0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | provider_config | kwargs:{'issuer': 'https://isamfed.com:30443/test'}
|
0 | http response | url:https://isamfed.com:30443/test/.well-known/openid-configuration status_code:200
|
0 | ProviderConfigurationResponse | {
"authorization_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize",
"claims_parameter_supported": false,
"claims_supported": [
"realmName",
"preferred_username",
"given_name",
"uid",
"upn",
"groupIds",
"employee_id",
"name",
"tenantId",
"mobile_number",
"department",
"job_title",
"family_name",
"email"
],
"device_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/device_authorize",
"grant_types_supported": [
"urn:ietf:params:oauth:grant-type:jwt-bearer",
"implicit",
"urn:ietf:params:oauth:grant-type:saml2-bearer",
"urn:ietf:params:oauth:grant-type:device_code",
"client_credentials",
"password",
"authorization_code",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"introspect_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/introspect",
"issuer": "https://isamfed.com:30443/test",
"jwks_uri": "https://isamfed.com:30443/mga/sps/jwks",
"name": "OIDCDefinition",
"poc": "https://isamfed.com:30443/mga/",
"registration_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_modes_supported": [
"fragment",
"form_post"
],
"response_types_supported": [
"token",
"id_token",
"token id_token",
"code",
"code id_token",
"code token id_token",
"code token",
"none"
],
"revocation_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/revoke",
"subject_types_supported": [
"public"
],
"token_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/token",
"token_endpoint_auth_methods_supported": [
"private_key_jwt",
"client_secret_post",
"client_secret_basic"
],
"user_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/user_authorize",
"userinfo_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/userinfo",
"userinfo_signing_alg_values_supported": [
"RS256"
],
"version": "3.0"
}
|
0 | phase | <--<-- 2 --- Registration -->--> |
0 | register | kwargs:{'response_types': ['code id_token'], 'grant_types': ['authorization_code', 'implicit'], 'application_name': 'OIC test tool', 'application_type': 'web', 'redirect_uris': ['https://op.certification.openid.net:61365/authz_cb'], 'contacts': ['roland@example.com'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61365/logout'], 'url': 'https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition', 'jwks_uri': 'https://op.certification.openid.net:61365/static/jwks_61365.json', 'token_endpoint_auth_method': 'private_key_jwt'}
|
0 | RegistrationRequest | {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61365/static/jwks_61365.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61365/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61365/authz_cb"
],
"response_types": [
"code id_token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
|
0 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition status_code:200
|
0 | RegistrationResponse | {
"application_type": "web",
"client_id": "s2gGPrrYZgL1OIXtaMJC",
"client_id_issued_at": 1560755819,
"client_secret": "9IWizx0fKMVy6RgSMyTI",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61365/static/jwks_61365.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61365/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61365/authz_cb"
],
"registration_access_token": "6wEHFQdqWyRc2lCxrkNW",
"registration_client_uri": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition?client_id=s2gGPrrYZgL1OIXtaMJC",
"response_types": [
"code",
"id_token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
|
0 | phase | <--<-- 3 --- AsyncAuthn -->--> |
0 | AuthorizationRequest | {
"client_id": "s2gGPrrYZgL1OIXtaMJC",
"nonce": "3Ob3e4w2BvFAGzsU",
"redirect_uri": "https://op.certification.openid.net:61365/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "KK7Z5JFI0M4Td4Bi"
}
|
0 | redirect url | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=KK7Z5JFI0M4Td4Bi&nonce=3Ob3e4w2BvFAGzsU&response_type=code+id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61365%2Fauthz_cb&client_id=s2gGPrrYZgL1OIXtaMJC |
0 | redirect | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=KK7Z5JFI0M4Td4Bi&nonce=3Ob3e4w2BvFAGzsU&response_type=code+id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61365%2Fauthz_cb&client_id=s2gGPrrYZgL1OIXtaMJC |
1 | http args | {} |
1 | response | URL with fragment |
1 | response | id_token=eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJub25jZSI6IjNPYjNlNHcyQnZGQUd6c1UiLCJpYXQiOjE1NjA3NTU4MjAsImlzcyI6Imh0dHBzOi8vaXNhbWZlZC5jb206MzA0NDMvdGVzdCIsInN1YiI6InRlc3R1c2VyIiwiZXhwIjoxNTYwNzU5MjQwLCJjX2hhc2giOiJDNHQtQVd0U09fRTRfUWlBQ1VlMkR3IiwiYXVkIjoiczJnR1BycllaZ0wxT0lYdGFNSkMifQ.cGlHzOR_GSQD3B1zF8u24tHmlre5gmhpIYBK3FJo3eiFeZ3IYmflQzOpBSlpMgwNxUOSRykmo2t40e0a4IlGvlJ4V0P0AdAVLud7qtQCaWBspbHHpujsI8FSlHFEdU2MJHMrjIEAqHFQja7gzyYfPxDcfboq5PsDuiORQoT6YW2y8hKRlLpUAkDr9aLQAPdsSU8GfMPfsWytTYmS2aCAWVRgAuoeWrMWpdUbPHjOpBpmsGQ_NkwEZhTCLsr5tHcNwBbAifqit1t1DqwTMmV-ZzV--IC4rJXQd7_YwPa4hGGzwCRoEOYTWesgau-mfezlDQQR0lCtV647MxL63F5PLQ&state=KK7Z5JFI0M4Td4Bi&code=ZrrJtmAA0328aq0Z6JDBs4I9eytFVk |
1 | response | {'id_token': 'eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJub25jZSI6IjNPYjNlNHcyQnZGQUd6c1UiLCJpYXQiOjE1NjA3NTU4MjAsImlzcyI6Imh0dHBzOi8vaXNhbWZlZC5jb206MzA0NDMvdGVzdCIsInN1YiI6InRlc3R1c2VyIiwiZXhwIjoxNTYwNzU5MjQwLCJjX2hhc2giOiJDNHQtQVd0U09fRTRfUWlBQ1VlMkR3IiwiYXVkIjoiczJnR1BycllaZ0wxT0lYdGFNSkMifQ.cGlHzOR_GSQD3B1zF8u24tHmlre5gmhpIYBK3FJo3eiFeZ3IYmflQzOpBSlpMgwNxUOSRykmo2t40e0a4IlGvlJ4V0P0AdAVLud7qtQCaWBspbHHpujsI8FSlHFEdU2MJHMrjIEAqHFQja7gzyYfPxDcfboq5PsDuiORQoT6YW2y8hKRlLpUAkDr9aLQAPdsSU8GfMPfsWytTYmS2aCAWVRgAuoeWrMWpdUbPHjOpBpmsGQ_NkwEZhTCLsr5tHcNwBbAifqit1t1DqwTMmV-ZzV--IC4rJXQd7_YwPa4hGGzwCRoEOYTWesgau-mfezlDQQR0lCtV647MxL63F5PLQ', 'state': 'KK7Z5JFI0M4Td4Bi', 'code': 'ZrrJtmAA0328aq0Z6JDBs4I9eytFVk'} |
2 | AuthorizationResponse | {
"code": "ZrrJtmAA0328aq0Z6JDBs4I9eytFVk",
"id_token": {
"aud": [
"s2gGPrrYZgL1OIXtaMJC"
],
"c_hash": "C4t-AWtSO_E4_QiACUe2Dw",
"exp": 1560759240,
"iat": 1560755820,
"iss": "https://isamfed.com:30443/test",
"nonce": "3Ob3e4w2BvFAGzsU",
"sub": "testuser"
},
"state": "KK7Z5JFI0M4Td4Bi"
}
|
2 | phase | <--<-- 4 --- AccessToken -->--> |
2 | request | op_args: {'state': 'KK7Z5JFI0M4Td4Bi'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61365/authz_cb'} |
2 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61365/authz_cb', 'code': 'ZrrJtmAA0328aq0Z6JDBs4I9eytFVk', 'state': 'KK7Z5JFI0M4Td4Bi', 'grant_type': 'authorization_code', 'client_id': 's2gGPrrYZgL1OIXtaMJC'}, 'state': 'KK7Z5JFI0M4Td4Bi', 'authn_method': 'private_key_jwt'}
|
2 | AccessTokenRequest | {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiczJnR1BycllaZ0wxT0lYdGFNSkMiLCAic3ViIjogInMyZ0dQcnJZWmdMMU9JWHRhTUpDIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJXR0ZONGd6Sjc4dVlDUENvS3locmtOb2Z4UVJ4dEYyUyIsICJleHAiOiAxNTYwNzU2NDIxLCAiaWF0IjogMTU2MDc1NTgyMX0.wDjcv8LPX4s9_hShgHJpgjT3WMKEd2QGmpCqePf5CXnhXsO7gXW4NVhZOMKqJP4ZVlhTqad4__ld6FOPZcoLG2eQWhjxR0FE4a-vDAXRJ9pvPKGA3Q1hnNWtX9l1l0Lr7_iwn3QmpdOEG1vKPd3R6Aha1fnj7sPl_S1EQ120Yde-kMhMgDV6DsE3PENmKhcnQax8XnonCAb9DInXM86u_RqMTs3nSOmdYArYKJmsarzWapEruWaixhoQH4aJRPdNtDRGCv95HqH_MLmnIqOKwTSCHQnBz9AKuZ_w1lJeKDwRuRAlqTwmHColfn5ngTL6lovdTRCe6vNQ5UelIH-6oA",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "ZrrJtmAA0328aq0Z6JDBs4I9eytFVk",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61365/authz_cb",
"state": "KK7Z5JFI0M4Td4Bi"
}
|
2 | request_url | https://isamfed.com:30443/mga/sps/oauth/oauth20/token |
2 | request_http_args | {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}} |
2 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61365%2Fauthz_cb&code=ZrrJtmAA0328aq0Z6JDBs4I9eytFVk&state=KK7Z5JFI0M4Td4Bi&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiczJnR1BycllaZ0wxT0lYdGFNSkMiLCAic3ViIjogInMyZ0dQcnJZWmdMMU9JWHRhTUpDIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJXR0ZONGd6Sjc4dVlDUENvS3locmtOb2Z4UVJ4dEYyUyIsICJleHAiOiAxNTYwNzU2NDIxLCAiaWF0IjogMTU2MDc1NTgyMX0.wDjcv8LPX4s9_hShgHJpgjT3WMKEd2QGmpCqePf5CXnhXsO7gXW4NVhZOMKqJP4ZVlhTqad4__ld6FOPZcoLG2eQWhjxR0FE4a-vDAXRJ9pvPKGA3Q1hnNWtX9l1l0Lr7_iwn3QmpdOEG1vKPd3R6Aha1fnj7sPl_S1EQ120Yde-kMhMgDV6DsE3PENmKhcnQax8XnonCAb9DInXM86u_RqMTs3nSOmdYArYKJmsarzWapEruWaixhoQH4aJRPdNtDRGCv95HqH_MLmnIqOKwTSCHQnBz9AKuZ_w1lJeKDwRuRAlqTwmHColfn5ngTL6lovdTRCe6vNQ5UelIH-6oA&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer |
2 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/token status_code:200
|
2 | response | {'access_token': 'NLewyjNLLQCrtCow9CJg', 'refresh_token': 'KIpoj58mpsrNAZ2vKIVDoA7pjXck916PFNVCtEzI', 'scope': 'openid', 'id_token': 'eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJydF9oYXNoIjoiSHNNR2FyNE9XYU9UOHZESjNQbDlwZyIsIm5vbmNlIjoiM09iM2U0dzJCdkZBR3pzVSIsImlhdCI6MTU2MDc1NTgyMSwiaXNzIjoiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My90ZXN0IiwiYXRfaGFzaCI6IlhlUnNFdTBmeUhvSF9USmQ1ZzNUTWciLCJzdWIiOiJ0ZXN0dXNlciIsImV4cCI6MTU2MDc1OTI0MSwiYXVkIjoiczJnR1BycllaZ0wxT0lYdGFNSkMifQ.alS0taSkeNMdNzM6XaDPdk0I2qp86FSW6x8fklZgKQ-22bq77NCqRzq108d8R1hzSmNsnUjOlPI7ckv6r-gO5EIyeXknfqCzjnVArkkCF7yws5a7R_ow2CjYn4vMThpqnY8pNEd2g8bQfWor_sgTq3fC7VlqFujkDo73fYKnaV9cD95y_yWaWnsNoCOiPlVXmDWxxUX1wM2gOG0wGxidtXKt7UJkguy6vMzPlrxVRRaTZnDQnqV4HFtIaye3cEjAK-1IVudiFzL_o2HybSICWVYL-JNE6yUjGd9kk_U1-DjDvyEEbNbp_acp9y-BqYeBJq1OmnW3lnRS67nVkMQE-A', 'token_type': 'bearer', 'expires_in': 3599} |
2 | AccessTokenResponse | {
"access_token": "NLewyjNLLQCrtCow9CJg",
"expires_in": 3599,
"id_token": {
"at_hash": "XeRsEu0fyHoH_TJd5g3TMg",
"aud": [
"s2gGPrrYZgL1OIXtaMJC"
],
"exp": 1560759241,
"iat": 1560755821,
"iss": "https://isamfed.com:30443/test",
"nonce": "3Ob3e4w2BvFAGzsU",
"rt_hash": "HsMGar4OWaOT8vDJ3Pl9pg",
"sub": "testuser"
},
"refresh_token": "KIpoj58mpsrNAZ2vKIVDoA7pjXck916PFNVCtEzI",
"scope": "openid",
"token_type": "bearer"
}
|
2 | jws header | {'kid': '_uhPdeGrTWxobFeH0XbzjJpRrzp3CB9nknx1yFV1G-0', 'alg': 'RS256'} |
2 | phase | <--<-- 5 --- AsyncAuthn -->--> |
2 | AuthorizationRequest | {
"client_id": "s2gGPrrYZgL1OIXtaMJC",
"id_token_hint": "eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJub25jZSI6IjNPYjNlNHcyQnZGQUd6c1UiLCJpYXQiOjE1NjA3NTU4MjAsImlzcyI6Imh0dHBzOi8vaXNhbWZlZC5jb206MzA0NDMvdGVzdCIsInN1YiI6InRlc3R1c2VyIiwiZXhwIjoxNTYwNzU5MjQwLCJjX2hhc2giOiJDNHQtQVd0U09fRTRfUWlBQ1VlMkR3IiwiYXVkIjoiczJnR1BycllaZ0wxT0lYdGFNSkMifQ.cGlHzOR_GSQD3B1zF8u24tHmlre5gmhpIYBK3FJo3eiFeZ3IYmflQzOpBSlpMgwNxUOSRykmo2t40e0a4IlGvlJ4V0P0AdAVLud7qtQCaWBspbHHpujsI8FSlHFEdU2MJHMrjIEAqHFQja7gzyYfPxDcfboq5PsDuiORQoT6YW2y8hKRlLpUAkDr9aLQAPdsSU8GfMPfsWytTYmS2aCAWVRgAuoeWrMWpdUbPHjOpBpmsGQ_NkwEZhTCLsr5tHcNwBbAifqit1t1DqwTMmV-ZzV--IC4rJXQd7_YwPa4hGGzwCRoEOYTWesgau-mfezlDQQR0lCtV647MxL63F5PLQ",
"nonce": "9QIemlziSoXSzIpi",
"prompt": [
"none"
],
"redirect_uri": "https://op.certification.openid.net:61365/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "AVpjA1lFcSoUQqaP"
}
|
2 | redirect url | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=AVpjA1lFcSoUQqaP&nonce=9QIemlziSoXSzIpi&response_type=code+id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61365%2Fauthz_cb&prompt=none&id_token_hint=eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJub25jZSI6IjNPYjNlNHcyQnZGQUd6c1UiLCJpYXQiOjE1NjA3NTU4MjAsImlzcyI6Imh0dHBzOi8vaXNhbWZlZC5jb206MzA0NDMvdGVzdCIsInN1YiI6InRlc3R1c2VyIiwiZXhwIjoxNTYwNzU5MjQwLCJjX2hhc2giOiJDNHQtQVd0U09fRTRfUWlBQ1VlMkR3IiwiYXVkIjoiczJnR1BycllaZ0wxT0lYdGFNSkMifQ.cGlHzOR_GSQD3B1zF8u24tHmlre5gmhpIYBK3FJo3eiFeZ3IYmflQzOpBSlpMgwNxUOSRykmo2t40e0a4IlGvlJ4V0P0AdAVLud7qtQCaWBspbHHpujsI8FSlHFEdU2MJHMrjIEAqHFQja7gzyYfPxDcfboq5PsDuiORQoT6YW2y8hKRlLpUAkDr9aLQAPdsSU8GfMPfsWytTYmS2aCAWVRgAuoeWrMWpdUbPHjOpBpmsGQ_NkwEZhTCLsr5tHcNwBbAifqit1t1DqwTMmV-ZzV--IC4rJXQd7_YwPa4hGGzwCRoEOYTWesgau-mfezlDQQR0lCtV647MxL63F5PLQ&client_id=s2gGPrrYZgL1OIXtaMJC |
2 | redirect | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=AVpjA1lFcSoUQqaP&nonce=9QIemlziSoXSzIpi&response_type=code+id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61365%2Fauthz_cb&prompt=none&id_token_hint=eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJub25jZSI6IjNPYjNlNHcyQnZGQUd6c1UiLCJpYXQiOjE1NjA3NTU4MjAsImlzcyI6Imh0dHBzOi8vaXNhbWZlZC5jb206MzA0NDMvdGVzdCIsInN1YiI6InRlc3R1c2VyIiwiZXhwIjoxNTYwNzU5MjQwLCJjX2hhc2giOiJDNHQtQVd0U09fRTRfUWlBQ1VlMkR3IiwiYXVkIjoiczJnR1BycllaZ0wxT0lYdGFNSkMifQ.cGlHzOR_GSQD3B1zF8u24tHmlre5gmhpIYBK3FJo3eiFeZ3IYmflQzOpBSlpMgwNxUOSRykmo2t40e0a4IlGvlJ4V0P0AdAVLud7qtQCaWBspbHHpujsI8FSlHFEdU2MJHMrjIEAqHFQja7gzyYfPxDcfboq5PsDuiORQoT6YW2y8hKRlLpUAkDr9aLQAPdsSU8GfMPfsWytTYmS2aCAWVRgAuoeWrMWpdUbPHjOpBpmsGQ_NkwEZhTCLsr5tHcNwBbAifqit1t1DqwTMmV-ZzV--IC4rJXQd7_YwPa4hGGzwCRoEOYTWesgau-mfezlDQQR0lCtV647MxL63F5PLQ&client_id=s2gGPrrYZgL1OIXtaMJC |
3 | http args | {} |
3 | response | URL with fragment |
3 | response | id_token=eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJub25jZSI6IjlRSWVtbHppU29YU3pJcGkiLCJpYXQiOjE1NjA3NTU4MjIsImlzcyI6Imh0dHBzOi8vaXNhbWZlZC5jb206MzA0NDMvdGVzdCIsInN1YiI6InRlc3R1c2VyIiwiZXhwIjoxNTYwNzU5MjQyLCJjX2hhc2giOiJpLUNtSzJTT1EzbnZsRGI1ZUhqN0lBIiwiYXVkIjoiczJnR1BycllaZ0wxT0lYdGFNSkMifQ.R8DLvGFPdR1tyK5NF5YpN_9LMsRR5XfCeTuouEn3_Y_LGB1lUgIr2OdSPvUzAACSnpVqfHbED8nyr39vv_fwXL_Xywlmo1H5mAnJbON7O1-SQZLza4n5U31QfunEO6Om1UR8M3sdaH80FNl1G9gh3lx8Jq8V3s7V9SRD8G6ZMhx0dChyVtG8umCBqrrB9g45YC0HGSA42TomLuMccOM0Gj2VL0wjaFoXCT6rC79SPqwnNzX2zIqlyFIfRPKcDVKW1W8GYI7truc0_stc5SLgvG6ZXlVq8QBTQ4lqJgYLOH_Skr_svDL4q65-GRep85JSth4GxQ58AY5-Ze1uyAOEDw&state=AVpjA1lFcSoUQqaP&code=yTuyDOqxo5jP3j2dpn4KUPg0KXvLGO |
3 | response | {'id_token': 'eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJub25jZSI6IjlRSWVtbHppU29YU3pJcGkiLCJpYXQiOjE1NjA3NTU4MjIsImlzcyI6Imh0dHBzOi8vaXNhbWZlZC5jb206MzA0NDMvdGVzdCIsInN1YiI6InRlc3R1c2VyIiwiZXhwIjoxNTYwNzU5MjQyLCJjX2hhc2giOiJpLUNtSzJTT1EzbnZsRGI1ZUhqN0lBIiwiYXVkIjoiczJnR1BycllaZ0wxT0lYdGFNSkMifQ.R8DLvGFPdR1tyK5NF5YpN_9LMsRR5XfCeTuouEn3_Y_LGB1lUgIr2OdSPvUzAACSnpVqfHbED8nyr39vv_fwXL_Xywlmo1H5mAnJbON7O1-SQZLza4n5U31QfunEO6Om1UR8M3sdaH80FNl1G9gh3lx8Jq8V3s7V9SRD8G6ZMhx0dChyVtG8umCBqrrB9g45YC0HGSA42TomLuMccOM0Gj2VL0wjaFoXCT6rC79SPqwnNzX2zIqlyFIfRPKcDVKW1W8GYI7truc0_stc5SLgvG6ZXlVq8QBTQ4lqJgYLOH_Skr_svDL4q65-GRep85JSth4GxQ58AY5-Ze1uyAOEDw', 'state': 'AVpjA1lFcSoUQqaP', 'code': 'yTuyDOqxo5jP3j2dpn4KUPg0KXvLGO'} |
3 | AuthorizationResponse | {
"code": "yTuyDOqxo5jP3j2dpn4KUPg0KXvLGO",
"id_token": {
"aud": [
"s2gGPrrYZgL1OIXtaMJC"
],
"c_hash": "i-CmK2SOQ3nvlDb5eHj7IA",
"exp": 1560759242,
"iat": 1560755822,
"iss": "https://isamfed.com:30443/test",
"nonce": "9QIemlziSoXSzIpi",
"sub": "testuser"
},
"state": "AVpjA1lFcSoUQqaP"
}
|
3 | phase | <--<-- 6 --- AccessToken -->--> |
3 | request | op_args: {'state': 'AVpjA1lFcSoUQqaP'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61365/authz_cb'} |
3 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61365/authz_cb', 'code': 'yTuyDOqxo5jP3j2dpn4KUPg0KXvLGO', 'state': 'AVpjA1lFcSoUQqaP', 'grant_type': 'authorization_code', 'client_id': 's2gGPrrYZgL1OIXtaMJC'}, 'state': 'AVpjA1lFcSoUQqaP', 'authn_method': 'private_key_jwt'}
|
3 | AccessTokenRequest | {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiczJnR1BycllaZ0wxT0lYdGFNSkMiLCAic3ViIjogInMyZ0dQcnJZWmdMMU9JWHRhTUpDIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJVUjQzdUJVN3FOUTFLNFRqUVNDakFDbmFvNFE4WWRLSSIsICJleHAiOiAxNTYwNzU2NDIyLCAiaWF0IjogMTU2MDc1NTgyMn0.t8z7LmZbmMGCNPtogjaQGiAYlGKlNQecLth7Z4PeRfbL3IosjaHiBIXmr_6DBHs_F5skA-zxuCHoKDUjO1oioi4e34rjsci4tPFH_y3XFgBvvWSDmaE3301eKzOU7FfwRp8IdyxPm9eHzSE4WO1dZgD-PLXb_KKJUyalxjbNKrZeFyeF0TC7WnX6O2jxYSk4pM5qB2QzVzKx1NDQD55KECwzseiA1FCW_iXDiXfVYEcV-FrPgAtpzBUriu1WVyQdBMuAnR6FRyFte2PX_Fej8WOYmkm6L_Q4al3_swOP-oMMwnJZ2KIZ6vzLodfwqYXHF1tGR4BWwOwvFdQc1UJjMQ",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "yTuyDOqxo5jP3j2dpn4KUPg0KXvLGO",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61365/authz_cb",
"state": "AVpjA1lFcSoUQqaP"
}
|
3 | request_url | https://isamfed.com:30443/mga/sps/oauth/oauth20/token |
3 | request_http_args | {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}} |
3 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61365%2Fauthz_cb&code=yTuyDOqxo5jP3j2dpn4KUPg0KXvLGO&state=AVpjA1lFcSoUQqaP&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiczJnR1BycllaZ0wxT0lYdGFNSkMiLCAic3ViIjogInMyZ0dQcnJZWmdMMU9JWHRhTUpDIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJVUjQzdUJVN3FOUTFLNFRqUVNDakFDbmFvNFE4WWRLSSIsICJleHAiOiAxNTYwNzU2NDIyLCAiaWF0IjogMTU2MDc1NTgyMn0.t8z7LmZbmMGCNPtogjaQGiAYlGKlNQecLth7Z4PeRfbL3IosjaHiBIXmr_6DBHs_F5skA-zxuCHoKDUjO1oioi4e34rjsci4tPFH_y3XFgBvvWSDmaE3301eKzOU7FfwRp8IdyxPm9eHzSE4WO1dZgD-PLXb_KKJUyalxjbNKrZeFyeF0TC7WnX6O2jxYSk4pM5qB2QzVzKx1NDQD55KECwzseiA1FCW_iXDiXfVYEcV-FrPgAtpzBUriu1WVyQdBMuAnR6FRyFte2PX_Fej8WOYmkm6L_Q4al3_swOP-oMMwnJZ2KIZ6vzLodfwqYXHF1tGR4BWwOwvFdQc1UJjMQ&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer |
4 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/token status_code:200
|
4 | response | {'access_token': '7XJJ6lS6vdx75caPh648', 'refresh_token': 'fig5cKimlKHhbbjjti1XaF1zR0Rr0KQJ8GSTp84S', 'scope': 'openid', 'id_token': 'eyJraWQiOiJfdWhQZGVHclRXeG9iRmVIMFhiempKcFJyenAzQ0I5bmtueDF5RlYxRy0wIiwiYWxnIjoiUlMyNTYifQ.eyJydF9oYXNoIjoic2VRWEJkc0pveTQyWEFEMERhZGYtQSIsIm5vbmNlIjoiOVFJZW1semlTb1hTeklwaSIsImlhdCI6MTU2MDc1NTgyMywiaXNzIjoiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My90ZXN0IiwiYXRfaGFzaCI6ImRtcUNjMnhQa3lHeFFhU1BEcjBtb2ciLCJzdWIiOiJ0ZXN0dXNlciIsImV4cCI6MTU2MDc1OTI0MywiYXVkIjoiczJnR1BycllaZ0wxT0lYdGFNSkMifQ.R3jlXs2gIVPlSgtQtR_vyKiCzmdxyueb6TRZAop2y1nNzorQeKr_SvDo5E2CYTjLNxh5Sm5yhZJuHuzkacOR1qPTl8mwZoery7419S-a6wn8vzBLSS1Cr41Sz2wvIWlggqt4LcJeHBAmKoXXTxUVCtRZafYjh6nqIb6GIBMI5QFx2bi9xK7LN9djmhbN94dlVCrna012E45_Zi6dkKIlolrtZfcXiQJ1eBDV6HN4i6uACbL33WlWYzO2K71EhNFM16M-ajfMl54tETZFTsHfBqKjCFdwHtcQhZl_dWjpKyac3f6MggfVL5Bna5jF6RDjOKw69j_SoRtVtV_mVTxqpw', 'token_type': 'bearer', 'expires_in': 3599} |
4 | AccessTokenResponse | {
"access_token": "7XJJ6lS6vdx75caPh648",
"expires_in": 3599,
"id_token": {
"at_hash": "dmqCc2xPkyGxQaSPDr0mog",
"aud": [
"s2gGPrrYZgL1OIXtaMJC"
],
"exp": 1560759243,
"iat": 1560755823,
"iss": "https://isamfed.com:30443/test",
"nonce": "9QIemlziSoXSzIpi",
"rt_hash": "seQXBdsJoy42XAD0Dadf-A",
"sub": "testuser"
},
"refresh_token": "fig5cKimlKHhbbjjti1XaF1zR0Rr0KQJ8GSTp84S",
"scope": "openid",
"token_type": "bearer"
}
|
4 | jws header | {'kid': '_uhPdeGrTWxobFeH0XbzjJpRrzp3CB9nknx1yFV1G-0', 'alg': 'RS256'} |
4 | phase | <--<-- 7 --- Done -->--> |
4 | end | |
4 | assertion | SameAuthn |
4 | condition | Done: status=OK |