0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | provider_config | kwargs:{'issuer': 'https://isamfed.com:30443/test'}
|
0 | http response | url:https://isamfed.com:30443/test/.well-known/openid-configuration status_code:200
|
0 | ProviderConfigurationResponse | {
"authorization_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize",
"claims_parameter_supported": false,
"claims_supported": [
"realmName",
"preferred_username",
"given_name",
"uid",
"upn",
"groupIds",
"employee_id",
"name",
"tenantId",
"mobile_number",
"department",
"job_title",
"family_name",
"email"
],
"device_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/device_authorize",
"grant_types_supported": [
"urn:ietf:params:oauth:grant-type:jwt-bearer",
"implicit",
"urn:ietf:params:oauth:grant-type:saml2-bearer",
"urn:ietf:params:oauth:grant-type:device_code",
"client_credentials",
"password",
"authorization_code",
"refresh_token"
],
"id_token_encryption_alg_values_supported": [
"RSA-OAEP-256"
],
"id_token_encryption_enc_values_supported": [
"A128CBC-HS256"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"introspect_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/introspect",
"issuer": "https://isamfed.com:30443/test",
"jwks_uri": "https://isamfed.com:30443/mga/sps/jwks",
"name": "OIDCDefinition",
"poc": "https://isamfed.com:30443/mga/",
"registration_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_modes_supported": [
"fragment",
"form_post"
],
"response_types_supported": [
"token",
"id_token",
"token id_token",
"code",
"code id_token",
"code token id_token",
"code token",
"none"
],
"revocation_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/revoke",
"subject_types_supported": [
"public"
],
"token_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/token",
"token_endpoint_auth_methods_supported": [
"private_key_jwt",
"client_secret_post",
"client_secret_basic"
],
"user_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/user_authorize",
"userinfo_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/userinfo",
"userinfo_signing_alg_values_supported": [
"RS256"
],
"version": "3.0"
}
|
0 | phase | <--<-- 2 --- Registration -->--> |
0 | register | kwargs:{'response_types': ['code id_token'], 'grant_types': ['authorization_code', 'implicit'], 'application_name': 'OIC test tool', 'application_type': 'web', 'redirect_uris': ['https://op.certification.openid.net:61716/authz_cb'], 'contacts': ['roland@example.com'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61716/logout'], 'url': 'https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition', 'jwks_uri': 'https://op.certification.openid.net:61716/static/jwks_61716.json', 'token_endpoint_auth_method': 'private_key_jwt'}
|
0 | RegistrationRequest | {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"implicit",
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61716/static/jwks_61716.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61716/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61716/authz_cb"
],
"response_types": [
"code id_token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
|
0 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition status_code:200
|
0 | RegistrationResponse | {
"application_type": "web",
"client_id": "gy4Pg5zpKEu8n9fmEVx6",
"client_id_issued_at": 1560784746,
"client_secret": "cyNc2iSMcIfyAHyMqwZc",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"implicit",
"authorization_code"
],
"jwks_uri": "https://op.certification.openid.net:61716/static/jwks_61716.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61716/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61716/authz_cb"
],
"registration_access_token": "CBFh5LNCzTzQFCinLwv3",
"registration_client_uri": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition?client_id=gy4Pg5zpKEu8n9fmEVx6",
"response_types": [
"code",
"id_token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
|
0 | phase | <--<-- 3 --- AsyncAuthn -->--> |
0 | AuthorizationRequest | {
"client_id": "gy4Pg5zpKEu8n9fmEVx6",
"nonce": "WsTdx1gnTt9SuqhF",
"redirect_uri": "https://op.certification.openid.net:61716/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "3Jj7j8WERyOXynHr"
}
|
0 | redirect url | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=3Jj7j8WERyOXynHr&nonce=WsTdx1gnTt9SuqhF&response_type=code+id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61716%2Fauthz_cb&client_id=gy4Pg5zpKEu8n9fmEVx6 |
0 | redirect | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=3Jj7j8WERyOXynHr&nonce=WsTdx1gnTt9SuqhF&response_type=code+id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61716%2Fauthz_cb&client_id=gy4Pg5zpKEu8n9fmEVx6 |
2 | http args | {} |
2 | response | URL with fragment |
2 | response | id_token=eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.Le-FTIj1V6g8er5Pb0nH894-0ewoN-hn3li4ZPo-UMUZGPP1bKZX5qKE6tU7VCcuUuN01qNX7OQDmTVYl_fC5AIE2V0mFe1I4grVUfXC_5s6DOyfFBYlv0g1sDp50lv6D8MLx3MjEF2N83keXLAHKQ5wJZQuLVdYYR7LTCXDHQh5d4F9Pi-UGLeFNica79HYRrXKeFGHkWET3QH9gWHqkXT8TfHyv6zjUm-9-iSBxdXdqduOT8aQneooqeba80tLA-W5K5BznaTw0Z0OrRPzFIh6QJhgvzjmsNtI_y-KFY33ohZj0PE-PwZIeJxXBkIcb73L987rOBLKZOAcejU6eQ.p4ABx_WQoMpwc3I6b9M3sg.N7bWpFtV1aoYw89WDCxi_VmE_8Fsb6S8YTqd8KRduMMnFDzmYnzlwbi1IRg_E_Li8IMBpdrapxoIiRRRzJ9VVeVpLZtPiu7TyPwPlrjTQxX85f7nt99VH9f-C4wAxMllEbySsuggIv-YzrS1qekMzHMepEa4boam_z23SFqtbnTVw39Ajxqr3u5xR5BDEBIQSuJjMOh_qT9FAVH8nblwIkSsAWvsysf0SX1YgHZDFPT8my3FUvG89WpNubxM851iOevIbaLCe7tQympryJVESlclpg4pG-AgBDIWHfQO92Io9qS-vUmezdUc7kSn4JdNW1TG-Om6_j6SmppY6WBxWjfHEJ8P_k1Ad8ibwE0pi2tFxGGLkmsnk2PLEvAI-94j1L8by1cE5vHuMVFCEubIaNe8E2nND03tTFHwiu5ZI8I45f7DIl6548_IBcJ9710QJrpI8VN7emIGZQAMheCpZ2lfWMQSrgluTU0KFEmCZyPKpRDHaRu4M7v1ZZK-lA0HQ-Vq-zptXYylPb3yfjyYfvyD7dhhPnOImQw91Q90jzdhAtadZ7NoU6m4gCOP1IPCJSQeDPt2X5P-SMg88lVWkJfViLu-5fLs_yU6yTYKNutOoYzGhD3fScrU8liYYctxcQqef_a8nPWUO0UXo2t8zLSa0QcmPDmVxQxGqVG5RA_k6RcjAJpOlTNY4fSMZcDsrlWSo88wQDOdsxCJKStfDgKOd5DnLnirbb-x4x6XsYcrPm5dmwhzEBGiaD_G9hMRKfVGpEtI82bHB55QsWm5scxLutNZCve5O9whnUybFIxulacoudHAq_BWPaDXFclqEWA_a6hH-iGTx8VFVG2U2RIqeuixc3Id409OZu1OAHymzFV5CgAqEpGSdM3qN12_RzDBeWzXc0R49vmEf3o69A.Kv4d1ta3ADYH50UNvimehQ&state=3Jj7j8WERyOXynHr&code=LQKwnCGNxU9BDwY1QMElh2wG86RaC8 |
2 | response | {'id_token': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.Le-FTIj1V6g8er5Pb0nH894-0ewoN-hn3li4ZPo-UMUZGPP1bKZX5qKE6tU7VCcuUuN01qNX7OQDmTVYl_fC5AIE2V0mFe1I4grVUfXC_5s6DOyfFBYlv0g1sDp50lv6D8MLx3MjEF2N83keXLAHKQ5wJZQuLVdYYR7LTCXDHQh5d4F9Pi-UGLeFNica79HYRrXKeFGHkWET3QH9gWHqkXT8TfHyv6zjUm-9-iSBxdXdqduOT8aQneooqeba80tLA-W5K5BznaTw0Z0OrRPzFIh6QJhgvzjmsNtI_y-KFY33ohZj0PE-PwZIeJxXBkIcb73L987rOBLKZOAcejU6eQ.p4ABx_WQoMpwc3I6b9M3sg.N7bWpFtV1aoYw89WDCxi_VmE_8Fsb6S8YTqd8KRduMMnFDzmYnzlwbi1IRg_E_Li8IMBpdrapxoIiRRRzJ9VVeVpLZtPiu7TyPwPlrjTQxX85f7nt99VH9f-C4wAxMllEbySsuggIv-YzrS1qekMzHMepEa4boam_z23SFqtbnTVw39Ajxqr3u5xR5BDEBIQSuJjMOh_qT9FAVH8nblwIkSsAWvsysf0SX1YgHZDFPT8my3FUvG89WpNubxM851iOevIbaLCe7tQympryJVESlclpg4pG-AgBDIWHfQO92Io9qS-vUmezdUc7kSn4JdNW1TG-Om6_j6SmppY6WBxWjfHEJ8P_k1Ad8ibwE0pi2tFxGGLkmsnk2PLEvAI-94j1L8by1cE5vHuMVFCEubIaNe8E2nND03tTFHwiu5ZI8I45f7DIl6548_IBcJ9710QJrpI8VN7emIGZQAMheCpZ2lfWMQSrgluTU0KFEmCZyPKpRDHaRu4M7v1ZZK-lA0HQ-Vq-zptXYylPb3yfjyYfvyD7dhhPnOImQw91Q90jzdhAtadZ7NoU6m4gCOP1IPCJSQeDPt2X5P-SMg88lVWkJfViLu-5fLs_yU6yTYKNutOoYzGhD3fScrU8liYYctxcQqef_a8nPWUO0UXo2t8zLSa0QcmPDmVxQxGqVG5RA_k6RcjAJpOlTNY4fSMZcDsrlWSo88wQDOdsxCJKStfDgKOd5DnLnirbb-x4x6XsYcrPm5dmwhzEBGiaD_G9hMRKfVGpEtI82bHB55QsWm5scxLutNZCve5O9whnUybFIxulacoudHAq_BWPaDXFclqEWA_a6hH-iGTx8VFVG2U2RIqeuixc3Id409OZu1OAHymzFV5CgAqEpGSdM3qN12_RzDBeWzXc0R49vmEf3o69A.Kv4d1ta3ADYH50UNvimehQ', 'state': '3Jj7j8WERyOXynHr', 'code': 'LQKwnCGNxU9BDwY1QMElh2wG86RaC8'} |
2 | AuthorizationResponse | {
"code": "LQKwnCGNxU9BDwY1QMElh2wG86RaC8",
"id_token": {
"aud": [
"gy4Pg5zpKEu8n9fmEVx6"
],
"c_hash": "y_txZ2Mdqr3JDc47mkfdMQ",
"exp": 1560788167,
"iat": 1560784747,
"iss": "https://isamfed.com:30443/test",
"nonce": "WsTdx1gnTt9SuqhF",
"sub": "testuser"
},
"state": "3Jj7j8WERyOXynHr"
}
|
2 | phase | <--<-- 4 --- AccessToken -->--> |
2 | request | op_args: {'state': '3Jj7j8WERyOXynHr'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61716/authz_cb'} |
2 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61716/authz_cb', 'code': 'LQKwnCGNxU9BDwY1QMElh2wG86RaC8', 'state': '3Jj7j8WERyOXynHr', 'grant_type': 'authorization_code', 'client_id': 'gy4Pg5zpKEu8n9fmEVx6'}, 'state': '3Jj7j8WERyOXynHr', 'authn_method': 'private_key_jwt'}
|
2 | AccessTokenRequest | {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiZ3k0UGc1enBLRXU4bjlmbUVWeDYiLCAic3ViIjogImd5NFBnNXpwS0V1OG45Zm1FVng2IiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJnVnNycEtzNFVKQktuRmo4OXBjVEdnZDlMTWZmSGdoNiIsICJleHAiOiAxNTYwNzg1MzQ4LCAiaWF0IjogMTU2MDc4NDc0OH0.IjNSw7s0D02G8XoNOQrsR0Z0mc3pmN4ZykfImHxqZweK7snRvi2JAyusmTD_pcfcEOVsQYiAN_axyc5AmtZhroGaAWfoMPylfGTViC0vdj7tn7DtJOMJ3E_ZGM6H82ghWUoqghnPTWwi3PwuaK8lCndP9EP7Qh96zB4fv5FSqtjHYYrGMEjX_l-k6ATFnDpSoSsCMw_hQidFZKxdRvHQ-qEg6UkJMN9-kbof7hQ-9c_FYWrlO32vkOHYdFz8zqdNR5L3em-BbKHtKFrS0XQhRpV7fHfGDic5LnJR5BQOxCnIGP7U-NeX31vf7pCKxPELtBxBacVVuXjf58g8ghAHeQ",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "LQKwnCGNxU9BDwY1QMElh2wG86RaC8",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61716/authz_cb",
"state": "3Jj7j8WERyOXynHr"
}
|
2 | request_url | https://isamfed.com:30443/mga/sps/oauth/oauth20/token |
2 | request_http_args | {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}} |
2 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61716%2Fauthz_cb&code=LQKwnCGNxU9BDwY1QMElh2wG86RaC8&state=3Jj7j8WERyOXynHr&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiZ3k0UGc1enBLRXU4bjlmbUVWeDYiLCAic3ViIjogImd5NFBnNXpwS0V1OG45Zm1FVng2IiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJnVnNycEtzNFVKQktuRmo4OXBjVEdnZDlMTWZmSGdoNiIsICJleHAiOiAxNTYwNzg1MzQ4LCAiaWF0IjogMTU2MDc4NDc0OH0.IjNSw7s0D02G8XoNOQrsR0Z0mc3pmN4ZykfImHxqZweK7snRvi2JAyusmTD_pcfcEOVsQYiAN_axyc5AmtZhroGaAWfoMPylfGTViC0vdj7tn7DtJOMJ3E_ZGM6H82ghWUoqghnPTWwi3PwuaK8lCndP9EP7Qh96zB4fv5FSqtjHYYrGMEjX_l-k6ATFnDpSoSsCMw_hQidFZKxdRvHQ-qEg6UkJMN9-kbof7hQ-9c_FYWrlO32vkOHYdFz8zqdNR5L3em-BbKHtKFrS0XQhRpV7fHfGDic5LnJR5BQOxCnIGP7U-NeX31vf7pCKxPELtBxBacVVuXjf58g8ghAHeQ&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer |
3 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/token status_code:200
|
3 | response | {'access_token': 'acjI5xchAY39U2RQkPYz', 'refresh_token': 'iPLI3CjjTpiZxAw4uF94MGucs5BLZ0i2oh3qW2cR', 'scope': 'openid', 'id_token': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.I_hkJ4p-TRHGAxgedEoI330NAPyahj5ZdnS8YSYwKJIaiBwvtHsImpIt17CTTtCX6FUeY8GopBagg1A1NKDI_4Fr8Ibi2xuNI2MUiZX79XD5eYYoahhuusWJD4WgggmDqlzjMTa3cL-0xPBPQO3zm48bmCR9pXi8nq1DUg0GEWVRxDtzTkps9eyaplNTPn5MO1hmKyg8KMF5ta6XonYdGUZ6MKxfVZwVR5mp_PPfwjEdPPSdbaKtrxg8x0iA0IUY-PI9iT9Hs3p4uuRVzLRkvyI2nqvTgnR8G2fVU4-PeDiiMNKwruUMfQ5HQhV7pZ3a_dDOUVOkZjaH7gRBEyvQcw.VNRMN6f0GCiFIJp8qFflYw.0BWN7hy87TVjGkSHKq4cj06zGD0JvHZ0U78mAPgwAPhRJKTeJVxltdYnRE84YjCko3FPqVaN3aVxr80piAksOMEEgFRt0efWk-ZJydZ855eke6VrfJT-uVLWlOXgOGvQBrkQeU4uO7xlwYwHsSnP98QxPu-4OXYuLdvou3E9OTqxQDmeVByREr36KsBa1_tCMS8gGXGXLIMhDH1bDdNNIi57hYuqr9asOZ3nHuIMRhT5KIHqaAZXBDkks1ELTVkih59cbkWnZmzAB4zb432MKzPtLoFigHrbDHXiJcu4Fd3CMMEVLvGeHNCOyGYmoDu0o38cNxw2NGKvNo06IRYEc99Cn7RWpmdbeMEKrxkjB9D_1qA7bVKRXkXAQSVrVpEqzLxXgXw4-_tM3DLvvHbiPMftdoo0w3XWsqgmXhKDXwPBTKoQyLF2KqOZAPg7iOIxJXBZ22Hl7BhxzrQzUJMNuHWmtstMPAmuTtJQK1aEFM6on5vhS586BoQXrkc3GRKhONAuOaM2glTAZBzVSRFfNxs2rA3B7XoKlE7EeY947aaiqLset7hFU1aIrFRB5mJtNIJU2UpBhQ-gqrfLPXxBQVoQjJr3lB02mqHVTqNvtBg9w6K0jxJMIRHFZUrvcMIm3-s_ZhReqiKVqhrw4O1zTCah5f5iLoRwCGfto2oYbnylIuOioOrv-XKZVzb0k6ClfqtXa7Ypi84ogesdk9YvzyHmMiVY5sYGHdlaA-IFEoW26hYMb2GbYlY_ETD3f8lNX9iw2WPH3ajlhVUz6vWF6E5K4kUqLmaQihKqbU9s_6ChubyKN5c65u_eFsaIh4LiptI6BlQKb19QOa4VKo0ll8DIR5E4IofDoptlQisCIJbfV52OmzItik-i1o3_vFsFiDuglcdNzPN9sxAZ10nWpex5VlGLyHrScoMqW-QQ4egxc2w-fBMlGjMfA0iBvEjqox9QUWrxKMJwl4lZAxSMdA.uVe0Omx0q3k9yO89HdiggQ', 'token_type': 'bearer', 'expires_in': 3599} |
3 | AccessTokenResponse | {
"access_token": "acjI5xchAY39U2RQkPYz",
"expires_in": 3599,
"id_token": {
"at_hash": "HCFAR3XJEK0pQbdsgZoSaA",
"aud": [
"gy4Pg5zpKEu8n9fmEVx6"
],
"exp": 1560788168,
"iat": 1560784748,
"iss": "https://isamfed.com:30443/test",
"nonce": "WsTdx1gnTt9SuqhF",
"rt_hash": "f6vaTHJy2WlpY1CK0HPQYQ",
"sub": "testuser"
},
"refresh_token": "iPLI3CjjTpiZxAw4uF94MGucs5BLZ0i2oh3qW2cR",
"scope": "openid",
"token_type": "bearer"
}
|
3 | jws header | {'kid': '_uhPdeGrTWxobFeH0XbzjJpRrzp3CB9nknx1yFV1G-0', 'alg': 'RS256'} |
3 | jwe header | {'alg': 'RSA-OAEP-256', 'enc': 'A128CBC-HS256', 'kid': 'gtH4v3Yr2QqLreBSz0ByQQ8vkf8eFo1KIit3s-3Bbww', 'cty': 'JWT'} |
3 | phase | <--<-- 5 --- Note -->--> |
3 | phase | <--<-- 6 --- AsyncAuthn -->--> |
3 | AuthorizationRequest | {
"client_id": "gy4Pg5zpKEu8n9fmEVx6",
"nonce": "L7WJsFmqqPZZHJZt",
"prompt": [
"login"
],
"redirect_uri": "https://op.certification.openid.net:61716/authz_cb",
"response_type": "code id_token",
"scope": "openid",
"state": "QRr6OtVtMJGdMcpk"
}
|
3 | redirect url | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=QRr6OtVtMJGdMcpk&nonce=L7WJsFmqqPZZHJZt&response_type=code+id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61716%2Fauthz_cb&prompt=login&client_id=gy4Pg5zpKEu8n9fmEVx6 |
3 | redirect | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=QRr6OtVtMJGdMcpk&nonce=L7WJsFmqqPZZHJZt&response_type=code+id_token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61716%2Fauthz_cb&prompt=login&client_id=gy4Pg5zpKEu8n9fmEVx6 |
7 | http args | {} |
7 | response | URL with fragment |
7 | response | state=QRr6OtVtMJGdMcpk&code=ej2U2QppQZjQ43hOYSmOAK94qHBXnp&id_token=eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.cMoYv9p6U5KuSPCBxojYrGSUsTYkwzt8VZdp87OSDEp--CK5nax3FaL_W8rEKDdxp4xl6btJQzdn3DwRpPvY4uBkgC1QXWIleXvOljl4awxB99M48zBB9vnvweZQRiI0__n-GIYQxYUAwu35CYv6pfVBKOygt34xKt6uKGIqzjVWUd90SbIQuv8RH9jCSEQ7lIc02N-clZulHJoJ3ftAJxzKsqhes--M8lJQ9uzXR-g4_aHWxDI756bQfYculQ1SdFSxmsgdia0Cu3rEi99mHF3fcSIfoL87kiJ0hTYP5xHJIoKKtP0jymYWxSrWsMQMf_PqaTc64sBgn0Y8nHzA5w.aSmdLJu1w8tmTLAt3hNXAA.Y4q4gpz_5KKk2h1SMddVBQtAqjItZPuYcwaLIuHb9t11CeWlb63QbtUXLldj0zGsfy_RQdo5FdIeTFT6_x5eovFFW5m6uIeVQlPclvThFkaI6fXhC7nzeXfNsUzqdwUJk_FgRA0XY5tASJkcFKFSEaMvsofeQl970A9-k6t_G1F4S-DyzY5tAjFBHGaw6wdOYiRjqbXp4LsgY2oag2KMzrF6GOkO_O3F9V3p6NQYdpDy3Hu_TGjQuuAqG-Av_7VY5hq4zNdJ-_awZAEokTOvJHIZKFDhq86rKNzjgu_i2VG88VAc8hLpoqhkQi6CbWmwvGWDRCjGFP-HqdVKVxpBrEkDHAH-femkJpxh0EkhD30Pkf99Og0XK0Tzn_tKzNDCj5XaCzTKnzDep9TTbcFzO-OyntIkCeNtfaOMKsOueYdeYr83vYQWDep3Fx3fGDTqE5OUEX5gQWHHHQg1WmZkPLG1e3ZeqKAB1JB63SLLgHzDsNi1NSYaC5F-WycYX6Bs_RlYy9AkvLx2pgJ9bR6L-Lfdac_ty1i_NPxXk3S4azi96mjMYsJWP3I_zx6t91fFujVk-9UWbUlhaHiq0mFdXo-MjHArKebfXy25xg_TTKZJfNSfxL1_AsSKWmicNU1cNKVGDw2QnyTnknpZFJlp9qkTJVPY84nZsnZTZdAlT-NbDKYepDuC9owTEvKFglttAzp6zRRCK7-LNIEqgY6_JMNW9qey8M4pQ1tWM5Ab-4IxQ1k7UxQqeme7kykC7OUqd3yUxbLahCS0mU4Use8RogiFLvIgSE0y3oOa941YQqYnhLkhQgWrhjrHuR5aKth0LjFIe8j9s011yqFFLLd66Wp061oenrq0SNhkeIbdqQb7UrqzlKXzfsIXaXzy3GvDVrlHVR_zricNy3KPtqLPww._7QdRMkz-FgiAPCp04p7CA |
7 | response | {'state': 'QRr6OtVtMJGdMcpk', 'code': 'ej2U2QppQZjQ43hOYSmOAK94qHBXnp', 'id_token': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.cMoYv9p6U5KuSPCBxojYrGSUsTYkwzt8VZdp87OSDEp--CK5nax3FaL_W8rEKDdxp4xl6btJQzdn3DwRpPvY4uBkgC1QXWIleXvOljl4awxB99M48zBB9vnvweZQRiI0__n-GIYQxYUAwu35CYv6pfVBKOygt34xKt6uKGIqzjVWUd90SbIQuv8RH9jCSEQ7lIc02N-clZulHJoJ3ftAJxzKsqhes--M8lJQ9uzXR-g4_aHWxDI756bQfYculQ1SdFSxmsgdia0Cu3rEi99mHF3fcSIfoL87kiJ0hTYP5xHJIoKKtP0jymYWxSrWsMQMf_PqaTc64sBgn0Y8nHzA5w.aSmdLJu1w8tmTLAt3hNXAA.Y4q4gpz_5KKk2h1SMddVBQtAqjItZPuYcwaLIuHb9t11CeWlb63QbtUXLldj0zGsfy_RQdo5FdIeTFT6_x5eovFFW5m6uIeVQlPclvThFkaI6fXhC7nzeXfNsUzqdwUJk_FgRA0XY5tASJkcFKFSEaMvsofeQl970A9-k6t_G1F4S-DyzY5tAjFBHGaw6wdOYiRjqbXp4LsgY2oag2KMzrF6GOkO_O3F9V3p6NQYdpDy3Hu_TGjQuuAqG-Av_7VY5hq4zNdJ-_awZAEokTOvJHIZKFDhq86rKNzjgu_i2VG88VAc8hLpoqhkQi6CbWmwvGWDRCjGFP-HqdVKVxpBrEkDHAH-femkJpxh0EkhD30Pkf99Og0XK0Tzn_tKzNDCj5XaCzTKnzDep9TTbcFzO-OyntIkCeNtfaOMKsOueYdeYr83vYQWDep3Fx3fGDTqE5OUEX5gQWHHHQg1WmZkPLG1e3ZeqKAB1JB63SLLgHzDsNi1NSYaC5F-WycYX6Bs_RlYy9AkvLx2pgJ9bR6L-Lfdac_ty1i_NPxXk3S4azi96mjMYsJWP3I_zx6t91fFujVk-9UWbUlhaHiq0mFdXo-MjHArKebfXy25xg_TTKZJfNSfxL1_AsSKWmicNU1cNKVGDw2QnyTnknpZFJlp9qkTJVPY84nZsnZTZdAlT-NbDKYepDuC9owTEvKFglttAzp6zRRCK7-LNIEqgY6_JMNW9qey8M4pQ1tWM5Ab-4IxQ1k7UxQqeme7kykC7OUqd3yUxbLahCS0mU4Use8RogiFLvIgSE0y3oOa941YQqYnhLkhQgWrhjrHuR5aKth0LjFIe8j9s011yqFFLLd66Wp061oenrq0SNhkeIbdqQb7UrqzlKXzfsIXaXzy3GvDVrlHVR_zricNy3KPtqLPww._7QdRMkz-FgiAPCp04p7CA'} |
7 | AuthorizationResponse | {
"code": "ej2U2QppQZjQ43hOYSmOAK94qHBXnp",
"id_token": {
"aud": [
"gy4Pg5zpKEu8n9fmEVx6"
],
"c_hash": "qZjzsDXoiqIBTpBgKPYmIw",
"exp": 1560788172,
"iat": 1560784752,
"iss": "https://isamfed.com:30443/test",
"nonce": "L7WJsFmqqPZZHJZt",
"sub": "testuser"
},
"state": "QRr6OtVtMJGdMcpk"
}
|
7 | phase | <--<-- 7 --- AccessToken -->--> |
7 | request | op_args: {'state': 'QRr6OtVtMJGdMcpk'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61716/authz_cb'} |
7 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61716/authz_cb', 'code': 'ej2U2QppQZjQ43hOYSmOAK94qHBXnp', 'state': 'QRr6OtVtMJGdMcpk', 'grant_type': 'authorization_code', 'client_id': 'gy4Pg5zpKEu8n9fmEVx6'}, 'state': 'QRr6OtVtMJGdMcpk', 'authn_method': 'private_key_jwt'}
|
7 | AccessTokenRequest | {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiZ3k0UGc1enBLRXU4bjlmbUVWeDYiLCAic3ViIjogImd5NFBnNXpwS0V1OG45Zm1FVng2IiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJtbWtJUVlxc2xNcHRDbUJ5aEhjdHJOREVQMzVBazJWciIsICJleHAiOiAxNTYwNzg1MzUzLCAiaWF0IjogMTU2MDc4NDc1M30.k93Y-LeDLe51tIlJtGSgEIzkaRaPBxAYXHYIQxEwVCTl4t2Zj8qnhlLiicQ30KmtM4ISwXNkScxesEjGhG9iw4GntN5ZmpI7_RhFBSVZBRrNWy610gd7v47Z7olwV3gEYPfM9EzVc6AnDo6mLVUSPA5WIQqIYBr7uhiZFj5YYPi0k7AnVGZjKVPifTd0NlsQ2Paj14eYwbpKnhb1xIsWgU57cdl1xxzSazAUnLtBbKuUkG_vTw4ramkse0WX2YEnV8GEs_w8MFh_WghwUb21QORfhFO5VtFBRYS68BGNjlwyqwNrLCMsERai4CpLEgqFKHy6Zbk4IwtevF6MyNRWJg",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "ej2U2QppQZjQ43hOYSmOAK94qHBXnp",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61716/authz_cb",
"state": "QRr6OtVtMJGdMcpk"
}
|
7 | request_url | https://isamfed.com:30443/mga/sps/oauth/oauth20/token |
7 | request_http_args | {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}} |
7 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61716%2Fauthz_cb&code=ej2U2QppQZjQ43hOYSmOAK94qHBXnp&state=QRr6OtVtMJGdMcpk&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiZ3k0UGc1enBLRXU4bjlmbUVWeDYiLCAic3ViIjogImd5NFBnNXpwS0V1OG45Zm1FVng2IiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJtbWtJUVlxc2xNcHRDbUJ5aEhjdHJOREVQMzVBazJWciIsICJleHAiOiAxNTYwNzg1MzUzLCAiaWF0IjogMTU2MDc4NDc1M30.k93Y-LeDLe51tIlJtGSgEIzkaRaPBxAYXHYIQxEwVCTl4t2Zj8qnhlLiicQ30KmtM4ISwXNkScxesEjGhG9iw4GntN5ZmpI7_RhFBSVZBRrNWy610gd7v47Z7olwV3gEYPfM9EzVc6AnDo6mLVUSPA5WIQqIYBr7uhiZFj5YYPi0k7AnVGZjKVPifTd0NlsQ2Paj14eYwbpKnhb1xIsWgU57cdl1xxzSazAUnLtBbKuUkG_vTw4ramkse0WX2YEnV8GEs_w8MFh_WghwUb21QORfhFO5VtFBRYS68BGNjlwyqwNrLCMsERai4CpLEgqFKHy6Zbk4IwtevF6MyNRWJg&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer |
8 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/token status_code:200
|
8 | response | {'access_token': 'uKz9jSgnmb7lefgD9Mn5', 'refresh_token': 'PUv2ULqKCHqmbj6NqdKJ3WuRp07q4QedkAcmONVJ', 'scope': 'openid', 'id_token': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.caGpMa9djOCQq3MVE896wE8Z9J3s7HiG-kMgIHNwaZEAsaXEvCbYQIFB1L3JDo_UzmIFD5zVT4F28cEW6PPIwPrj_GUOugwd8HumPXduxb9lIs_mTd-3URbiUS6jmR1Oh8k5pqCsfMBZSs_hRX-9Yyrk79eO4xuCIKygl_NCWW98ShnUjS1Bam7xTnFclJ4Y2jSioudPouAVmbb3hxQGCLRkblOhdgUdlDa_yhtuiLzw4aY8vYHtF_plOM9OCZAuGKo5_1Xi9Jb74pvUTyqyeQycRCeWpSC0QWBogg4TU9eRVumeynChfgEdGVGXbnRKhUCnhTJyXbQl3z2nRlxtxw.kb7ya2kmpOQ3XwmRWq-Tvg.9UsvSmwgguAvHFEbI50ndQZm6hXtnxrKWEIrrJYI9Cj9A8kPuTauwZ_ci0wM7kkv5JMruadqSFWQYE0ikLBlT6q3iK-s0dsFFyaOby2stGhq9CZGGVYy37TiEla8FnSLNx-ZSwj9iPINe0slKgBJ_z573TCqK0ZyCDf3iTjgg1d9G1gofys-RcoofhIbyaKQlj-XSi5h86VSFgL-hGtxx6RqPzKIPrPin4_iHb5c9KzvKk6eHvCVXHBSCJiv1DDgmGPpfh0kye8r5OwLXZShRfNPkNzUsO5fLsKLVyB7ro95_0a5lRwk2E1Q8Z7ucF8f2LYOHO60v0JmwrpBSTBeUcwscOjl9dNlgJUSlTEi-fAa8902ofLq9qpYLM53rNYrKgxnxwdvic6uQ7f9c0BEm1mTzkfeVYS4XJ1tgtUHYWewns72xDANbgRKCO_zWSn5b7-W7pBg4WfVMPfkcqtk_PZhqMu3PS6jzSFgyzR5aQE7IZNKFILwL3A-9XfGDTOvIsgx7bq_yhINfv3NtTkUPjp1olb7hgVxpL3UjQu02Svr025Qj1wQpN2wFxTlkaPU8hEtSRNwp8cVRCOWnUasavU-kP5VtwfPf9omPehYjlW_qYBlHDzssgb5og1STdMqJC_UyYJ2bNOrVZHqBYooxF0Yhyd3D3giVqQmeybdWC4GhLyV0N-cSFMTDpAGW-LOdHIA-K9JoKb2sba6DSxCR1IV8nrGDD0C5S2wnGyJg5HI2Yd0VnB2CSdVNgUd-9RXYI9Wh6_8CM1c_oC_b7pH1TYzYL-sn6JZTv82O-kvkFUMclKfGb9FYP0VbbfO5fCnuRIW_EIilesqfaRVnxlTGOhnZo7PzBzA71xp_u_VdNK9vD2WuPyRyV6ON3zLwKQ02e1b3Dt8JPcoEmda88qg_IS1LaqNw-qcfgnpFONQ7tcr-OiQon7jC2-1Phmscp6LdmD191_DP_iNIOIgb-9pJg.8Fyo7vAnHCN54Zmm9RbyyQ', 'token_type': 'bearer', 'expires_in': 3599} |
8 | AccessTokenResponse | {
"access_token": "uKz9jSgnmb7lefgD9Mn5",
"expires_in": 3599,
"id_token": {
"at_hash": "54vUJ7-9w_Ll9dDJCwDs_A",
"aud": [
"gy4Pg5zpKEu8n9fmEVx6"
],
"exp": 1560788174,
"iat": 1560784754,
"iss": "https://isamfed.com:30443/test",
"nonce": "L7WJsFmqqPZZHJZt",
"rt_hash": "lw2riTQ8fqMV4jiJgdwzTg",
"sub": "testuser"
},
"refresh_token": "PUv2ULqKCHqmbj6NqdKJ3WuRp07q4QedkAcmONVJ",
"scope": "openid",
"token_type": "bearer"
}
|
8 | jws header | {'kid': '_uhPdeGrTWxobFeH0XbzjJpRrzp3CB9nknx1yFV1G-0', 'alg': 'RS256'} |
8 | jwe header | {'alg': 'RSA-OAEP-256', 'enc': 'A128CBC-HS256', 'kid': 'gtH4v3Yr2QqLreBSz0ByQQ8vkf8eFo1KIit3s-3Bbww', 'cty': 'JWT'} |
8 | phase | <--<-- 8 --- Done -->--> |
8 | end | |
8 | assertion | MultipleSignOn |
8 | condition | multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow] |
8 | assertion | VerifyResponse |
8 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
8 | condition | Done: status=OK |