0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | provider_config | kwargs:{'issuer': 'https://isamfed.com:30443/test'}
|
0 | http response | url:https://isamfed.com:30443/test/.well-known/openid-configuration status_code:200
|
0 | ProviderConfigurationResponse | {
"authorization_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize",
"claims_parameter_supported": false,
"claims_supported": [
"realmName",
"preferred_username",
"given_name",
"uid",
"upn",
"groupIds",
"employee_id",
"name",
"tenantId",
"mobile_number",
"department",
"job_title",
"family_name",
"email"
],
"device_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/device_authorize",
"grant_types_supported": [
"urn:ietf:params:oauth:grant-type:jwt-bearer",
"implicit",
"urn:ietf:params:oauth:grant-type:saml2-bearer",
"urn:ietf:params:oauth:grant-type:device_code",
"client_credentials",
"password",
"authorization_code",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"introspect_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/introspect",
"issuer": "https://isamfed.com:30443/test",
"jwks_uri": "https://isamfed.com:30443/mga/sps/jwks",
"name": "OIDCDefinition",
"poc": "https://isamfed.com:30443/mga/",
"registration_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_modes_supported": [
"fragment",
"form_post"
],
"response_types_supported": [
"token",
"id_token",
"token id_token",
"code",
"code id_token",
"code token id_token",
"code token",
"none"
],
"revocation_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/revoke",
"subject_types_supported": [
"public"
],
"token_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/token",
"token_endpoint_auth_methods_supported": [
"private_key_jwt",
"client_secret_post",
"client_secret_basic"
],
"user_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/user_authorize",
"userinfo_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/userinfo",
"userinfo_signing_alg_values_supported": [
"RS256"
],
"version": "3.0"
}
|
0 | phase | <--<-- 2 --- Registration -->--> |
0 | register | kwargs:{'response_types': ['code id_token token'], 'grant_types': ['authorization_code', 'implicit'], 'application_name': 'OIC test tool', 'application_type': 'web', 'redirect_uris': ['https://op.certification.openid.net:61367/authz_cb'], 'contacts': ['roland@example.com'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61367/logout'], 'url': 'https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition', 'jwks_uri': 'https://op.certification.openid.net:61367/static/jwks_61367.json', 'token_endpoint_auth_method': 'private_key_jwt'}
|
0 | RegistrationRequest | {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"implicit",
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61367/static/jwks_61367.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61367/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61367/authz_cb"
],
"response_types": [
"code id_token token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
|
1 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition status_code:200
|
1 | RegistrationResponse | {
"application_type": "web",
"client_id": "qNLYIv4oACMyRVnl4JTh",
"client_id_issued_at": 1560755370,
"client_secret": "tvIpyrw41HTkjBrXcEO4",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"implicit",
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61367/static/jwks_61367.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61367/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61367/authz_cb"
],
"registration_access_token": "2vl0n2lbBaJsXctfBK3t",
"registration_client_uri": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition?client_id=qNLYIv4oACMyRVnl4JTh",
"response_types": [
"code",
"id_token",
"token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
|
1 | phase | <--<-- 3 --- AsyncAuthn -->--> |
1 | AuthorizationRequest | {
"client_id": "qNLYIv4oACMyRVnl4JTh",
"nonce": "0Pfg0fN3hGriQU7P",
"redirect_uri": "https://op.certification.openid.net:61367/authz_cb",
"response_type": "code id_token token",
"scope": "openid",
"state": "MUrOD8KNO13PWVgb"
}
|
1 | redirect url | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=MUrOD8KNO13PWVgb&nonce=0Pfg0fN3hGriQU7P&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61367%2Fauthz_cb&client_id=qNLYIv4oACMyRVnl4JTh |
1 | redirect | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=MUrOD8KNO13PWVgb&nonce=0Pfg0fN3hGriQU7P&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61367%2Fauthz_cb&client_id=qNLYIv4oACMyRVnl4JTh |
2 | http args | {} |
2 | response | URL with fragment |
2 | response | access_token=R9fqtnf0Emahbx9sPEeW&state=MUrOD8KNO13PWVgb&expires_in=3599&token_type=bearer&code=KJf43fppBSr0F06o1cK1b4hl7TBDjq&scope=openid&id_token=eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJub25jZSI6IjBQZmcwZk4zaEdyaVFVN1AiLCJpYXQiOjE1NjA3NTUzNzEsImlzcyI6Imh0dHBzOi8vaXNhbWZlZC5jb206MzA0NDMvdGVzdCIsImF0X2hhc2giOiIxQUV5WHE5amRHX2t5U3hqa1lkMDVBIiwic3ViIjoidGVzdHVzZXIiLCJleHAiOjE1NjA3NTg3OTEsImNfaGFzaCI6ImxpOEM1dFlUTHVZb3E1cmtRb21Gc0EiLCJhdWQiOiJxTkxZSXY0b0FDTXlSVm5sNEpUaCJ9.E5nK0G7cb63931WcjW1yXOwVoOflljOi_1qr5c7WSCVdQnS1TeexyKDyOqV7eTivejRJd2qCyF9Uh-2klP2jGbpkarpP3ODVUjK7qKiIDgfu_N-DyVciyIfQgnHlvy_OMtLJXF3IUtAHeWA1ggCBwseYYEuEIH-nSqEaBSnFhgUZdiLf4RLGLkwdjhdM3WcDQ9sdEHt5XghXpco7hR7sUYZdEg30HA1Rd8TXfo_5s7e-9LjCE8TLlefEnhOH4d20yu7SH8afTEHyYg-nrvIitgDrskSx_xeL1pmAw6hnpGozJcMV3gcMv05oN34tZ546gpgGl1-xU_m5sC_mEcwVfQ |
2 | response | {'access_token': 'R9fqtnf0Emahbx9sPEeW', 'state': 'MUrOD8KNO13PWVgb', 'expires_in': 3599, 'token_type': 'bearer', 'code': 'KJf43fppBSr0F06o1cK1b4hl7TBDjq', 'scope': 'openid', 'id_token': 'eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJub25jZSI6IjBQZmcwZk4zaEdyaVFVN1AiLCJpYXQiOjE1NjA3NTUzNzEsImlzcyI6Imh0dHBzOi8vaXNhbWZlZC5jb206MzA0NDMvdGVzdCIsImF0X2hhc2giOiIxQUV5WHE5amRHX2t5U3hqa1lkMDVBIiwic3ViIjoidGVzdHVzZXIiLCJleHAiOjE1NjA3NTg3OTEsImNfaGFzaCI6ImxpOEM1dFlUTHVZb3E1cmtRb21Gc0EiLCJhdWQiOiJxTkxZSXY0b0FDTXlSVm5sNEpUaCJ9.E5nK0G7cb63931WcjW1yXOwVoOflljOi_1qr5c7WSCVdQnS1TeexyKDyOqV7eTivejRJd2qCyF9Uh-2klP2jGbpkarpP3ODVUjK7qKiIDgfu_N-DyVciyIfQgnHlvy_OMtLJXF3IUtAHeWA1ggCBwseYYEuEIH-nSqEaBSnFhgUZdiLf4RLGLkwdjhdM3WcDQ9sdEHt5XghXpco7hR7sUYZdEg30HA1Rd8TXfo_5s7e-9LjCE8TLlefEnhOH4d20yu7SH8afTEHyYg-nrvIitgDrskSx_xeL1pmAw6hnpGozJcMV3gcMv05oN34tZ546gpgGl1-xU_m5sC_mEcwVfQ'} |
2 | AuthorizationResponse | {
"access_token": "R9fqtnf0Emahbx9sPEeW",
"code": "KJf43fppBSr0F06o1cK1b4hl7TBDjq",
"expires_in": 3599,
"id_token": {
"at_hash": "1AEyXq9jdG_kySxjkYd05A",
"aud": [
"qNLYIv4oACMyRVnl4JTh"
],
"c_hash": "li8C5tYTLuYoq5rkQomFsA",
"exp": 1560758791,
"iat": 1560755371,
"iss": "https://isamfed.com:30443/test",
"nonce": "0Pfg0fN3hGriQU7P",
"sub": "testuser"
},
"scope": "openid",
"state": "MUrOD8KNO13PWVgb",
"token_type": "bearer"
}
|
2 | phase | <--<-- 4 --- AccessToken -->--> |
2 | request | op_args: {'state': 'MUrOD8KNO13PWVgb'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61367/authz_cb'} |
2 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61367/authz_cb', 'code': 'KJf43fppBSr0F06o1cK1b4hl7TBDjq', 'state': 'MUrOD8KNO13PWVgb', 'grant_type': 'authorization_code', 'client_id': 'qNLYIv4oACMyRVnl4JTh'}, 'state': 'MUrOD8KNO13PWVgb', 'authn_method': 'private_key_jwt'}
|
2 | AccessTokenRequest | {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAicU5MWUl2NG9BQ015UlZubDRKVGgiLCAic3ViIjogInFOTFlJdjRvQUNNeVJWbmw0SlRoIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJsR3lCN2J1eUJ3VzJrYVExUnBEU1QwcHFJTE1GbDNERCIsICJleHAiOiAxNTYwNzU1OTcyLCAiaWF0IjogMTU2MDc1NTM3Mn0.JSBnTiNrKkxKnkaFqiqOVVjD-flBufhFe6hMmlzUXKdtFqn5wG2BAKcyxhDKwj1lTXfLMZ3awxUXj3azhhI-CTsNt0DduG7Hmx3t8dot40XDurnH0pNJysR5Usp5fwMgRuto3xVr2FDlI1agsCRVzV8P4sKdqtfHqOzFwF_WPjP1rFdCLu7Tia0KReBRwqc2sSSJUjgXaHPgv5jJWbfHPc229XxuBBoyN0NKbvDAjvurSQc06xTClbT2MLemiPSef4K0hoOlIeYJUtCbBdeX014NMg85VPQL93DegSIP4Bmif7XOl5iN3E60PqiL3blKlC5W4rOxLWxZQzM0gu_U1Q",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "KJf43fppBSr0F06o1cK1b4hl7TBDjq",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61367/authz_cb",
"state": "MUrOD8KNO13PWVgb"
}
|
2 | request_url | https://isamfed.com:30443/mga/sps/oauth/oauth20/token |
2 | request_http_args | {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}} |
2 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61367%2Fauthz_cb&code=KJf43fppBSr0F06o1cK1b4hl7TBDjq&state=MUrOD8KNO13PWVgb&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAicU5MWUl2NG9BQ015UlZubDRKVGgiLCAic3ViIjogInFOTFlJdjRvQUNNeVJWbmw0SlRoIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJsR3lCN2J1eUJ3VzJrYVExUnBEU1QwcHFJTE1GbDNERCIsICJleHAiOiAxNTYwNzU1OTcyLCAiaWF0IjogMTU2MDc1NTM3Mn0.JSBnTiNrKkxKnkaFqiqOVVjD-flBufhFe6hMmlzUXKdtFqn5wG2BAKcyxhDKwj1lTXfLMZ3awxUXj3azhhI-CTsNt0DduG7Hmx3t8dot40XDurnH0pNJysR5Usp5fwMgRuto3xVr2FDlI1agsCRVzV8P4sKdqtfHqOzFwF_WPjP1rFdCLu7Tia0KReBRwqc2sSSJUjgXaHPgv5jJWbfHPc229XxuBBoyN0NKbvDAjvurSQc06xTClbT2MLemiPSef4K0hoOlIeYJUtCbBdeX014NMg85VPQL93DegSIP4Bmif7XOl5iN3E60PqiL3blKlC5W4rOxLWxZQzM0gu_U1Q&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer |
2 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/token status_code:200
|
2 | response | {'access_token': 'of7i2ca7QlKCfmZz2Xrg', 'refresh_token': 'VaEN7iWg7dFD4pvwhJWnZLOrLIeZhWIigDOdqdNq', 'scope': 'openid', 'id_token': 'eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJydF9oYXNoIjoidHpxT2VfX2tPXzVGaGNlbzRQZTVlZyIsIm5vbmNlIjoiMFBmZzBmTjNoR3JpUVU3UCIsImlhdCI6MTU2MDc1NTM3MiwiaXNzIjoiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My90ZXN0IiwiYXRfaGFzaCI6IkhBOFRHMlplM1VmOHplazg0VjZldWciLCJzdWIiOiJ0ZXN0dXNlciIsImV4cCI6MTU2MDc1ODc5MiwiYXVkIjoicU5MWUl2NG9BQ015UlZubDRKVGgifQ.VRQOkDSz5XwNn8BFHtrPawndFV62LiT750gCQbXhagcXmREAsnhll5wppdTmr72KPL4swbvNiJHScla7AyiwTTrkdBmN9LphKGGxiIYdz9SVT5fJcbUk1udAsNNPx_N1ZrnTk66MRn2EaHWPBtqib-Vu2Gs5n7byjclVKCE7P1o9sqvZlYf7k8PuC3JBF3Tg0ydXXC1XgXxqUICnK6IHfba-oNGhGa2p8SVOj0TpQT16qnlBQix2eimN6yXqUVO6kZdJgOOSK38wmnvdHEcMeYsGBIYvpLWv-gYc-S3OE_ZwC990v8sBcXr45MdXguCkvL-j1gcueakj_5TUeXR6Jg', 'token_type': 'bearer', 'expires_in': 3599} |
2 | AccessTokenResponse | {
"access_token": "of7i2ca7QlKCfmZz2Xrg",
"expires_in": 3599,
"id_token": {
"at_hash": "HA8TG2Ze3Uf8zek84V6eug",
"aud": [
"qNLYIv4oACMyRVnl4JTh"
],
"exp": 1560758792,
"iat": 1560755372,
"iss": "https://isamfed.com:30443/test",
"nonce": "0Pfg0fN3hGriQU7P",
"rt_hash": "tzqOe__kO_5Fhceo4Pe5eg",
"sub": "testuser"
},
"refresh_token": "VaEN7iWg7dFD4pvwhJWnZLOrLIeZhWIigDOdqdNq",
"scope": "openid",
"token_type": "bearer"
}
|
2 | jws header | {'kid': '_uhPdeGrTWxobFeH0XbzjJpRrzp3CB9nknx1yFV1G-0', 'alg': 'RS256'} |
2 | phase | <--<-- 5 --- Note -->--> |
3 | phase | <--<-- 6 --- Webfinger -->--> |
3 | not expected to do | WebFinger |
3 | phase | <--<-- 7 --- Discovery -->--> |
3 | provider_config | kwargs:{'issuer': 'https://isamfed.com:30443/test'}
|
3 | http response | url:https://isamfed.com:30443/test/.well-known/openid-configuration status_code:200
|
3 | ProviderConfigurationResponse | {
"authorization_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize",
"claims_parameter_supported": false,
"claims_supported": [
"realmName",
"preferred_username",
"given_name",
"uid",
"upn",
"groupIds",
"employee_id",
"name",
"tenantId",
"mobile_number",
"department",
"job_title",
"family_name",
"email"
],
"device_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/device_authorize",
"grant_types_supported": [
"urn:ietf:params:oauth:grant-type:jwt-bearer",
"implicit",
"urn:ietf:params:oauth:grant-type:saml2-bearer",
"urn:ietf:params:oauth:grant-type:device_code",
"client_credentials",
"password",
"authorization_code",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"introspect_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/introspect",
"issuer": "https://isamfed.com:30443/test",
"jwks_uri": "https://isamfed.com:30443/mga/sps/jwks",
"name": "OIDCDefinition",
"poc": "https://isamfed.com:30443/mga/",
"registration_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_modes_supported": [
"fragment",
"form_post"
],
"response_types_supported": [
"token",
"id_token",
"token id_token",
"code",
"code id_token",
"code token id_token",
"code token",
"none"
],
"revocation_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/revoke",
"subject_types_supported": [
"public"
],
"token_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/token",
"token_endpoint_auth_methods_supported": [
"private_key_jwt",
"client_secret_post",
"client_secret_basic"
],
"user_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/user_authorize",
"userinfo_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/userinfo",
"userinfo_signing_alg_values_supported": [
"RS256"
],
"version": "3.0"
}
|
3 | phase | <--<-- 8 --- Registration -->--> |
3 | register | kwargs:{'response_types': ['code id_token token'], 'grant_types': ['authorization_code', 'implicit'], 'application_name': 'OIC test tool', 'application_type': 'web', 'redirect_uris': ['https://op.certification.openid.net:61367/authz_cb'], 'contacts': ['roland@example.com'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61367/logout'], 'url': 'https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition', 'jwks_uri': 'https://op.certification.openid.net:61367/static/jwks_61367.json', 'token_endpoint_auth_method': 'private_key_jwt'}
|
3 | RegistrationRequest | {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"implicit",
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61367/static/jwks_61367.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61367/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61367/authz_cb"
],
"response_types": [
"code id_token token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
|
3 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition status_code:200
|
3 | RegistrationResponse | {
"application_type": "web",
"client_id": "9ceq4zMyo17sKPgTKIgH",
"client_id_issued_at": 1560755373,
"client_secret": "tOtelxiYx7Pd92G1z1Vu",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"implicit",
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61367/static/jwks_61367.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61367/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61367/authz_cb"
],
"registration_access_token": "NB1MCyPH6g81KgnLIJvG",
"registration_client_uri": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition?client_id=9ceq4zMyo17sKPgTKIgH",
"response_types": [
"code",
"id_token",
"token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
|
3 | phase | <--<-- 9 --- AsyncAuthn -->--> |
3 | AuthorizationRequest | {
"client_id": "9ceq4zMyo17sKPgTKIgH",
"max_age": 1,
"nonce": "Wenxqx1GCQIzzGwI",
"redirect_uri": "https://op.certification.openid.net:61367/authz_cb",
"response_type": "code id_token token",
"scope": "openid",
"state": "SfE6tVe4jfTuub6S"
}
|
3 | redirect url | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=SfE6tVe4jfTuub6S&nonce=Wenxqx1GCQIzzGwI&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61367%2Fauthz_cb&max_age=1&client_id=9ceq4zMyo17sKPgTKIgH |
3 | redirect | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=SfE6tVe4jfTuub6S&nonce=Wenxqx1GCQIzzGwI&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61367%2Fauthz_cb&max_age=1&client_id=9ceq4zMyo17sKPgTKIgH |
6 | http args | {} |
7 | response | URL with fragment |
7 | response | access_token=S3UdZQPWr4ZI5cqqaHbs&state=SfE6tVe4jfTuub6S&expires_in=3599&token_type=bearer&code=SEhGPthwr1z8VfzW3hXQ234MrohfoN&scope=openid&id_token=eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJhdXRoX3RpbWUiOjE1NjA3NTUzNzYsIm5vbmNlIjoiV2VueHF4MUdDUUl6ekd3SSIsImlhdCI6MTU2MDc1NTM3NiwiaXNzIjoiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My90ZXN0IiwiYXRfaGFzaCI6Ikh3b25tMEQ1SDAyckFsRFU1c1dfS3ciLCJzdWIiOiJ0ZXN0dXNlciIsImV4cCI6MTU2MDc1ODc5NiwiY19oYXNoIjoiek5MaExEZzZfeXpTLV9MOGppRWRvdyIsImF1ZCI6IjljZXE0ek15bzE3c0tQZ1RLSWdIIn0.TJKM_32ef6hsST_biRXAVTZupae65EeBlcCyi7XSr3eS9WWQBLFKAHrB82vzpItAyZARpRgKvKXBfB4xjPo1u_7uONTCRYHP8LEr-nKPQ1P99trRw1ShXcF2ivSwS_xVFf_ABy7SMJUWIYkQ-w5AYGj5QTeKQa41EZPYMjp2Jl42N1SevUIB5nRanzpRErt3PnLL10KH87OGg9pyEtOQEmUvRBKgjhapdba9gr-sCkbUiL0ggIAoISZk0BBZ7YuemVm9rY5mlBiR_Ye_bCrGieMk2sd3tdUht3c9Eksk4Gz6SaCOzHu9RC96NdH6PpbRGCrJ13rRoSr2twoCiLlHBA |
7 | response | {'access_token': 'S3UdZQPWr4ZI5cqqaHbs', 'state': 'SfE6tVe4jfTuub6S', 'expires_in': 3599, 'token_type': 'bearer', 'code': 'SEhGPthwr1z8VfzW3hXQ234MrohfoN', 'scope': 'openid', 'id_token': 'eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJhdXRoX3RpbWUiOjE1NjA3NTUzNzYsIm5vbmNlIjoiV2VueHF4MUdDUUl6ekd3SSIsImlhdCI6MTU2MDc1NTM3NiwiaXNzIjoiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My90ZXN0IiwiYXRfaGFzaCI6Ikh3b25tMEQ1SDAyckFsRFU1c1dfS3ciLCJzdWIiOiJ0ZXN0dXNlciIsImV4cCI6MTU2MDc1ODc5NiwiY19oYXNoIjoiek5MaExEZzZfeXpTLV9MOGppRWRvdyIsImF1ZCI6IjljZXE0ek15bzE3c0tQZ1RLSWdIIn0.TJKM_32ef6hsST_biRXAVTZupae65EeBlcCyi7XSr3eS9WWQBLFKAHrB82vzpItAyZARpRgKvKXBfB4xjPo1u_7uONTCRYHP8LEr-nKPQ1P99trRw1ShXcF2ivSwS_xVFf_ABy7SMJUWIYkQ-w5AYGj5QTeKQa41EZPYMjp2Jl42N1SevUIB5nRanzpRErt3PnLL10KH87OGg9pyEtOQEmUvRBKgjhapdba9gr-sCkbUiL0ggIAoISZk0BBZ7YuemVm9rY5mlBiR_Ye_bCrGieMk2sd3tdUht3c9Eksk4Gz6SaCOzHu9RC96NdH6PpbRGCrJ13rRoSr2twoCiLlHBA'} |
7 | AuthorizationResponse | {
"access_token": "S3UdZQPWr4ZI5cqqaHbs",
"code": "SEhGPthwr1z8VfzW3hXQ234MrohfoN",
"expires_in": 3599,
"id_token": {
"at_hash": "Hwonm0D5H02rAlDU5sW_Kw",
"aud": [
"9ceq4zMyo17sKPgTKIgH"
],
"auth_time": 1560755376,
"c_hash": "zNLhLDg6_yzS-_L8jiEdow",
"exp": 1560758796,
"iat": 1560755376,
"iss": "https://isamfed.com:30443/test",
"nonce": "Wenxqx1GCQIzzGwI",
"sub": "testuser"
},
"scope": "openid",
"state": "SfE6tVe4jfTuub6S",
"token_type": "bearer"
}
|
7 | phase | <--<-- 10 --- AccessToken -->--> |
7 | request | op_args: {'state': 'SfE6tVe4jfTuub6S'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61367/authz_cb'} |
7 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61367/authz_cb', 'code': 'SEhGPthwr1z8VfzW3hXQ234MrohfoN', 'state': 'SfE6tVe4jfTuub6S', 'grant_type': 'authorization_code', 'client_id': '9ceq4zMyo17sKPgTKIgH'}, 'state': 'SfE6tVe4jfTuub6S', 'authn_method': 'private_key_jwt'}
|
7 | AccessTokenRequest | {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiOWNlcTR6TXlvMTdzS1BnVEtJZ0giLCAic3ViIjogIjljZXE0ek15bzE3c0tQZ1RLSWdIIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJLMUpCS2N2eGJJT1NoWDhJeUZXQ25UbjUyVjkxeW1YQiIsICJleHAiOiAxNTYwNzU1OTc3LCAiaWF0IjogMTU2MDc1NTM3N30.HPSnSdVOMtC66ugm3fdOiek9sjhX77qm-B9cObyXcEHXWHFitAqaNEIhQIiFbC9BpCIoc-6kpxn1Dx2CTDUFWrU0tYQwY592vlCIXAK4gO6596L1TNQyoMjS1kCI0P6NWURGlu6h9jUQiMMaM_8M6plNwET4DTEccIT0fRpj9_NPPgkTlYd1C1P41cJQiKxrPeZDaX_S8U44MBK5f2DMcJ_onSl_MIPEohgPM8dE1cdedHSEH8-k9oOdDcthyTyRSdOPpNsEo1gqljNnrE9_pkvaxebcU_pM8jvc-490xZwxd0OQ6HXFCMTuUECwn-wVWIU0jVqzLUIKmDmBd5uOYg",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "SEhGPthwr1z8VfzW3hXQ234MrohfoN",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61367/authz_cb",
"state": "SfE6tVe4jfTuub6S"
}
|
7 | request_url | https://isamfed.com:30443/mga/sps/oauth/oauth20/token |
7 | request_http_args | {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}} |
7 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61367%2Fauthz_cb&code=SEhGPthwr1z8VfzW3hXQ234MrohfoN&state=SfE6tVe4jfTuub6S&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiOWNlcTR6TXlvMTdzS1BnVEtJZ0giLCAic3ViIjogIjljZXE0ek15bzE3c0tQZ1RLSWdIIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJLMUpCS2N2eGJJT1NoWDhJeUZXQ25UbjUyVjkxeW1YQiIsICJleHAiOiAxNTYwNzU1OTc3LCAiaWF0IjogMTU2MDc1NTM3N30.HPSnSdVOMtC66ugm3fdOiek9sjhX77qm-B9cObyXcEHXWHFitAqaNEIhQIiFbC9BpCIoc-6kpxn1Dx2CTDUFWrU0tYQwY592vlCIXAK4gO6596L1TNQyoMjS1kCI0P6NWURGlu6h9jUQiMMaM_8M6plNwET4DTEccIT0fRpj9_NPPgkTlYd1C1P41cJQiKxrPeZDaX_S8U44MBK5f2DMcJ_onSl_MIPEohgPM8dE1cdedHSEH8-k9oOdDcthyTyRSdOPpNsEo1gqljNnrE9_pkvaxebcU_pM8jvc-490xZwxd0OQ6HXFCMTuUECwn-wVWIU0jVqzLUIKmDmBd5uOYg&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer |
7 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/token status_code:200
|
7 | response | {'access_token': '376KtX3LHx2JqrnD4mMn', 'refresh_token': 'bN7a0lxtfbsJEJ9gapWgQZbxOv7bTncsdF3J4HFp', 'scope': 'openid', 'id_token': 'eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJhdXRoX3RpbWUiOjE1NjA3NTUzNzgsInJ0X2hhc2giOiJybFNDYk9jV1RMSTQxMGFLMTY3VmN3Iiwibm9uY2UiOiJXZW54cXgxR0NRSXp6R3dJIiwiaWF0IjoxNTYwNzU1Mzc3LCJpc3MiOiJodHRwczovL2lzYW1mZWQuY29tOjMwNDQzL3Rlc3QiLCJhdF9oYXNoIjoielJKWFF1YU5OQWtfWVJQRVFmU1liQSIsInN1YiI6InRlc3R1c2VyIiwiZXhwIjoxNTYwNzU4Nzk3LCJhdWQiOiI5Y2VxNHpNeW8xN3NLUGdUS0lnSCJ9.RCw2IU6iYKMTp5cX6nWC8Sf4J2LqyWishE3wx1k35Jh-iE330E7H-umzDog-soUEye-8bw8LFFfsauf8QLk3L-ZpZtGxOD65UO9fCdMM60gJF3r2liqviNOSrx5EGDMefadsGLsvzKjJk_InOhcbvAQxwGDOzPXGpHiPK6_c1lQIAkCcmYU64LmUcf8WsBx5RK_n55PyE9xIOxvlg1Lo_OEw1l1nhYheQIZOgiGD980z1IxgZBpNK7ht-NHzhVX2JW1sMZLWVEg74lO571Q2DYWE8Aoo_hz6fuZA_Vg9YO8wXgB8Hsmd9xekcU1Kbwqd5VTJfd9OufD2pLukNI8ewg', 'token_type': 'bearer', 'expires_in': 3599} |
7 | AccessTokenResponse | {
"access_token": "376KtX3LHx2JqrnD4mMn",
"expires_in": 3599,
"id_token": {
"at_hash": "zRJXQuaNNAk_YRPEQfSYbA",
"aud": [
"9ceq4zMyo17sKPgTKIgH"
],
"auth_time": 1560755378,
"exp": 1560758797,
"iat": 1560755377,
"iss": "https://isamfed.com:30443/test",
"nonce": "Wenxqx1GCQIzzGwI",
"rt_hash": "rlSCbOcWTLI410aK167Vcw",
"sub": "testuser"
},
"refresh_token": "bN7a0lxtfbsJEJ9gapWgQZbxOv7bTncsdF3J4HFp",
"scope": "openid",
"token_type": "bearer"
}
|
7 | jws header | {'kid': '_uhPdeGrTWxobFeH0XbzjJpRrzp3CB9nknx1yFV1G-0', 'alg': 'RS256'} |
7 | phase | <--<-- 11 --- Done -->--> |
7 | end | |
7 | assertion | ClaimsCheck |
7 | condition | claims-check: status=OK [Checks if specific claims is present or not] |
7 | assertion | AuthTimeCheck |
7 | condition | auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.] |
7 | assertion | MultipleSignOn |
7 | condition | multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow] |
7 | assertion | VerifyResponse |
7 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
7 | condition | Done: status=OK |