0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | provider_config | kwargs:{'issuer': 'https://isamfed.com:30443/test'}
|
1 | http response | url:https://isamfed.com:30443/test/.well-known/openid-configuration status_code:200
|
1 | ProviderConfigurationResponse | {
"authorization_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize",
"claims_parameter_supported": false,
"claims_supported": [
"realmName",
"preferred_username",
"given_name",
"uid",
"upn",
"groupIds",
"employee_id",
"name",
"tenantId",
"mobile_number",
"department",
"job_title",
"family_name",
"email"
],
"device_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/device_authorize",
"grant_types_supported": [
"urn:ietf:params:oauth:grant-type:jwt-bearer",
"implicit",
"urn:ietf:params:oauth:grant-type:saml2-bearer",
"urn:ietf:params:oauth:grant-type:device_code",
"client_credentials",
"password",
"authorization_code",
"refresh_token"
],
"id_token_encryption_alg_values_supported": [
"RSA-OAEP-256"
],
"id_token_encryption_enc_values_supported": [
"A128CBC-HS256"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"introspect_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/introspect",
"issuer": "https://isamfed.com:30443/test",
"jwks_uri": "https://isamfed.com:30443/mga/sps/jwks",
"name": "OIDCDefinition",
"poc": "https://isamfed.com:30443/mga/",
"registration_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_modes_supported": [
"fragment",
"form_post"
],
"response_types_supported": [
"token",
"id_token",
"token id_token",
"code",
"code id_token",
"code token id_token",
"code token",
"none"
],
"revocation_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/revoke",
"subject_types_supported": [
"public"
],
"token_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/token",
"token_endpoint_auth_methods_supported": [
"private_key_jwt",
"client_secret_post",
"client_secret_basic"
],
"user_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/user_authorize",
"userinfo_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/userinfo",
"userinfo_signing_alg_values_supported": [
"RS256"
],
"version": "3.0"
}
|
1 | phase | <--<-- 2 --- Registration -->--> |
1 | register | kwargs:{'response_types': ['code id_token token'], 'grant_types': ['authorization_code', 'implicit'], 'application_name': 'OIC test tool', 'application_type': 'web', 'redirect_uris': ['https://op.certification.openid.net:61737/authz_cb'], 'contacts': ['roland@example.com'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61737/logout'], 'url': 'https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition', 'jwks_uri': 'https://op.certification.openid.net:61737/static/jwks_61737.json', 'token_endpoint_auth_method': 'private_key_jwt'}
|
1 | RegistrationRequest | {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61737/static/jwks_61737.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61737/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61737/authz_cb"
],
"response_types": [
"code id_token token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
|
1 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition status_code:200
|
1 | RegistrationResponse | {
"application_type": "web",
"client_id": "Zf4xpbOVSGBqxuMiyQZK",
"client_id_issued_at": 1560783928,
"client_secret": "1XUnQ1YG20K06xsLbNrv",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61737/static/jwks_61737.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61737/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61737/authz_cb"
],
"registration_access_token": "A5LITKHbmUhY9SAjDDjx",
"registration_client_uri": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition?client_id=Zf4xpbOVSGBqxuMiyQZK",
"response_types": [
"code",
"id_token",
"token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
|
1 | phase | <--<-- 3 --- AsyncAuthn -->--> |
1 | AuthorizationRequest | {
"client_id": "Zf4xpbOVSGBqxuMiyQZK",
"nonce": "YRCsUUVp5x9iNHHt",
"redirect_uri": "https://op.certification.openid.net:61737/authz_cb",
"response_type": "code id_token token",
"scope": "openid",
"state": "WQhIhLeGvOuhmgSp"
}
|
1 | redirect url | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=WQhIhLeGvOuhmgSp&nonce=YRCsUUVp5x9iNHHt&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61737%2Fauthz_cb&client_id=Zf4xpbOVSGBqxuMiyQZK |
1 | redirect | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=WQhIhLeGvOuhmgSp&nonce=YRCsUUVp5x9iNHHt&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61737%2Fauthz_cb&client_id=Zf4xpbOVSGBqxuMiyQZK |
2 | http args | {} |
2 | response | URL with fragment |
2 | response | access_token=V6oVeXDIzNozcXje4vfi&state=WQhIhLeGvOuhmgSp&expires_in=3599&token_type=bearer&code=PcuuHI9hDRCob6h6aI6CLrdYdnfSQ5&scope=openid&id_token=eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.c54Cmxkm32k_Bb3z8YSA11ZgozA8Iem7UOidFyR5PunylVYMf1be59MBeQUD8QJK07Hpm10uWvwT2L9isin-ykilNae_CsYeXRmGiRbI-gL7cPBXVZBnEuwxEJCbDIgshGyIzI-lw3-8VxUIizcA2iOvbZckZNGpqFkvrWr9oZ-18pkwqFg_xsdJpfnHFNFWCxvnMwpeI-L0l0f9vUTzhNUirQLSQf6NP2pO20rAwyhYJeyV39GHxjtfKyjP7BoSlYN5Ijt7aolmmHk6c-NKsjGiwk0UCWqhOb2gn4-vdpJgFXoxylAMK2_sFCv1ifOTA7k68Xua5hwyp0L0RGAEKA.cRzxXOP7N4QQeiU8b9SkJg.glz43V4rlAnGcwE3SQQwZA72U8WCGDoX1SQI1jGSQWs984FauOrdJhopJyr7Z1Cw0HxncoYo7gsbgc4zJ7u65kSCqtIT7cYjcv6VeKdTG6WXeXRGGkFGGWoGfX3v9MJXzq1UP0X0l1VbaqndjiFrXxf5GNHj6e4IwlvUZSpBf03o6sHL0RmSIVFDVGGeuIsP5B0Rzb-Yn5-ZJGgppu-UmIFEtLa0Y-QtyCzyIwCnEDf5vr5zSEgMaf_8hnL0jskCMzpe_IJMP-lfn7U5MkWwxD0HvkzktXtd8F_5Jhtb-l_ErpkLAcfkV-NFGNxBLyRs6UnGddXKIhwxnxB7MAtm1d9EyraTuQNScSrXx2a4c5esS_lrVbe3l31QhgJpNDb9sgR735fQcajKQvnyzBb3MfFCS1YS0UGuCYU3InxLJh7hRh4f1ulaWMJKU9s-bgLRyg6qqKlkQk-xQT907cNHXcBI42sE_LvAZTdFsNP8cLiEk7kZ6_dChxly8B9nNNwVi7NA_OsZ8ZN1aQHbvDSBEYJNtRAODyJ3_u_IiO-KD6-V-X4VTrIZEgt13OjJnOkZRWvoY-GdvLyVti9-yQuAOIkhvlu4w9SijOwxtxsr_R7eYRQ9FY2QH7YPYg0e8W33qsqFgL60pHbJglTKpthRZD48VzbHADK3zAYokjFLU19QSEwuwXqm7hDExHXi_Onjau-EwODnwBnv5GfioYJfzh--or_W0spb4p7lTVMy1gYXj2BVO1zoAst6u93fgMlPOiQENKVP2hkwOc0z6OyfhX4QR8oe3pZjoR5zeI18w8D0mY4CvzxhHseNyj02sPvRhNC3rZGsSvk2mSD2Y4EufbSFvAcbp77x45zcDdnn7oQODqrAzl7JQY6BQDQOaxhE0SByPYVP2kYiNhUAdM4yp78Zv1zEOHtIaaVA7g2WlVx4oa_WY1pEinbzH5pSSesspWcq7JCBIBXkUdOCzMXG4Q.5sWqjlcHTOvR5ObG32njpQ |
2 | response | {'access_token': 'V6oVeXDIzNozcXje4vfi', 'state': 'WQhIhLeGvOuhmgSp', 'expires_in': 3599, 'token_type': 'bearer', 'code': 'PcuuHI9hDRCob6h6aI6CLrdYdnfSQ5', 'scope': 'openid', 'id_token': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.c54Cmxkm32k_Bb3z8YSA11ZgozA8Iem7UOidFyR5PunylVYMf1be59MBeQUD8QJK07Hpm10uWvwT2L9isin-ykilNae_CsYeXRmGiRbI-gL7cPBXVZBnEuwxEJCbDIgshGyIzI-lw3-8VxUIizcA2iOvbZckZNGpqFkvrWr9oZ-18pkwqFg_xsdJpfnHFNFWCxvnMwpeI-L0l0f9vUTzhNUirQLSQf6NP2pO20rAwyhYJeyV39GHxjtfKyjP7BoSlYN5Ijt7aolmmHk6c-NKsjGiwk0UCWqhOb2gn4-vdpJgFXoxylAMK2_sFCv1ifOTA7k68Xua5hwyp0L0RGAEKA.cRzxXOP7N4QQeiU8b9SkJg.glz43V4rlAnGcwE3SQQwZA72U8WCGDoX1SQI1jGSQWs984FauOrdJhopJyr7Z1Cw0HxncoYo7gsbgc4zJ7u65kSCqtIT7cYjcv6VeKdTG6WXeXRGGkFGGWoGfX3v9MJXzq1UP0X0l1VbaqndjiFrXxf5GNHj6e4IwlvUZSpBf03o6sHL0RmSIVFDVGGeuIsP5B0Rzb-Yn5-ZJGgppu-UmIFEtLa0Y-QtyCzyIwCnEDf5vr5zSEgMaf_8hnL0jskCMzpe_IJMP-lfn7U5MkWwxD0HvkzktXtd8F_5Jhtb-l_ErpkLAcfkV-NFGNxBLyRs6UnGddXKIhwxnxB7MAtm1d9EyraTuQNScSrXx2a4c5esS_lrVbe3l31QhgJpNDb9sgR735fQcajKQvnyzBb3MfFCS1YS0UGuCYU3InxLJh7hRh4f1ulaWMJKU9s-bgLRyg6qqKlkQk-xQT907cNHXcBI42sE_LvAZTdFsNP8cLiEk7kZ6_dChxly8B9nNNwVi7NA_OsZ8ZN1aQHbvDSBEYJNtRAODyJ3_u_IiO-KD6-V-X4VTrIZEgt13OjJnOkZRWvoY-GdvLyVti9-yQuAOIkhvlu4w9SijOwxtxsr_R7eYRQ9FY2QH7YPYg0e8W33qsqFgL60pHbJglTKpthRZD48VzbHADK3zAYokjFLU19QSEwuwXqm7hDExHXi_Onjau-EwODnwBnv5GfioYJfzh--or_W0spb4p7lTVMy1gYXj2BVO1zoAst6u93fgMlPOiQENKVP2hkwOc0z6OyfhX4QR8oe3pZjoR5zeI18w8D0mY4CvzxhHseNyj02sPvRhNC3rZGsSvk2mSD2Y4EufbSFvAcbp77x45zcDdnn7oQODqrAzl7JQY6BQDQOaxhE0SByPYVP2kYiNhUAdM4yp78Zv1zEOHtIaaVA7g2WlVx4oa_WY1pEinbzH5pSSesspWcq7JCBIBXkUdOCzMXG4Q.5sWqjlcHTOvR5ObG32njpQ'} |
3 | AuthorizationResponse | {
"access_token": "V6oVeXDIzNozcXje4vfi",
"code": "PcuuHI9hDRCob6h6aI6CLrdYdnfSQ5",
"expires_in": 3599,
"id_token": {
"at_hash": "pP3_OeDygtYbb1cRItrhxg",
"aud": [
"Zf4xpbOVSGBqxuMiyQZK"
],
"c_hash": "6PYbhtSoUlWThtpqeGAaWQ",
"exp": 1560787349,
"iat": 1560783929,
"iss": "https://isamfed.com:30443/test",
"nonce": "YRCsUUVp5x9iNHHt",
"sub": "testuser"
},
"scope": "openid",
"state": "WQhIhLeGvOuhmgSp",
"token_type": "bearer"
}
|
3 | phase | <--<-- 4 --- AccessToken -->--> |
3 | request | op_args: {'state': 'WQhIhLeGvOuhmgSp'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61737/authz_cb'} |
3 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61737/authz_cb', 'code': 'PcuuHI9hDRCob6h6aI6CLrdYdnfSQ5', 'state': 'WQhIhLeGvOuhmgSp', 'grant_type': 'authorization_code', 'client_id': 'Zf4xpbOVSGBqxuMiyQZK'}, 'state': 'WQhIhLeGvOuhmgSp', 'authn_method': 'private_key_jwt'}
|
3 | AccessTokenRequest | {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiWmY0eHBiT1ZTR0JxeHVNaXlRWksiLCAic3ViIjogIlpmNHhwYk9WU0dCcXh1TWl5UVpLIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJxTm9CaU9kakI1cm9BMGRRaEpzMG9oaENSREw0Q013SiIsICJleHAiOiAxNTYwNzg0NTMwLCAiaWF0IjogMTU2MDc4MzkzMH0.YpkVWA3ZfQuYnn24Gg-TBl0QCreDpOsBcEd9Fxxnp3iC35y0h1KS1PilpLsJ-hUcAxrJDwXXsxJHSrZXGHB7N0kDnityvzr3wpNCv69h97YD7LNTK8yFNgSwoRN-AiiZ5yHRP1V4PTNn4-SOQrGJVNbNMjfCSkVpszwW-nhpdASmyHSXwRo9Tjv24qw1Os8YuRDA5x6z338NfvaDxdircrRae67N9Qk8mhBwNdGWnQ2MrYPV944x2BysiBuV-juhVSMC8Pjuv_VRg5hLV3sCqVUlXTNu4CvsnCA64kgaTNTZtuI93Ncf-AGko2KfcGT89gCRXOX5N7ZCUbSRZkGmWw",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "PcuuHI9hDRCob6h6aI6CLrdYdnfSQ5",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61737/authz_cb",
"state": "WQhIhLeGvOuhmgSp"
}
|
3 | request_url | https://isamfed.com:30443/mga/sps/oauth/oauth20/token |
3 | request_http_args | {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}} |
3 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61737%2Fauthz_cb&code=PcuuHI9hDRCob6h6aI6CLrdYdnfSQ5&state=WQhIhLeGvOuhmgSp&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiWmY0eHBiT1ZTR0JxeHVNaXlRWksiLCAic3ViIjogIlpmNHhwYk9WU0dCcXh1TWl5UVpLIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJxTm9CaU9kakI1cm9BMGRRaEpzMG9oaENSREw0Q013SiIsICJleHAiOiAxNTYwNzg0NTMwLCAiaWF0IjogMTU2MDc4MzkzMH0.YpkVWA3ZfQuYnn24Gg-TBl0QCreDpOsBcEd9Fxxnp3iC35y0h1KS1PilpLsJ-hUcAxrJDwXXsxJHSrZXGHB7N0kDnityvzr3wpNCv69h97YD7LNTK8yFNgSwoRN-AiiZ5yHRP1V4PTNn4-SOQrGJVNbNMjfCSkVpszwW-nhpdASmyHSXwRo9Tjv24qw1Os8YuRDA5x6z338NfvaDxdircrRae67N9Qk8mhBwNdGWnQ2MrYPV944x2BysiBuV-juhVSMC8Pjuv_VRg5hLV3sCqVUlXTNu4CvsnCA64kgaTNTZtuI93Ncf-AGko2KfcGT89gCRXOX5N7ZCUbSRZkGmWw&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer |
3 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/token status_code:200
|
3 | response | {'access_token': 'SHSYITIse1f2O1e7WToR', 'refresh_token': '68YqCubI2BfzQZ1FHq9Il8S8kfVKr2jui16NHz2o', 'scope': 'openid', 'id_token': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.AFn5Ir1Vam65UTDO9khdQM1ZiUBgea_JxxQFv6flLkuKGHUlUTo5g8UVp-hpiTeM0JbLhV4GogLydQKH-9jLcvj3eLkYSis4IjLdEDpLtlPWWJVp8b_AVG7OcGb6Rpee876EuJGGye3zhSVu-NzRZwEYBj_GHgP5RSH2Rj2x6Vepe1t_SVvkSOGYTVCBR1tg4cbbgTgWjxAHpFeSkh5WIs9AUDZMNfqBjRZc_n7QiiAMwKoZugCBLbF6ga86Rgc5Q3HqIFNmGCQ45QJhdhEbFVc4vD0-au_yfDhpx2HcV9tHKoEs-BYQrVdVHF98rZ4a0ps5w2_higt8uP5FdqItGg.UFsf7NTfNCRaVPO8QHNsig.THOup69drwLeZUWp-CptOjP_UgyKob01wTm11P4JrzWY_MsQgLUTXw485B_kB4Yw0tuXvvBDO1PpNWXBRkgxXvzag-ObNNalNIuOOKrtAhfl_BknbzKVb9tgpTSfd9Xvd3SiDjlw9g6n09wvCeLRpuVZX32kQk8m6kBdpmMRHJm_rCsMPHUviglo7lM8i7atKkokh6OOCURF_BQMYhfTr8opAc9u5hEABap-gXobLUbPefMm910TF6bSlbg28xJ1mfMwbG3BSK329xT4pUlqF57C-V0372Iipg8aFemrGe58b8dpAmL2lgMPFsW5fLyLW-H4uh4yo5djR3UGo-tT31jsEWBttmKK5kRvf9aL3T5ThO8PSVHdYxwhy8RI4ct-NYdwd8PE6dWha7SxSpTziFk-MFFKRO7r3SsOpMpYM-_nHNdlGRfB8fEtbDY94_5IcMACd_rCiBFPtOJrok_DsWD-63V3sVM2sUxyYV76fZMPFatM6p6IFR3X9nT1CXiZt1FUG0-TyZ8ZUJa-tDiw-8I90CaAO-NBemLzgCOxILKuLIureu4HF8VK7c6deePPqbWy0uyC03T5xgKW3a5aS_7MwyjsgiVNcNJbAEdNE1gHn9ntCV7GK--YmN8kw9i4EEKYwfXfvbnB0BBvLWoEvGnH53NAAMRnH5jYKDL6gxl90ixCAqyoH_Jr1aAcJhpFfZepghF0ZD76Osd48nBoERtcZTPYEdMiXfhH8T1KUayCucJwn1YW9wzWr5jxVU87VgUssupddEqa8_5Zph3O8-h54K1gepBhT147t64RaBEpHlLYsCWExA4uH3QSEZlgsHJWc5a6Bilc9cTDBuAWzi5YJRrsU6zlQfHOsO662AKcNJ3zbTgGJWMjoXOTAVrvf-024YHIB3eZbnvp0aqTixIB-2tcemo6DTCNWBA-3jQrDng450IYc9pMZxvY1j34vHMSz1nFbRPJVTtaHB5hHg.tXrMQOVuXCAGXblD4nIKGw', 'token_type': 'bearer', 'expires_in': 3599} |
3 | AccessTokenResponse | {
"access_token": "SHSYITIse1f2O1e7WToR",
"expires_in": 3599,
"id_token": {
"at_hash": "D9riWX0ACXLCRjuPxmEPDA",
"aud": [
"Zf4xpbOVSGBqxuMiyQZK"
],
"exp": 1560787350,
"iat": 1560783930,
"iss": "https://isamfed.com:30443/test",
"nonce": "YRCsUUVp5x9iNHHt",
"rt_hash": "wIUNYu-PSiCMN0qKAkPl6g",
"sub": "testuser"
},
"refresh_token": "68YqCubI2BfzQZ1FHq9Il8S8kfVKr2jui16NHz2o",
"scope": "openid",
"token_type": "bearer"
}
|
3 | jws header | {'kid': '_uhPdeGrTWxobFeH0XbzjJpRrzp3CB9nknx1yFV1G-0', 'alg': 'RS256'} |
3 | jwe header | {'alg': 'RSA-OAEP-256', 'enc': 'A128CBC-HS256', 'kid': 'gtH4v3Yr2QqLreBSz0ByQQ8vkf8eFo1KIit3s-3Bbww', 'cty': 'JWT'} |
3 | phase | <--<-- 5 --- AsyncAuthn -->--> |
3 | AuthorizationRequest | {
"client_id": "Zf4xpbOVSGBqxuMiyQZK",
"nonce": "g6iLrrx13OOqDZCp",
"prompt": [
"none"
],
"redirect_uri": "https://op.certification.openid.net:61737/authz_cb",
"response_type": "code id_token token",
"scope": "openid",
"state": "sMze7MKzLRDzQthN"
}
|
3 | redirect url | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=sMze7MKzLRDzQthN&nonce=g6iLrrx13OOqDZCp&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61737%2Fauthz_cb&prompt=none&client_id=Zf4xpbOVSGBqxuMiyQZK |
3 | redirect | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=sMze7MKzLRDzQthN&nonce=g6iLrrx13OOqDZCp&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61737%2Fauthz_cb&prompt=none&client_id=Zf4xpbOVSGBqxuMiyQZK |
4 | http args | {} |
5 | response | URL with fragment |
5 | response | access_token=PN9KZrs8DeOZ7PVmkYeU&state=sMze7MKzLRDzQthN&expires_in=3599&token_type=bearer&code=duVsBd3Bp4i2kcQR9TkuvDBijcMlIE&scope=openid&id_token=eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.jO8MOxdH6sJOQBxtdXv3ecpkq1MaaCzio92051E2apCI1BGpseV94G7KhkDntHQrWkeMkhiwvTnqEoeI3X4_yHt8GJv8POPMVrTCi2Wit4v9K3U-VG5PQXhgVd46ymPse9IkS7m4l_tqNxa1QLNuXH_UZSW50PyWev4TwM6CNkUz3cMdQmUKnRQMvheJCkOb30D1B3VXSs72euWJPi7SV9rH6eVftdpNR8ZtQQK8fTIeqmZXPiHJyoPFuB3VNyVSqBOjXWFZk28SU4AfeMdfmSm28WdAX6fvfnt28u4UKhG_g1PCMZ-XyACw58TPfTSGDG1hrIven3WiY6OKil46JA.vEa4GzOGyQzdSzWmtkMmMQ._ksaM1NCJi6QYvrfZGZZLi6QGrMc-VVMq_D8oJ1ZSbk-9YI7YLdOFeVFKcDgXsNGrINYNvhQjR65tgU8c8Yc9_2wM27cpH3UWmII60aGD52WfUCmsYcpgpPakTEzwGdk2YVHC8On5UTCYzGVnPbqmwqB5mwIrI8R6SXLqPHBBCwL9xVd_rovMGmqnSJlbW0vJyI5nXLXskHRLD7lhwEsbK23kpWfecIouUNXbeFnO5u4xeKMXxgJ4IBLRUVAzzQOIwoLEmzWIuIF0GLqtTQyYMwkFox7LWtDs70RNrwJn303_YHTbUqUDSfoF-piEQUEpI8rPacGrJZi8_OC_dOyvbvOzgTL_er-PWBqWPMmJGzSpaUjwjSwdb_MU8krajxf0LybhEH5qu4tfW3smLopTvIofxE2gOovNBa42ekLOZ_LvvsnhMjSsgseRnGuO0WIPFQ-jtHrbW4i5vKAwm25VZ2-77JTfzdSS7CJiPpfuH9Xw1MiypB-Ya8hpG25ECUX2dm6PwvElZaRnu-Z5O3B5vKTyJLQF6aFI2P3eNh5W1moQbxM2AjmRmcNfrn-7b453n4UiTyaZ4RDcC3DOCfkhJEc4ZGVhV35um4XRMT8HHVwGHzQ6CRRbxBU_hhPUp9PDQh3KKk5gQJJV657x8wil71q7rnouNECShnAB5nuZIsEu_iWAzD3ifhHA_r7q79VOrhAsbn6M6nlTRCzDDClVbxAMabatSpjlt0RDJpvm0v2LsBpa9Blh02fEo2b7xDKeh2YFB38hyctnYYGyClgaR3IMRFjHNYFPz3u1FyvfxwDMWxDTXrydCo8xd7DDWvOhSPFnoG2-jIqghSMfWpSCHj7dis-sZhXlFb1VdLPTVDJQZCaExqp_527wqzlHUYToTAg9YcOtY9AsBkPMZILXoAUmA6QdYua6JZHio7eOjDdksd4eT3LCH3QblRdn4PU8veDAoNuVRacI4MGQTkl5g.VlVKW3r-qTo2AEWiCvc39g |
5 | response | {'access_token': 'PN9KZrs8DeOZ7PVmkYeU', 'state': 'sMze7MKzLRDzQthN', 'expires_in': 3599, 'token_type': 'bearer', 'code': 'duVsBd3Bp4i2kcQR9TkuvDBijcMlIE', 'scope': 'openid', 'id_token': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.jO8MOxdH6sJOQBxtdXv3ecpkq1MaaCzio92051E2apCI1BGpseV94G7KhkDntHQrWkeMkhiwvTnqEoeI3X4_yHt8GJv8POPMVrTCi2Wit4v9K3U-VG5PQXhgVd46ymPse9IkS7m4l_tqNxa1QLNuXH_UZSW50PyWev4TwM6CNkUz3cMdQmUKnRQMvheJCkOb30D1B3VXSs72euWJPi7SV9rH6eVftdpNR8ZtQQK8fTIeqmZXPiHJyoPFuB3VNyVSqBOjXWFZk28SU4AfeMdfmSm28WdAX6fvfnt28u4UKhG_g1PCMZ-XyACw58TPfTSGDG1hrIven3WiY6OKil46JA.vEa4GzOGyQzdSzWmtkMmMQ._ksaM1NCJi6QYvrfZGZZLi6QGrMc-VVMq_D8oJ1ZSbk-9YI7YLdOFeVFKcDgXsNGrINYNvhQjR65tgU8c8Yc9_2wM27cpH3UWmII60aGD52WfUCmsYcpgpPakTEzwGdk2YVHC8On5UTCYzGVnPbqmwqB5mwIrI8R6SXLqPHBBCwL9xVd_rovMGmqnSJlbW0vJyI5nXLXskHRLD7lhwEsbK23kpWfecIouUNXbeFnO5u4xeKMXxgJ4IBLRUVAzzQOIwoLEmzWIuIF0GLqtTQyYMwkFox7LWtDs70RNrwJn303_YHTbUqUDSfoF-piEQUEpI8rPacGrJZi8_OC_dOyvbvOzgTL_er-PWBqWPMmJGzSpaUjwjSwdb_MU8krajxf0LybhEH5qu4tfW3smLopTvIofxE2gOovNBa42ekLOZ_LvvsnhMjSsgseRnGuO0WIPFQ-jtHrbW4i5vKAwm25VZ2-77JTfzdSS7CJiPpfuH9Xw1MiypB-Ya8hpG25ECUX2dm6PwvElZaRnu-Z5O3B5vKTyJLQF6aFI2P3eNh5W1moQbxM2AjmRmcNfrn-7b453n4UiTyaZ4RDcC3DOCfkhJEc4ZGVhV35um4XRMT8HHVwGHzQ6CRRbxBU_hhPUp9PDQh3KKk5gQJJV657x8wil71q7rnouNECShnAB5nuZIsEu_iWAzD3ifhHA_r7q79VOrhAsbn6M6nlTRCzDDClVbxAMabatSpjlt0RDJpvm0v2LsBpa9Blh02fEo2b7xDKeh2YFB38hyctnYYGyClgaR3IMRFjHNYFPz3u1FyvfxwDMWxDTXrydCo8xd7DDWvOhSPFnoG2-jIqghSMfWpSCHj7dis-sZhXlFb1VdLPTVDJQZCaExqp_527wqzlHUYToTAg9YcOtY9AsBkPMZILXoAUmA6QdYua6JZHio7eOjDdksd4eT3LCH3QblRdn4PU8veDAoNuVRacI4MGQTkl5g.VlVKW3r-qTo2AEWiCvc39g'} |
5 | AuthorizationResponse | {
"access_token": "PN9KZrs8DeOZ7PVmkYeU",
"code": "duVsBd3Bp4i2kcQR9TkuvDBijcMlIE",
"expires_in": 3599,
"id_token": {
"at_hash": "Eb3punR1dgT5helZ5k2-_Q",
"aud": [
"Zf4xpbOVSGBqxuMiyQZK"
],
"c_hash": "dp5EJWoPl4fUouqg_SiGmA",
"exp": 1560787351,
"iat": 1560783931,
"iss": "https://isamfed.com:30443/test",
"nonce": "g6iLrrx13OOqDZCp",
"sub": "testuser"
},
"scope": "openid",
"state": "sMze7MKzLRDzQthN",
"token_type": "bearer"
}
|
5 | phase | <--<-- 6 --- AccessToken -->--> |
5 | request | op_args: {'state': 'sMze7MKzLRDzQthN'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61737/authz_cb'} |
5 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61737/authz_cb', 'code': 'duVsBd3Bp4i2kcQR9TkuvDBijcMlIE', 'state': 'sMze7MKzLRDzQthN', 'grant_type': 'authorization_code', 'client_id': 'Zf4xpbOVSGBqxuMiyQZK'}, 'state': 'sMze7MKzLRDzQthN', 'authn_method': 'private_key_jwt'}
|
5 | AccessTokenRequest | {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiWmY0eHBiT1ZTR0JxeHVNaXlRWksiLCAic3ViIjogIlpmNHhwYk9WU0dCcXh1TWl5UVpLIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJwT3VqcnN5dnkyWWtoUzQ0SFpTcFNnYUtOdFpBeUN5RCIsICJleHAiOiAxNTYwNzg0NTMyLCAiaWF0IjogMTU2MDc4MzkzMn0.y61QBpZnN89YNjSsnp1iws9iz-qL2TtX1Xjk453RELxk_sls222zGTCanuhu5Itf94I_FcCOC_uAGmV7xuHFUw8Ysh1ZMzwYh-2kmrk-SD_VG7zNndkuUeuQxIKd1bcLPJB3tTYJYFtdSEK8OEz8QAUR0agL4vNf2LuH8HjRRA-XVCU8MF2Ti7p0wS-tfLUMiPRq7abelW0jicPouwl5mgHBfOqAB88pxdnedqWB4HYwQDtG2btE3y7peq1ligT7080z4cnizzrXjTXopaRN3WoHvEMweuT3s0dpY23B16jVKEgnzHgW7lgRtCVIYA8kWkb78kwOjQ97o2rdFY-QwA",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "duVsBd3Bp4i2kcQR9TkuvDBijcMlIE",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61737/authz_cb",
"state": "sMze7MKzLRDzQthN"
}
|
5 | request_url | https://isamfed.com:30443/mga/sps/oauth/oauth20/token |
5 | request_http_args | {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}} |
5 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61737%2Fauthz_cb&code=duVsBd3Bp4i2kcQR9TkuvDBijcMlIE&state=sMze7MKzLRDzQthN&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiWmY0eHBiT1ZTR0JxeHVNaXlRWksiLCAic3ViIjogIlpmNHhwYk9WU0dCcXh1TWl5UVpLIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJwT3VqcnN5dnkyWWtoUzQ0SFpTcFNnYUtOdFpBeUN5RCIsICJleHAiOiAxNTYwNzg0NTMyLCAiaWF0IjogMTU2MDc4MzkzMn0.y61QBpZnN89YNjSsnp1iws9iz-qL2TtX1Xjk453RELxk_sls222zGTCanuhu5Itf94I_FcCOC_uAGmV7xuHFUw8Ysh1ZMzwYh-2kmrk-SD_VG7zNndkuUeuQxIKd1bcLPJB3tTYJYFtdSEK8OEz8QAUR0agL4vNf2LuH8HjRRA-XVCU8MF2Ti7p0wS-tfLUMiPRq7abelW0jicPouwl5mgHBfOqAB88pxdnedqWB4HYwQDtG2btE3y7peq1ligT7080z4cnizzrXjTXopaRN3WoHvEMweuT3s0dpY23B16jVKEgnzHgW7lgRtCVIYA8kWkb78kwOjQ97o2rdFY-QwA&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer |
6 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/token status_code:200
|
6 | response | {'access_token': 'NPbhryjmVjzKoSIHG1vL', 'refresh_token': 'X7MD0AmOSVHT2G0t2BkDz9enhFZVNZ13se9kVEOn', 'scope': 'openid', 'id_token': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.eXcT0Ccvtnga3OB2ZFry5GLbwaBP_rAcXoe1oMVdU7biUdWNezWMLpHyYMBlQh9YATdUUWYYYflFAIxWRa-L7GgDWOEsSvjlW6uaqJjp96fNSNbU2YNSZcn8BXe5xQu-cqtbrCeTdxk8nsneh2m39M1KYw3rhp_pM37YUdHAW1FUyYyUEJY7-uscH6wtBn9g4r9TOb8IxJ19vn-AH78GMa5JdpUuRu3egCaI-IAPU1kyd9-vfK4SzhRdqnvO4ufdtDVqsceJth0I1qubdaIY1H3nMFbeh6SYqtgAkMacEDLpPrvdncD_m42bblqBVbcAKBxpi4pqktdF1DFdcfDymQ.BP4ln46nyiHf5BMNP8Ce5Q.tf4iypYQWuD0Yrq8FldlOjtrSjcsrVxCoOIKQNWrBTtPNGLzI_uuZX1yphVFk4NTJW5Bilna6u2y6wHFWdbqnY6vSw1_Mh-BXe9rrHz8yeNY0BL34oAH5rsvGjkk98INN60L_4ZEq8pokP4x23UVVOGJKCctA4bfvRs8tG6a-giwY4LsZ50kYHR1_dGojbgDT89WY_meTBr4FtqpPeWFa24BHwaPMS6RM4TXcZuTtFBM_PivIOTTCc7si-kswr3qEaCc3mfdXEKPxu0eIJzvWW6xNJrcZAarDY3k7wefRogMy1mVNTgeF-4M0hpaNkKIz7QW8Tw0RF7wuZ5EAhP_ZJ3iPvr57NKC5rERx8Ph60sYWddQyEK24N22EaQxK2lygnHNo4ZKtr3cOAcZQoD_oB0K03JXa3sXoR5AjUnzp9tbZhY4LlAn9iQyC2toRNDm_v7WwWVP9gh04Ta1FjtOAhb4yXwau5kgOgPVG6AmQ0Q-N8iqvpTldA4gJyvIklrfR3kZcSQ-DaRw8hMHckpknDNxF5763cnzlFN520kap1WAhxnS2vTQSuCnC9-8p3iN_7kbbPbrSHvnMW-3qSWok5rLSet-e-jTSV_4T3ZRTtRG90u_xk0UwcJ3xuz1VNlMN_gjG38HHCUlsAAh2o5ojQqcJTksPXgvuzUFVzobnarNEuJpCRdKacYPC9luMbedhHkCuGdWHX9Bpsjcm3yvaaiYf9TlrOXMDZuH3Asp0seHi65-4xV09Nhg4qC_mNhr_M7B1l9YDf_wRX5q01ktWBGNNePXvsGrrNO6JJh3aojQXHI4rRof1TPM4ai9ODE_8BSrMuG_AOr_AbPYUeJxox2KNtsRP_KUuE71selmB9h6QNCnTR6GmHTdPAPXKdb2qs87vYOYfS8zFKqOEIyCtF3MV439uQYWIEUzBSwEUOGjr62yaZQQDWtoLUV_SPn4BR45PIkOb0Lluu_XO2khuQ.kEcCsDg_7L7dp27iGM9q-g', 'token_type': 'bearer', 'expires_in': 3599} |
6 | AccessTokenResponse | {
"access_token": "NPbhryjmVjzKoSIHG1vL",
"expires_in": 3599,
"id_token": {
"at_hash": "QPiXJ7PRtHsq4fg-UlkBtw",
"aud": [
"Zf4xpbOVSGBqxuMiyQZK"
],
"exp": 1560787352,
"iat": 1560783932,
"iss": "https://isamfed.com:30443/test",
"nonce": "g6iLrrx13OOqDZCp",
"rt_hash": "jPDxzmX6hum73I_ZEEgJTA",
"sub": "testuser"
},
"refresh_token": "X7MD0AmOSVHT2G0t2BkDz9enhFZVNZ13se9kVEOn",
"scope": "openid",
"token_type": "bearer"
}
|
6 | jws header | {'kid': '_uhPdeGrTWxobFeH0XbzjJpRrzp3CB9nknx1yFV1G-0', 'alg': 'RS256'} |
6 | jwe header | {'alg': 'RSA-OAEP-256', 'enc': 'A128CBC-HS256', 'kid': 'gtH4v3Yr2QqLreBSz0ByQQ8vkf8eFo1KIit3s-3Bbww', 'cty': 'JWT'} |
6 | phase | <--<-- 7 --- Done -->--> |
6 | end | |
6 | assertion | SameAuthn |
6 | condition | Done: status=OK |