0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | provider_config | kwargs:{'issuer': 'https://isamfed.com:30443/test'}
|
0 | http response | url:https://isamfed.com:30443/test/.well-known/openid-configuration status_code:200
|
0 | ProviderConfigurationResponse | {
"authorization_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize",
"claims_parameter_supported": false,
"claims_supported": [
"realmName",
"preferred_username",
"given_name",
"uid",
"upn",
"groupIds",
"employee_id",
"name",
"tenantId",
"mobile_number",
"department",
"job_title",
"family_name",
"email"
],
"device_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/device_authorize",
"grant_types_supported": [
"urn:ietf:params:oauth:grant-type:jwt-bearer",
"implicit",
"urn:ietf:params:oauth:grant-type:saml2-bearer",
"urn:ietf:params:oauth:grant-type:device_code",
"client_credentials",
"password",
"authorization_code",
"refresh_token"
],
"id_token_encryption_alg_values_supported": [
"RSA-OAEP-256"
],
"id_token_encryption_enc_values_supported": [
"A128CBC-HS256"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"introspect_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/introspect",
"issuer": "https://isamfed.com:30443/test",
"jwks_uri": "https://isamfed.com:30443/mga/sps/jwks",
"name": "OIDCDefinition",
"poc": "https://isamfed.com:30443/mga/",
"registration_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_modes_supported": [
"fragment",
"form_post"
],
"response_types_supported": [
"token",
"id_token",
"token id_token",
"code",
"code id_token",
"code token id_token",
"code token",
"none"
],
"revocation_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/revoke",
"subject_types_supported": [
"public"
],
"token_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/token",
"token_endpoint_auth_methods_supported": [
"private_key_jwt",
"client_secret_post",
"client_secret_basic"
],
"user_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/user_authorize",
"userinfo_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/userinfo",
"userinfo_signing_alg_values_supported": [
"RS256"
],
"version": "3.0"
}
|
0 | phase | <--<-- 2 --- Registration -->--> |
0 | register | kwargs:{'response_types': ['code id_token token'], 'grant_types': ['authorization_code', 'implicit'], 'application_name': 'OIC test tool', 'application_type': 'web', 'redirect_uris': ['https://op.certification.openid.net:61737/authz_cb'], 'contacts': ['roland@example.com'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61737/logout'], 'url': 'https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition', 'jwks_uri': 'https://op.certification.openid.net:61737/static/jwks_61737.json', 'token_endpoint_auth_method': 'private_key_jwt'}
|
0 | RegistrationRequest | {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61737/static/jwks_61737.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61737/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61737/authz_cb"
],
"response_types": [
"code id_token token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
|
0 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition status_code:200
|
0 | RegistrationResponse | {
"application_type": "web",
"client_id": "2EpCmJFl7eDx4QtfSdZN",
"client_id_issued_at": 1560784028,
"client_secret": "5f5DviVjnwtlFybmGJ3U",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61737/static/jwks_61737.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61737/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61737/authz_cb"
],
"registration_access_token": "2zUc51q4JY5lg0jdkStE",
"registration_client_uri": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition?client_id=2EpCmJFl7eDx4QtfSdZN",
"response_types": [
"code",
"id_token",
"token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
|
0 | phase | <--<-- 3 --- AsyncAuthn -->--> |
0 | AuthorizationRequest | {
"client_id": "2EpCmJFl7eDx4QtfSdZN",
"nonce": "lUoIghFAb7q68lkv",
"redirect_uri": "https://op.certification.openid.net:61737/authz_cb",
"response_type": "code id_token token",
"scope": "openid",
"state": "qKcffTE8yeBpAahx"
}
|
0 | redirect url | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=qKcffTE8yeBpAahx&nonce=lUoIghFAb7q68lkv&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61737%2Fauthz_cb&client_id=2EpCmJFl7eDx4QtfSdZN |
0 | redirect | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=qKcffTE8yeBpAahx&nonce=lUoIghFAb7q68lkv&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61737%2Fauthz_cb&client_id=2EpCmJFl7eDx4QtfSdZN |
1 | http args | {} |
2 | response | URL with fragment |
2 | response | access_token=JRbuMZYibSjaSy5wpwBm&state=qKcffTE8yeBpAahx&expires_in=3599&token_type=bearer&code=hWX6mjyDpyQ4WRlBcRKOlfie7BIf3l&scope=openid&id_token=eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.UDZa8wjSknyicaZzlKoZRGMgP7ITUsiAPUHtNFqNAaYDxw1V9Nl3p0XmGkVk8O9QTcuusxyK25m91NTCXdSUAXvR2Jw179HjRd3hCEj3q3vhhE5tuByTFNP1QKVVUoQm4YxQPmwGn9RJSF80M9-VdsSE8fB6yZ5poOkfqyONbr0YQ49mEq7L4OQ5fbUNuHgWO8R9nrWVGxUzpcaxOCKXH4Ro557z4ppFFARblk11LPYfDOcTGMXqjGBNd5NITo6aWHQV5d7CSXSgAmoNJuPiIKHqV_9JAdLHYdXpEKn7VGy89jeA74BXBmKYIQ1WSQW9i_P1JKSOHnOsyJRwVt7VjA.rj0y5sBpBp7RvolMNWeygA.GGzNddekg00HhgpqufBe6jAMLjGsh5aS5g58NNjyWwOTTcOMw8bd7m4iU_q773P8wjAwb8wXiNUF-lFlYcmUrt0GHajmV9qYo4bIDk3f3ceJVoDJ6a_Y330jfrhSBX4LZn-tAC-wTjL7HrGh8S5nRrViQMyuKRuvWK1QcIIH5mh_c70kES3-w6kO_XaXfOwa1nJGIJoA6h-ZKbjUhBON7CKuRg214DW_FyjSvjztUoaw5JrVYewEq1dLMhWoU6pxz-cLZVUGOpedDFSfw4ID29MfmLhwVr8_GSCqfNLXSjdpVX5daq5DDpN_PDkhHkBY3MUumaTHAWSW5sLypgH1uHfHFhXEJubMD2OqfLrfSW1t0TcoKsL57O4hhNqDMa2w4L5TwvvSZECn1obA9mgOi-SsjWzkhDP7UzcLX-tckWSndMoSmE-OxjCKysHwmjeY6nR_n4kpMphhy7IjZzaAQFU4QfKvDQlVuH-xFQdUanJaBXMH9RgHgpXPkXaFdnCiVkCKPGiv91tmHgM2ZdahrJZiDbl9-fqaYQqrZqVjX08LyF_oIm1ALVVRxuY_TyFobxSafxEh3fUOfun9BII3azHeDfp0rNc-EtpZWZRP6Bt-67e44S5JpAjlkpFBOdfKrB7nbxEYNYiFBiGjjDDQ9dDSdjK8bktKjsPngh-ajEOlCWD6eR68G72duQC4wMC19CwwKeOtbGEFyveE0HfLtayQIiQeNJtU1VGwToaZt1zNMOo0nb1ecBk8iZA3_eE9uglQ1ynfeUlbrkS90OPbmGfecq47KdOhGAlK1DfyqfT8d_vsoY5Mlieu4lpIbm-A9nYRPvF6HHbpeS58r1Q-BzvdGSj5bsJ4sFJMfwXWKIGpgSdAWmc-P2RWCSdeQx30p0FOm3TIaCfm56T7pGwGQFXUGDUK3gwUivEfOv30vXk_0WcCmM3yJ2fpJGqxzbr2t780zTbx7ymeKSOSwXrbHA._1O4Y8zd50aqp1DXyhBvNQ |
2 | response | {'access_token': 'JRbuMZYibSjaSy5wpwBm', 'state': 'qKcffTE8yeBpAahx', 'expires_in': 3599, 'token_type': 'bearer', 'code': 'hWX6mjyDpyQ4WRlBcRKOlfie7BIf3l', 'scope': 'openid', 'id_token': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.UDZa8wjSknyicaZzlKoZRGMgP7ITUsiAPUHtNFqNAaYDxw1V9Nl3p0XmGkVk8O9QTcuusxyK25m91NTCXdSUAXvR2Jw179HjRd3hCEj3q3vhhE5tuByTFNP1QKVVUoQm4YxQPmwGn9RJSF80M9-VdsSE8fB6yZ5poOkfqyONbr0YQ49mEq7L4OQ5fbUNuHgWO8R9nrWVGxUzpcaxOCKXH4Ro557z4ppFFARblk11LPYfDOcTGMXqjGBNd5NITo6aWHQV5d7CSXSgAmoNJuPiIKHqV_9JAdLHYdXpEKn7VGy89jeA74BXBmKYIQ1WSQW9i_P1JKSOHnOsyJRwVt7VjA.rj0y5sBpBp7RvolMNWeygA.GGzNddekg00HhgpqufBe6jAMLjGsh5aS5g58NNjyWwOTTcOMw8bd7m4iU_q773P8wjAwb8wXiNUF-lFlYcmUrt0GHajmV9qYo4bIDk3f3ceJVoDJ6a_Y330jfrhSBX4LZn-tAC-wTjL7HrGh8S5nRrViQMyuKRuvWK1QcIIH5mh_c70kES3-w6kO_XaXfOwa1nJGIJoA6h-ZKbjUhBON7CKuRg214DW_FyjSvjztUoaw5JrVYewEq1dLMhWoU6pxz-cLZVUGOpedDFSfw4ID29MfmLhwVr8_GSCqfNLXSjdpVX5daq5DDpN_PDkhHkBY3MUumaTHAWSW5sLypgH1uHfHFhXEJubMD2OqfLrfSW1t0TcoKsL57O4hhNqDMa2w4L5TwvvSZECn1obA9mgOi-SsjWzkhDP7UzcLX-tckWSndMoSmE-OxjCKysHwmjeY6nR_n4kpMphhy7IjZzaAQFU4QfKvDQlVuH-xFQdUanJaBXMH9RgHgpXPkXaFdnCiVkCKPGiv91tmHgM2ZdahrJZiDbl9-fqaYQqrZqVjX08LyF_oIm1ALVVRxuY_TyFobxSafxEh3fUOfun9BII3azHeDfp0rNc-EtpZWZRP6Bt-67e44S5JpAjlkpFBOdfKrB7nbxEYNYiFBiGjjDDQ9dDSdjK8bktKjsPngh-ajEOlCWD6eR68G72duQC4wMC19CwwKeOtbGEFyveE0HfLtayQIiQeNJtU1VGwToaZt1zNMOo0nb1ecBk8iZA3_eE9uglQ1ynfeUlbrkS90OPbmGfecq47KdOhGAlK1DfyqfT8d_vsoY5Mlieu4lpIbm-A9nYRPvF6HHbpeS58r1Q-BzvdGSj5bsJ4sFJMfwXWKIGpgSdAWmc-P2RWCSdeQx30p0FOm3TIaCfm56T7pGwGQFXUGDUK3gwUivEfOv30vXk_0WcCmM3yJ2fpJGqxzbr2t780zTbx7ymeKSOSwXrbHA._1O4Y8zd50aqp1DXyhBvNQ'} |
2 | AuthorizationResponse | {
"access_token": "JRbuMZYibSjaSy5wpwBm",
"code": "hWX6mjyDpyQ4WRlBcRKOlfie7BIf3l",
"expires_in": 3599,
"id_token": {
"at_hash": "An6RCwiMZ5BlcCG-PPtE2Q",
"aud": [
"2EpCmJFl7eDx4QtfSdZN"
],
"c_hash": "9frGOe33YIzgNct3HpGYwg",
"exp": 1560787449,
"iat": 1560784029,
"iss": "https://isamfed.com:30443/test",
"nonce": "lUoIghFAb7q68lkv",
"sub": "testuser"
},
"scope": "openid",
"state": "qKcffTE8yeBpAahx",
"token_type": "bearer"
}
|
2 | phase | <--<-- 4 --- AccessToken -->--> |
2 | request | op_args: {'state': 'qKcffTE8yeBpAahx'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61737/authz_cb'} |
2 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61737/authz_cb', 'code': 'hWX6mjyDpyQ4WRlBcRKOlfie7BIf3l', 'state': 'qKcffTE8yeBpAahx', 'grant_type': 'authorization_code', 'client_id': '2EpCmJFl7eDx4QtfSdZN'}, 'state': 'qKcffTE8yeBpAahx', 'authn_method': 'private_key_jwt'}
|
2 | AccessTokenRequest | {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiMkVwQ21KRmw3ZUR4NFF0ZlNkWk4iLCAic3ViIjogIjJFcENtSkZsN2VEeDRRdGZTZFpOIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJxOERSTEVYYkFRWGxveXRLeUVXR2U3VENTTFQ1OUNUbiIsICJleHAiOiAxNTYwNzg0NjMwLCAiaWF0IjogMTU2MDc4NDAzMH0.p-CnbZWF0Nw3JXSHkou5gOfN0q8LWaJO6Cbd8POqfdnnyr3DVN2WNgSP9vAidBVa70L6CZVdjmf3MiTUl3NLlQ0Ra_TQEYvUAYb5dZpS9h1mibTa0SRON83y0qCD4by04qnhodT5jxIdNf4FComrVa2Y11Xuc-2veDFe33B4G6b37yv9xm2oLoHUZCC-dcw1sYnoNOb4UrimCRZtE8I41zFWMIvMRUUBppEupBX8pAsFWE9xhYs_mzpv7f9xZHSAdW72owoEbFtY41ZsSXsNI5_IgsO66pohcibsoJqHQjHPyq9oGyHJTGEjUwelaClvqaaqddOWLD_lb1yY7OeKYA",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "hWX6mjyDpyQ4WRlBcRKOlfie7BIf3l",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61737/authz_cb",
"state": "qKcffTE8yeBpAahx"
}
|
2 | request_url | https://isamfed.com:30443/mga/sps/oauth/oauth20/token |
2 | request_http_args | {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}} |
2 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61737%2Fauthz_cb&code=hWX6mjyDpyQ4WRlBcRKOlfie7BIf3l&state=qKcffTE8yeBpAahx&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiMkVwQ21KRmw3ZUR4NFF0ZlNkWk4iLCAic3ViIjogIjJFcENtSkZsN2VEeDRRdGZTZFpOIiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICJxOERSTEVYYkFRWGxveXRLeUVXR2U3VENTTFQ1OUNUbiIsICJleHAiOiAxNTYwNzg0NjMwLCAiaWF0IjogMTU2MDc4NDAzMH0.p-CnbZWF0Nw3JXSHkou5gOfN0q8LWaJO6Cbd8POqfdnnyr3DVN2WNgSP9vAidBVa70L6CZVdjmf3MiTUl3NLlQ0Ra_TQEYvUAYb5dZpS9h1mibTa0SRON83y0qCD4by04qnhodT5jxIdNf4FComrVa2Y11Xuc-2veDFe33B4G6b37yv9xm2oLoHUZCC-dcw1sYnoNOb4UrimCRZtE8I41zFWMIvMRUUBppEupBX8pAsFWE9xhYs_mzpv7f9xZHSAdW72owoEbFtY41ZsSXsNI5_IgsO66pohcibsoJqHQjHPyq9oGyHJTGEjUwelaClvqaaqddOWLD_lb1yY7OeKYA&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer |
3 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/token status_code:200
|
3 | response | {'access_token': 'HIbJ8agstseIrUvZGwXw', 'refresh_token': 'mgK2UGP2mjcLCbkIGC01mJMM79hl5snLewkDi0gy', 'scope': 'openid', 'id_token': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.gPS4aJvqLDhNRwB28sQ4GMw5Nx-b1lKS7FaJzlYnuMzFJ0cWyEllrF1FF7cIf97dowEQf-bKdSs8IuHXH3Lo7RJhfBI9EQnh5ZQoT_WRWVuQuGAidDupI754bbzJxwF8PpMvw04BP2cHKCHzM8Ve9Wuhg9mbo8Yv6L9iqghfEucL0ASWt-ZY65zz7lXAibSbY2GKzPyxTa_e7vfU4yiKMJwXMWc-CmJfWkB9Vh5FPhU22Mt5Tn7_22Eof5XEUwKyNf1lZFma_XyuubZYMTeGGiy3ot6NeXdnPFjq8ETbeAXCVmyX__Lri8_F7Hfi4eT4z63G-VQU7886ZzhIs3PXwA.E7HbctkPZZtD0a2GlsFXaQ.l-L70X1O2GkdTT1HTXK2qU-Pvfried30O27SPOH4KB1izUdG8DE5gKDWuBQGdht2xTx3iNQdWaMWrT2ox7cWNMHZDRBa1qyZxx5mb_57wreh2rOan-0S2_N1T34C6LstSf2Q9rxq-fA4aLnRFcZ2C0pZtf33vqqXLlwyq6Ure_rvepK9GijCQNg7VjfBQAyChwLkff4s017quLRVtik0q6xpnrq9n7tN1rtg0u0NBCZHA05U0YEur3wsy0-nUcLFqQEiGj0f24KF10Li4iJSMrigmW0dT5-JAEQXPo72b2DMYJidDN5sRWk_fEprZD134vhpp5mLZMkymaAxaihW7yuqh7WsuIMw8qCIVgV6ehwlbWRaSAooWiuAzS8GzDPk5axqsn8P9GqbO7SzErZErCrL6UZn36vK_pvlviGxuhlGcJnLzovdQ8NRZLFMeP1jvFi-eAfuTQqFHGSX-QFCl-MvFpgo-slwTqBswOGjDStTNQBRjoz8HULVxpfYXJ3jwSqfTc4L8y0e96X6G24JA9n_3QL4HsOy3N1b9rBBJ4zSkcssUa0PWePCx3r6eM66I9MuVue9h7aWsTkw503t-rL6OxE2gOxsUhs4E8NgeD-2PU_fhPOLx6I6ibEbYN-OSMM2ry6P_pLOrEvAC9lA0lqNEs1WexG_YtpIut934eV24p9chI8fwnq5obQaKDDIEiifOxiHWNVc3iRpAVXm-hpajjRW-kS2XkP07YWIRj0ov40FDmwULCo2U8R8eSnbi1R_Vdf6qW47VyDntqQokILk3eMiH88icx_O5NNcautvtgoE3b-ty535YLgUua-GvZI0XW-FSb53cFfs5le9wKVc4sUNOAaQ3NDmIiu5TemZDJ_UDlc7EJf5oKzKvl-xFxee2wkdDk7T1Hn2ZP_UUGxllmdaOEq5c4AGVzjzmkMwJc483PC0Ms92jo4ME7Tucie6iCR1Sqc2i4269T_srg.6KbxGEIERNMreaijxMPE3g', 'token_type': 'bearer', 'expires_in': 3599} |
3 | AccessTokenResponse | {
"access_token": "HIbJ8agstseIrUvZGwXw",
"expires_in": 3599,
"id_token": {
"at_hash": "qJo5oT7yXcQeG0Z52uCyuQ",
"aud": [
"2EpCmJFl7eDx4QtfSdZN"
],
"exp": 1560787450,
"iat": 1560784030,
"iss": "https://isamfed.com:30443/test",
"nonce": "lUoIghFAb7q68lkv",
"rt_hash": "a-TLYWFDRD15a-cWDp126g",
"sub": "testuser"
},
"refresh_token": "mgK2UGP2mjcLCbkIGC01mJMM79hl5snLewkDi0gy",
"scope": "openid",
"token_type": "bearer"
}
|
3 | jws header | {'kid': '_uhPdeGrTWxobFeH0XbzjJpRrzp3CB9nknx1yFV1G-0', 'alg': 'RS256'} |
3 | jwe header | {'alg': 'RSA-OAEP-256', 'enc': 'A128CBC-HS256', 'kid': 'gtH4v3Yr2QqLreBSz0ByQQ8vkf8eFo1KIit3s-3Bbww', 'cty': 'JWT'} |
3 | phase | <--<-- 5 --- Note -->--> |
3 | phase | <--<-- 6 --- Webfinger -->--> |
3 | not expected to do | WebFinger |
3 | phase | <--<-- 7 --- Discovery -->--> |
3 | provider_config | kwargs:{'issuer': 'https://isamfed.com:30443/test'}
|
4 | http response | url:https://isamfed.com:30443/test/.well-known/openid-configuration status_code:200
|
4 | ProviderConfigurationResponse | {
"authorization_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize",
"claims_parameter_supported": false,
"claims_supported": [
"realmName",
"preferred_username",
"given_name",
"uid",
"upn",
"groupIds",
"employee_id",
"name",
"tenantId",
"mobile_number",
"department",
"job_title",
"family_name",
"email"
],
"device_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/device_authorize",
"grant_types_supported": [
"urn:ietf:params:oauth:grant-type:jwt-bearer",
"implicit",
"urn:ietf:params:oauth:grant-type:saml2-bearer",
"urn:ietf:params:oauth:grant-type:device_code",
"client_credentials",
"password",
"authorization_code",
"refresh_token"
],
"id_token_encryption_alg_values_supported": [
"RSA-OAEP-256"
],
"id_token_encryption_enc_values_supported": [
"A128CBC-HS256"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"introspect_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/introspect",
"issuer": "https://isamfed.com:30443/test",
"jwks_uri": "https://isamfed.com:30443/mga/sps/jwks",
"name": "OIDCDefinition",
"poc": "https://isamfed.com:30443/mga/",
"registration_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition",
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_modes_supported": [
"fragment",
"form_post"
],
"response_types_supported": [
"token",
"id_token",
"token id_token",
"code",
"code id_token",
"code token id_token",
"code token",
"none"
],
"revocation_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/revoke",
"subject_types_supported": [
"public"
],
"token_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/token",
"token_endpoint_auth_methods_supported": [
"private_key_jwt",
"client_secret_post",
"client_secret_basic"
],
"user_authorize_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/user_authorize",
"userinfo_endpoint": "https://isamfed.com:30443/mga/sps/oauth/oauth20/userinfo",
"userinfo_signing_alg_values_supported": [
"RS256"
],
"version": "3.0"
}
|
4 | phase | <--<-- 8 --- Registration -->--> |
4 | register | kwargs:{'response_types': ['code id_token token'], 'grant_types': ['authorization_code', 'implicit'], 'application_name': 'OIC test tool', 'application_type': 'web', 'redirect_uris': ['https://op.certification.openid.net:61737/authz_cb'], 'contacts': ['roland@example.com'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:61737/logout'], 'url': 'https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition', 'jwks_uri': 'https://op.certification.openid.net:61737/static/jwks_61737.json', 'token_endpoint_auth_method': 'private_key_jwt'}
|
4 | RegistrationRequest | {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61737/static/jwks_61737.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61737/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61737/authz_cb"
],
"response_types": [
"code id_token token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
|
4 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition status_code:200
|
4 | RegistrationResponse | {
"application_type": "web",
"client_id": "fTbCo6p57WM8pIGCOepy",
"client_id_issued_at": 1560784032,
"client_secret": "sDyBkIOU9H3Hyfh7jazo",
"client_secret_expires_at": 0,
"contacts": [
"roland@example.com"
],
"grant_types": [
"authorization_code",
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:61737/static/jwks_61737.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:61737/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:61737/authz_cb"
],
"registration_access_token": "tFrOTXtrCUDM7A098cAB",
"registration_client_uri": "https://isamfed.com:30443/mga/sps/oauth/oauth20/register/OIDCDefinition?client_id=fTbCo6p57WM8pIGCOepy",
"response_types": [
"code",
"id_token",
"token"
],
"token_endpoint_auth_method": "private_key_jwt"
}
|
4 | phase | <--<-- 9 --- AsyncAuthn -->--> |
4 | AuthorizationRequest | {
"client_id": "fTbCo6p57WM8pIGCOepy",
"max_age": 1,
"nonce": "s1CljEzKpZduO9gj",
"redirect_uri": "https://op.certification.openid.net:61737/authz_cb",
"response_type": "code id_token token",
"scope": "openid",
"state": "ONhT8xx9eO9cYHkR"
}
|
4 | redirect url | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=ONhT8xx9eO9cYHkR&nonce=s1CljEzKpZduO9gj&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61737%2Fauthz_cb&max_age=1&client_id=fTbCo6p57WM8pIGCOepy |
4 | redirect | https://isamfed.com:30443/mga/sps/oauth/oauth20/authorize?state=ONhT8xx9eO9cYHkR&nonce=s1CljEzKpZduO9gj&response_type=code+id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61737%2Fauthz_cb&max_age=1&client_id=fTbCo6p57WM8pIGCOepy |
8 | http args | {} |
8 | response | URL with fragment |
8 | response | access_token=hbD9kw5712c4FyTgL9is&state=ONhT8xx9eO9cYHkR&expires_in=3599&token_type=bearer&code=GpB2vUPlx62DZpxhujFO7yQXZlMe5y&scope=openid&id_token=eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.SytUO5lIEV-wfsIqdK7-Vc03hJZinQk2fBCliSV2_Y_LZiaFeTaHkxuzAnuawETA_b74cfgxYMA-UTDOlvzX-bEVcW8QMZkOIYX94Bmlvj3MvY3YtJYgDzh2KGjI0uMitFHZ94JOFYQLj0JElMXuGvQLgtXSue3G-wAf8W2c38gxCIibG7nTDazR8TBjFZZFc9SKTZBBHnwc5zjGIWuK3OhjJwupDbMAfhzkojXZ1elJKosWxOk2hFvT3DvKG6ho4EL1fviW8XFs4gnaFjnlOZEf9cx_UmROoe9BSEwsZd8DQpnVY0hviuDbeZyzXqd6Tmq2CYykSrzaxkNzU6eBpg.0raQ63ZX2PWft9Z-BX54rg.8WyI36aYD9ybSGGIGLQEhOKgD6wJ6uc_dio2l0I8N4JgaExy1DArJzX3O-cLzZPoeVRmu1dIp_Jzo8u0szyQ2g5uKmTwpENvH8-unsrrEJHvHQqXvtregjg7BUm1jPSfxU_T12HhStCg_Pnh5n2dgLGDn8M-IUs5noqFLlypCFPoV3M_-4UGNnmLeAWkWcIhmdwLdgp8c1Dj-pw2JybkzQgRUqyeB2XHe6ertR0LcYSsaYCWwF-f-8vJxwO5BIvmLLk4_f3coQIM0s8Z9FBbw1f-mh0l602lVpGud7fwOXr0fRcVC3kmt_p6GZFPQt-swg33V7N6sluDg4j3H2aPRjy1MH5YPd_PxXiqswi_M3czcT02eHPJRi6VztK9yq7PfidDaiSWX1l7Sphwi3gV8MbE9IB39nOUIZwHcZkUI_qVwM0xQxajOA4lq4uoD8Rr7KosQmQzjdFFwf5-7BiAg25UkQhkCCO0fK6JEq17vIvYcYy1gYTdiVPe8O1bGBg9R73h8syUOHC5SbLstSAk152JawclHiHPpRuyNhV8H9KjH1kFKtagxFxuBkIU0kgNGiODbCvH5jzimC0ljTxFadcFcS5NZ3WeKK7sF9nJiy_VKt1HwLaoAGx5H8OW3wwAuEoLyAcEM2gSQAVJCfn4smJPSx-3Zf84NFnzi-78tJaEyg9zYu1tkRN0heVquvPKb08OL3hi30WD4Ppg1s-PqJsjFu_V1GC_svefZetvD2L0Jv0VK68vFmfjkKJj3iyX5lP5uZqC6OcobsthY9TZb51sxZvSg5iL7caTHugube1it9fgW6IJOBDI6Ik_2LWgkp1OMd99l1x_nOIO9rRa0k5KEyDbFmS_k0IqblJYC1nzd5tiGepuxxc3AZEjYJU6NprMZvSBRnj-_h7yCSJLoIYGe4C7_DonSLJcAes69PS8gIkgEBkvsvxGVdvu_GxmdX0cVrxphROQvVzx-gGKhi9-fcaxD6OEUrONNKLRH4Ppntr_lAfg3iHXENtYGDBo.PLq3CZu5exUXbMxyAaLJdw |
8 | response | {'access_token': 'hbD9kw5712c4FyTgL9is', 'state': 'ONhT8xx9eO9cYHkR', 'expires_in': 3599, 'token_type': 'bearer', 'code': 'GpB2vUPlx62DZpxhujFO7yQXZlMe5y', 'scope': 'openid', 'id_token': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.SytUO5lIEV-wfsIqdK7-Vc03hJZinQk2fBCliSV2_Y_LZiaFeTaHkxuzAnuawETA_b74cfgxYMA-UTDOlvzX-bEVcW8QMZkOIYX94Bmlvj3MvY3YtJYgDzh2KGjI0uMitFHZ94JOFYQLj0JElMXuGvQLgtXSue3G-wAf8W2c38gxCIibG7nTDazR8TBjFZZFc9SKTZBBHnwc5zjGIWuK3OhjJwupDbMAfhzkojXZ1elJKosWxOk2hFvT3DvKG6ho4EL1fviW8XFs4gnaFjnlOZEf9cx_UmROoe9BSEwsZd8DQpnVY0hviuDbeZyzXqd6Tmq2CYykSrzaxkNzU6eBpg.0raQ63ZX2PWft9Z-BX54rg.8WyI36aYD9ybSGGIGLQEhOKgD6wJ6uc_dio2l0I8N4JgaExy1DArJzX3O-cLzZPoeVRmu1dIp_Jzo8u0szyQ2g5uKmTwpENvH8-unsrrEJHvHQqXvtregjg7BUm1jPSfxU_T12HhStCg_Pnh5n2dgLGDn8M-IUs5noqFLlypCFPoV3M_-4UGNnmLeAWkWcIhmdwLdgp8c1Dj-pw2JybkzQgRUqyeB2XHe6ertR0LcYSsaYCWwF-f-8vJxwO5BIvmLLk4_f3coQIM0s8Z9FBbw1f-mh0l602lVpGud7fwOXr0fRcVC3kmt_p6GZFPQt-swg33V7N6sluDg4j3H2aPRjy1MH5YPd_PxXiqswi_M3czcT02eHPJRi6VztK9yq7PfidDaiSWX1l7Sphwi3gV8MbE9IB39nOUIZwHcZkUI_qVwM0xQxajOA4lq4uoD8Rr7KosQmQzjdFFwf5-7BiAg25UkQhkCCO0fK6JEq17vIvYcYy1gYTdiVPe8O1bGBg9R73h8syUOHC5SbLstSAk152JawclHiHPpRuyNhV8H9KjH1kFKtagxFxuBkIU0kgNGiODbCvH5jzimC0ljTxFadcFcS5NZ3WeKK7sF9nJiy_VKt1HwLaoAGx5H8OW3wwAuEoLyAcEM2gSQAVJCfn4smJPSx-3Zf84NFnzi-78tJaEyg9zYu1tkRN0heVquvPKb08OL3hi30WD4Ppg1s-PqJsjFu_V1GC_svefZetvD2L0Jv0VK68vFmfjkKJj3iyX5lP5uZqC6OcobsthY9TZb51sxZvSg5iL7caTHugube1it9fgW6IJOBDI6Ik_2LWgkp1OMd99l1x_nOIO9rRa0k5KEyDbFmS_k0IqblJYC1nzd5tiGepuxxc3AZEjYJU6NprMZvSBRnj-_h7yCSJLoIYGe4C7_DonSLJcAes69PS8gIkgEBkvsvxGVdvu_GxmdX0cVrxphROQvVzx-gGKhi9-fcaxD6OEUrONNKLRH4Ppntr_lAfg3iHXENtYGDBo.PLq3CZu5exUXbMxyAaLJdw'} |
8 | AuthorizationResponse | {
"access_token": "hbD9kw5712c4FyTgL9is",
"code": "GpB2vUPlx62DZpxhujFO7yQXZlMe5y",
"expires_in": 3599,
"id_token": {
"at_hash": "5fYhecYFa4Dc0v7JmOErJw",
"aud": [
"fTbCo6p57WM8pIGCOepy"
],
"auth_time": 1560784036,
"c_hash": "6-uPidnAS0_QVHxI86Up5w",
"exp": 1560787456,
"iat": 1560784036,
"iss": "https://isamfed.com:30443/test",
"nonce": "s1CljEzKpZduO9gj",
"sub": "testuser"
},
"scope": "openid",
"state": "ONhT8xx9eO9cYHkR",
"token_type": "bearer"
}
|
8 | phase | <--<-- 10 --- AccessToken -->--> |
8 | request | op_args: {'state': 'ONhT8xx9eO9cYHkR'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61737/authz_cb'} |
8 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61737/authz_cb', 'code': 'GpB2vUPlx62DZpxhujFO7yQXZlMe5y', 'state': 'ONhT8xx9eO9cYHkR', 'grant_type': 'authorization_code', 'client_id': 'fTbCo6p57WM8pIGCOepy'}, 'state': 'ONhT8xx9eO9cYHkR', 'authn_method': 'private_key_jwt'}
|
8 | AccessTokenRequest | {
"client_assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiZlRiQ282cDU3V004cElHQ09lcHkiLCAic3ViIjogImZUYkNvNnA1N1dNOHBJR0NPZXB5IiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICI0cDh2eVRrbGNHbnJDQnJOaE9STnh6MDZXQ1NYYmtmRyIsICJleHAiOiAxNTYwNzg0NjM2LCAiaWF0IjogMTU2MDc4NDAzNn0.cxpddrlD3WMLj40OVQUK4065mQyAUZMZt6hrsbDLgqvxpI8V5WEj2NeoO974Mz43ffDTC5sLGH2UXrLhKJZBp1-rinqRTx9dwPLwlzDMH_2qFmXSFmKB6ITuQMMqnehhDrp8BDh50wGl-LrOz2jfhomih8aKSppY_veXm1_dc_503eOOsMF7pAZ4eg6Y-fdm9Ve5GrfOPRYk6YiIvbo4f9sKITHQH_Q8iW7k-b-25KdOM0swfKN_uc3f8ugSm2ikaA0GMu3kha2PzHfyFmzu1lDCwHXP7EJFlowmqSprmwI2uiOC9KsHJwi6G-_Z8EdpHwTyg-g_TTG9Ks8o6Nn1cQ",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"code": "GpB2vUPlx62DZpxhujFO7yQXZlMe5y",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61737/authz_cb",
"state": "ONhT8xx9eO9cYHkR"
}
|
8 | request_url | https://isamfed.com:30443/mga/sps/oauth/oauth20/token |
8 | request_http_args | {'headers': {'Content-Type': 'application/x-www-form-urlencoded'}} |
8 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61737%2Fauthz_cb&code=GpB2vUPlx62DZpxhujFO7yQXZlMe5y&state=ONhT8xx9eO9cYHkR&client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6Ind0MjVPZ3lSX256RzNPb1E3ZGFhMnJMNi1nTW5GZGZSekJqaFVWUHU4UlEifQ.eyJpc3MiOiAiZlRiQ282cDU3V004cElHQ09lcHkiLCAic3ViIjogImZUYkNvNnA1N1dNOHBJR0NPZXB5IiwgImF1ZCI6IFsiaHR0cHM6Ly9pc2FtZmVkLmNvbTozMDQ0My9tZ2Evc3BzL29hdXRoL29hdXRoMjAvdG9rZW4iXSwgImp0aSI6ICI0cDh2eVRrbGNHbnJDQnJOaE9STnh6MDZXQ1NYYmtmRyIsICJleHAiOiAxNTYwNzg0NjM2LCAiaWF0IjogMTU2MDc4NDAzNn0.cxpddrlD3WMLj40OVQUK4065mQyAUZMZt6hrsbDLgqvxpI8V5WEj2NeoO974Mz43ffDTC5sLGH2UXrLhKJZBp1-rinqRTx9dwPLwlzDMH_2qFmXSFmKB6ITuQMMqnehhDrp8BDh50wGl-LrOz2jfhomih8aKSppY_veXm1_dc_503eOOsMF7pAZ4eg6Y-fdm9Ve5GrfOPRYk6YiIvbo4f9sKITHQH_Q8iW7k-b-25KdOM0swfKN_uc3f8ugSm2ikaA0GMu3kha2PzHfyFmzu1lDCwHXP7EJFlowmqSprmwI2uiOC9KsHJwi6G-_Z8EdpHwTyg-g_TTG9Ks8o6Nn1cQ&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer |
9 | http response | url:https://isamfed.com:30443/mga/sps/oauth/oauth20/token status_code:200
|
9 | response | {'access_token': 'rXq6zCIgXE6lmM3GGy0p', 'refresh_token': 'uWfvhXxDFkiJdmO5kH42o3xQ52C0pf5Ba0dqsPjR', 'scope': 'openid', 'id_token': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiZ3RINHYzWXIyUXFMcmVCU3owQnlRUTh2a2Y4ZUZvMUtJaXQzcy0zQmJ3dyIsImN0eSI6IkpXVCJ9.kDPQXBSDSpHbVCj_IpiUnQT2aCLPNezkYog2Te4EVhjgDyGaAtIzBLjPyFfl_7rscSNQzyAeS415-817QprW5lqUIRbVSHmTHNyHx7wIcmxT74AjjKB-OrKDnCFYpaSCTwy2_933DrezbsvKiJDc9GTiMQlbDJYy0fF15pH2RsZfMjZmHy8TStZlMvnzSC7raJeP0agBiW0S9zMQ0mq2a7msNUJ0ylZN2ZBpQYvAsWV5sUMPC8-is6Smp_moF6gIlwyaQgTkfVzJWJOZZD0Sepj8EeboQjXZfttStV9OVjU--9mF3dH4YBBVbvyBFn3wot0bdzM6FRI7ang9D6gGxg.zZiUQoOu797UU8ho3S-ADg.LagO3lYSuAZ3MqgOG4sm4CxljsQpPpa7jgCN-ieBbEpNpXrhfj8lENdpHyWtSAAwrx-NpYeDp4ke_IVyoaMDQ2NwrzFjHX3npk2CpS2pFA0p_7CTg8Ptau8zsogL8XPYJn9WCiTQ45nP0DGwToYWqZ4p8OpuzaTzypvCvA2gPjRB4iR3iNjC9SDZVqreC24O8lqmYa6bFgCAFuZZM6ilh1cMHrJhpj54DChoScqo4zZg7V7KmcMO0antsx0DYXnDX59YBpnNQRXDXhQqRZ7UBvPHxb-XssMh1zoDDEFAQ4-UuPik6KmiM4nG3GVIOjLnS6zmbD6-rBx9yntVg5LeHZOusEZwlDdDqM9RyDFAS9MXcoKg_CvbMHis_pS1Mbgx7MAWDeX5ibzfI4AFy2De97VMg8bpwHYQ6KzfAefEsLcUyzT9pCeDaD-CWWC8jTBQYbjqF9glbP6i0VlO5xr-Epf68IGb6veZOcPIgjxU-SnRkY3jpeQVtklQDcdXabPC6TFTACCbAwBxYtuPsbI2i1-5n_-ry6afVzue-9UkckdvIBWm_CDi3G24u_2bUe1nY8jL0tzlX3AiRwy7nF0B6YPoDAwiJXmutBmhaxfX4vK44QQVXFvTl07mSzau-m7Q0wMc5cYg5XEVqbNtSSeUnigXwsi5b-5xdmyjULUkswCRD79MbPs5zD9Z1IkHE0f5WXVMJJchPm3LrHxz2IFXI3TSQbTOvlgXm8FMu7LtItfIN6NzUdDXBYvMlyHTJlpPzJ2gRJ0Mn5kzbAoH5wOvFUlpv8ggFLseQGK7o5WrFhb_57Iw_VIN0SLDjW2w8_nQLnUEajE3Q6oSVo_vlZorXPHKutIANVOa12eXOj8r_WKCmvqH-4bJkM3ZYqvjr5eoCKaink-mJibGuLku0nW0P2debRN3RFC6YVpGTaMwYLAWZqqD4KXUHNFJBxpI4Oy1lmxAR4fGFFzlXwTJxhrnXl6pHL9QiLiiGD7hHz_-EK6-xU-eeLudwXbOTKAmlqIB.m3ASblqFzkxERWQobo6xmw', 'token_type': 'bearer', 'expires_in': 3599} |
9 | AccessTokenResponse | {
"access_token": "rXq6zCIgXE6lmM3GGy0p",
"expires_in": 3599,
"id_token": {
"at_hash": "zbWkrCjdDUshC7bhgRgClw",
"aud": [
"fTbCo6p57WM8pIGCOepy"
],
"auth_time": 1560784037,
"exp": 1560787457,
"iat": 1560784037,
"iss": "https://isamfed.com:30443/test",
"nonce": "s1CljEzKpZduO9gj",
"rt_hash": "mPjtOer2P5jp3hS1bTM4YQ",
"sub": "testuser"
},
"refresh_token": "uWfvhXxDFkiJdmO5kH42o3xQ52C0pf5Ba0dqsPjR",
"scope": "openid",
"token_type": "bearer"
}
|
9 | jws header | {'kid': '_uhPdeGrTWxobFeH0XbzjJpRrzp3CB9nknx1yFV1G-0', 'alg': 'RS256'} |
9 | jwe header | {'alg': 'RSA-OAEP-256', 'enc': 'A128CBC-HS256', 'kid': 'gtH4v3Yr2QqLreBSz0ByQQ8vkf8eFo1KIit3s-3Bbww', 'cty': 'JWT'} |
9 | phase | <--<-- 11 --- Done -->--> |
9 | end | |
9 | assertion | ClaimsCheck |
9 | condition | claims-check: status=OK [Checks if specific claims is present or not] |
9 | assertion | AuthTimeCheck |
9 | condition | auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.] |
9 | assertion | MultipleSignOn |
9 | condition | multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow] |
9 | assertion | VerifyResponse |
9 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
9 | condition | Done: status=OK |