jaIhAckppurO2zDsfvDKUF17ScMoY4dJp3P6e2RlWDI0wQ", "eyJ0eXAiOiJlbnRpdHktc3RhdGVtZW50K2p3dCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiQlh2ZnJsbmhBTXVIUjA3YWpVbUFjQlJRY1N6bXcwY19SQWdKbnBTLTlXUSJ9.eyJleHAiOjE3MDkzMDM5MDMsImlhdCI6MTcwOTEzMTEwMywiaXNzIjoiaHR0cDovL3RhLmEtd2F5Zi5sb2NhbDo4MDAwIiwic3ViIjoiaHR0cDovL29wLmEtd2F5Zi5sb2NhbDo4MDAyL29pZGMvb3AiLCJqd2tzIjp7ImtleXMiOlt7Imt0eSI6IlJTQSIsIm4iOiJ0ZzNhRTlmZDZsdFh6TnJpbV80Q0dLWVdmQzNucWNfdHY0WGphdzQ3M0NjcmZpcUR6ZVRLSGZSZmJ2YnFiMUR3bUk0ZnZDT2k1MUVWY21LTG5UaHpYeW5BVXB5VXZzd3ZMOF91emdEV08xUlNtQkcxTDBSRS1Da0tpaDRrZVhoMWt1OWhOczFfVi04MmRLNW9MT1ItVkpMbmhaQ3FUaFI0SEg2VHFMampXcnJYZnNIVlJ2YXVKaWxYNkZ4R2I1SkZvYzI3Vnh4ZEgyYzZQMlNIQzl3dUI4dG5mRzdPU3JTRDFnMmg3bFRYYklmbTc4YTBvcDY3ZF9qdXB6a29Lb0NUbXprUjJ6dndUVlZEZDk5dmtETFkyV1htYjhoSXdHNmRRWlhZbGtocUFZS3pUdVRaMHRqVmgwT3JxZkR4WXRMSDN3UXp6YUpPUmV3WllxTHlCMDlQOHciLCJlIjoiQVFBQiIsImtpZCI6IlpoU29hT2VkVk9zQnc2bTJ2Y2x3U1dpcXFuR2VPU3RULWdVY2xvdF82N3cifV19LCJtZXRhZGF0YV9wb2xpY3kiOnsib3BlbmlkX3Byb3ZpZGVyIjp7fX0sInNvdXJjZV9lbmRwb2ludCI6Imh0dHA6Ly90YS5hLXdheWYubG9jYWw6ODAwMC9mZXRjaCIsInRydXN0X21hcmtzIjpbeyJpZCI6Imh0dHBzOi8vd3d3LnNwaWQuZ292Lml0L29wZW5pZC1mZWRlcmF0aW9uL2FncmVlbWVudC9vcC1wdWJsaWMiLCJ0cnVzdF9tYXJrIjoiZXlKMGVYQWlPaUowY25WemRDMXRZWEpySzJwM2RDSXNJbUZzWnlJNklsSlRNalUySWl3aWEybGtJam9pUWxoMlpuSnNibWhCVFhWSVVqQTNZV3BWYlVGalFsSlJZMU42Ylhjd1kxOVNRV2RLYm5CVExUbFhVU0o5LmV5SnBjM01pT2lKb2RIUndPaTh2ZEdFdVlTMTNZWGxtTG14dlkyRnNPamd3TURBaUxDSnpkV0lpT2lKb2RIUndPaTh2YjNBdVlTMTNZWGxtTG14dlkyRnNPamd3TURJdmIybGtZeTl2Y0NJc0ltbGhkQ0k2TVRjd09URXpNVEV3TXl3aWFXUWlPaUpvZEhSd2N6b3ZMM2QzZHk1emNHbGtMbWR2ZGk1cGRDOWpaWEowYVdacFkyRjBhVzl1TDI5d0lpd2liV0Z5YXlJNkltaDBkSEJ6T2k4dmQzZDNMbUZuYVdRdVoyOTJMbWwwTDNSb1pXMWxjeTlqZFhOMGIyMHZZV2RwWkM5c2IyZHZMbk4yWnlJc0luSmxaaUk2SW1oMGRIQnpPaTh2Wkc5amN5NXBkR0ZzYVdFdWFYUXZhWFJoYkdsaEwzTndhV1F2YzNCcFpDMXlaV2R2YkdVdGRHVmpibWxqYUdVdGIybGtZeTlwZEM5emRHRmlhV3hsTDJsdVpHVjRMbWgwYld3aWZRLmZfNUNURGZpVm1DSUpJbGpUVjUxVlRyS2RWaGI2cXRXczJLb1F1cHVkaGhOLUdVOU1uWkVSMktQRG40TV94TDZVNjlZWHkyU2JFV1kwMldFVU84a1RyNXN0Q2p0d1ExZy1NNENXZmp6ZGxuMHY3aFlQS241dEh4eVA3MDhyclNONjI5STRseUEteW5JVVFTejRSbGM5NXc4dUl4bjdab1k1M3NsN2NzYzlXVzg0VXJMbDFESHdjUVR5YTk0dENIdDlKWkd3QWhQT1Z6T2M1LVkwOUY1c2lLdmVWSzJBNnRjOHpBY3NveVFrdDRQa250MFd3UDhzaUNUekpObTFJQ0RhSlFNR1J1QktYLTlPX2g3RXZlbDczNnlac09pSlhfU3p2a0VoRVhkUzBTSWF4NVNLTGxxOU1lZ2U0WkVRSE1TcXdiMktxMm9USWQtVkVEQmdRakRJUSJ9XX0.gWxa074ERmnn5qLnJs5adDyUxowCF5wGCIx23gON5PD-kgyMnPl2IYvvISubpvdVwuLMI7iKhNJEjSPYzUPD5svmEwyByL76k_wn17siMA8WFMZYCglazD6KyokJ4WBEv8VSBnpSeO6BWHyzny8LAqGIeCugh-gM5xCQR_pRZ6kINN23cfwcF0L-QOAiH9KXXpQXPxZKyDtmW0OxQGhNGKdMCY8YPzgHM1dBmAkoNlXDetISAvhP2Jp9ztDU04Tva7UNRYBe5WhG4XQYdTexslJ3gODfoNXaU_a-_NfjovOEqo5Pc3uwu7gnCy5QbWjO7Hvf1A_OtAuTjdEUoaQrGA", "eyJ0eXAiOiJlbnRpdHktc3RhdGVtZW50K2p3dCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiQlh2ZnJsbmhBTXVIUjA3YWpVbUFjQlJRY1N6bXcwY19SQWdKbnBTLTlXUSJ9.eyJleHAiOjE3MDkxMzMwODMsImlhdCI6MTcwOTEzMTEwMywiaXNzIjoiaHR0cDovL3RhLmEtd2F5Zi5sb2NhbDo4MDAwIiwic3ViIjoiaHR0cDovL3RhLmEtd2F5Zi5sb2NhbDo4MDAwIiwiandrcyI6eyJrZXlzIjpbeyJrdHkiOiJSU0EiLCJlIjoiQVFBQiIsIm4iOiJvOElvbFJqWmxremN0LTQ4cmhyVmxUbllVMXBrTWJWSkQtRFUwNW9NUzlSVkdyc0Z5cGc5OG0tS3c0SDRxTlB5UVZ4Mk9RT1JpLXhTaGdrN0hVLWdLXzJwVmd1WWt2MDZGYWpMX2VkRUFxcXNxdF83NFFmMldMUkM1cGZKR196OU9Qelk4Skd5ay16M1NiZUhOX0JYS0k4R1k1RTRXVTJTc3RtUTlmeUw0Q3h0UmZqVWlhOGxpbVRDXzNNT3BUM3ppNW5yMDNqZmJqcG5qZ2E1MXFYdXJ4bmx6YzNhX3hqazVSQUFwS3hVdk53aEoyNzVNMENtQjk5RGpQd0Y2Qkx2VWdKcWd5Q3BVT24zNkxPaEk0RnF1VnFocWhpd0tsTW1pTWUzeXkweU5RN0ZYQld4anpoZXhicHljM1Z1N3pGSUhQQWNDNFV5SVFoYzN3YUVqMnZpWHciLCJraWQiOiJCWHZmcmxuaEFNdUhSMDdhalVtQWNCUlFjU3ptdzBjX1JBZ0pucFMtOVdRIn1dfSwibWV0YWRhdGEiOnsiZmVkZXJhdGlvbl9lbnRpdHkiOnsiY29udGFjdHMiOlsib3BzQGxvY2FsaG9zdCJdLCJmZWRlcmF0aW9uX2ZldGNoX2VuZHBvaW50IjoiaHR0cDovL3RhLmEtd2F5Zi5sb2NhbDo4MDAwL2ZldGNoIiwiZmVkZXJhdGlvbl9yZXNvbHZlX2VuZHBvaW50IjoiaHR0cDovL3RhLmEtd2F5Zi5sb2NhbDo4MDAwL3Jlc29sdmUiLCJmZWRlcmF0aW9uX3RydXN0X21hcmtfc3RhdHVzX2VuZHBvaW50IjoiaHR0cDovL3RhLmEtd2F5Zi5sb2NhbDo4MDAwL3RydXN0X21hcmtfc3RhdHVzIiwiaG9tZXBhZ2VfdXJpIjoiaHR0cDovL3RhLmEtd2F5Zi5sb2NhbDo4MDAwIiwib3JnYW5pemF0aW9uX25hbWUiOiJleGFtcGxlIFRBIiwicG9saWN5X3VyaSI6Imh0dHA6Ly90YS5hLXdheWYubG9jYWw6ODAwMC9lbi93ZWJzaXRlL2xlZ2FsLWluZm9ybWF0aW9uIiwibG9nb191cmkiOiJodHRwOi8vdGEuYS13YXlmLmxvY2FsOjgwMDAvc3RhdGljL3N2Zy9zcGlkLWxvZ28tYy1sYi5zdmciLCJmZWRlcmF0aW9uX2xpc3RfZW5kcG9pbnQiOiJodHRwOi8vdGEuYS13YXlmLmxvY2FsOjgwMDAvbGlzdCJ9fSwidHJ1c3RfbWFya19pc3N1ZXJzIjp7Imh0dHBzOi8vd3d3LnNwaWQuZ292Lml0L2NlcnRpZmljYXRpb24vcnAvcHVibGljIjpbImh0dHBzOi8vcmVnaXN0cnkuc3BpZC5hZ2lkLmdvdi5pdCIsImh0dHBzOi8vcHVibGljLmludGVybWVkaWFyeS5zcGlkLml0Il0sImh0dHBzOi8vd3d3LnNwaWQuZ292Lml0L2NlcnRpZmljYXRpb24vcnAvcHJpdmF0ZSI6WyJodHRwczovL3JlZ2lzdHJ5LnNwaWQuYWdpZC5nb3YuaXQiLCJodHRwczovL3ByaXZhdGUub3RoZXIuaW50ZXJtZWRpYXJ5Lml0Il0sImh0dHBzOi8vc2dkLmFhLml0L29uYm9hcmRpbmciOlsiaHR0cHM6Ly9zZ2QuYWEuaXQiXX0sImNvbnN0cmFpbnRzIjp7Im1heF9wYXRoX2xlbmd0aCI6MX19.gsj0XqvQgf1HDrTJvEERuQ7GdftMePZIVr_07rtlV6gtImtKjI5V4ca-hjaNFNmRXfUl-nOyA2-fi8LBIhI-2fPrRq9AEqQ8dp6knhwW1P5PWid8SjO_LvIiEx8XNzom-ViwqYpEYOems5jEImZc89i6vYpCQRirg3SEsXVwqPAKcDiwqWzncxPD6L5mg27Xvf50jcX3QutU5j1_diHe9t_dzbCKv8p_T_ty6fyt6k1k5e7L62iI8zyb4nrg2O3FT1zqPXdq47rt-PLbbMD1GbMfW7Ke92Nu1fKMkP3oZRJa9avox5UVbIiRf1JT_Yq8OZC5zWPDhHvME8bzrE8LWA" ] } ```