0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | not expected to do | Dynamic discovery |
0 | phase | <--<-- 2 --- Registration -->--> |
0 | not expected to do | Dynamic registration |
0 | phase | <--<-- 3 --- AsyncAuthn -->--> |
0 | AuthorizationRequest | {
"client_id": "op.certification.openid.net",
"nonce": "jMqQEgLJv85S7nyD",
"redirect_uri": "https://op.certification.openid.net:61504/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "ajiCwwSBiV2yvjiO"
}
|
0 | redirect url | https://idp.armls.com/connect/authorize?state=ajiCwwSBiV2yvjiO&nonce=jMqQEgLJv85S7nyD&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61504%2Fauthz_cb&client_id=op.certification.openid.net |
0 | redirect | https://idp.armls.com/connect/authorize?state=ajiCwwSBiV2yvjiO&nonce=jMqQEgLJv85S7nyD&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61504%2Fauthz_cb&client_id=op.certification.openid.net |
0 | response | Response URL with query part |
0 | response | {'code': 'a268daee6f66e9ae209923205eef1b140606e6772f3d52e00cb19ce86421f064', 'scope': 'openid', 'state': 'ajiCwwSBiV2yvjiO', 'session_state': 'GUej1HwjQLsYYR5NdEd6rqSla7HIpmFyTmRMnv2t7rs.2320025b3d8e57084eef52ec1ed0e8be'} |
0 | response | {'code': 'a268daee6f66e9ae209923205eef1b140606e6772f3d52e00cb19ce86421f064', 'scope': 'openid', 'state': 'ajiCwwSBiV2yvjiO', 'session_state': 'GUej1HwjQLsYYR5NdEd6rqSla7HIpmFyTmRMnv2t7rs.2320025b3d8e57084eef52ec1ed0e8be'} |
0 | AuthorizationResponse | {
"code": "a268daee6f66e9ae209923205eef1b140606e6772f3d52e00cb19ce86421f064",
"scope": "openid",
"session_state": "GUej1HwjQLsYYR5NdEd6rqSla7HIpmFyTmRMnv2t7rs.2320025b3d8e57084eef52ec1ed0e8be",
"state": "ajiCwwSBiV2yvjiO"
}
|
0 | phase | <--<-- 4 --- AccessToken -->--> |
0 | request | op_args: {'state': 'ajiCwwSBiV2yvjiO'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61504/authz_cb'} |
0 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61504/authz_cb', 'code': 'a268daee6f66e9ae209923205eef1b140606e6772f3d52e00cb19ce86421f064', 'state': 'ajiCwwSBiV2yvjiO', 'grant_type': 'authorization_code', 'client_id': 'op.certification.openid.net'}, 'state': 'ajiCwwSBiV2yvjiO', 'authn_method': 'client_secret_basic'}
|
0 | AccessTokenRequest | {
"code": "a268daee6f66e9ae209923205eef1b140606e6772f3d52e00cb19ce86421f064",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61504/authz_cb",
"state": "ajiCwwSBiV2yvjiO"
}
|
0 | request_url | https://idp.armls.com/connect/token |
0 | request_http_args | {'headers': {'Authorization': 'Basic b3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0Om9wLmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldA==', 'Content-Type': 'application/x-www-form-urlencoded'}} |
0 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61504%2Fauthz_cb&code=a268daee6f66e9ae209923205eef1b140606e6772f3d52e00cb19ce86421f064&state=ajiCwwSBiV2yvjiO |
0 | http response | url:https://idp.armls.com/connect/token status_code:200
|
0 | response | {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IkUzOEMwRDRBMzgwNkI1NTMxQTRFN0Y3MTNDQ0ZBMjI2NEE3N0FCNDEiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI0NHdOU2pnR3RWTWFUbjl4UE0taUprcDNxMEUifQ.eyJuYmYiOjE1NTA3ODY2NDcsImV4cCI6MTU1MDc4Njk0NywiaXNzIjoiaHR0cHM6Ly9pZHAuYXJtbHMuY29tIiwiYXVkIjoib3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0Iiwibm9uY2UiOiJqTXFRRWdMSnY4NVM3bnlEIiwiaWF0IjoxNTUwNzg2NjQ3LCJhdF9oYXNoIjoidUVNMXQ3UVpCQ0V6b0IxUV9lOFJaQSIsInNpZCI6IjU5ZjY1ODRiZjE0YjNhOTQwM2Y3OGUwNGQ4ZjZlMDcxIiwic3ViIjoiMDIwNTE2NzUtN0REMy00NDY5LUE0MzMtRENEM0E3RUI3Qjg4IiwiYXV0aF90aW1lIjoxNTUwMjY5NTEwLCJpZHAiOiJsb2NhbCIsImFtciI6WyJleHRlcm5hbCJdfQ.Be9pUILPC9WjJMkQO2coOUVGyOT9oQObJD046xJmnXd624AWpU5SsekDuneVa8BN2oDSsJOJOU-sR86SkgE3xP0MnZkgwTCquvtvl142CyiShQs9qLXW1fJ90FxBbu73lTCWzTeRmizYUPuSiZkIjsuWdwspIch9uRXzYtAKrWWLMOCpvdvU-ODrXFRCUvuvYEiKyR-0m3L7HRjVv_40770k34Zwj4K1gM_9XwpXI2yA0-BzJ0b5ndyoKfvTbWnW051Khs7y4q-UZHuOpTtkcefVuZrInd-NLd__K66hiL5JAZz8otvT_wkEnig7c6TU0I2bvX-FyVrQscbMRYMulg', 'access_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IkUzOEMwRDRBMzgwNkI1NTMxQTRFN0Y3MTNDQ0ZBMjI2NEE3N0FCNDEiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI0NHdOU2pnR3RWTWFUbjl4UE0taUprcDNxMEUifQ.eyJuYmYiOjE1NTA3ODY2NDcsImV4cCI6MTU1MDc5MDI0NywiaXNzIjoiaHR0cHM6Ly9pZHAuYXJtbHMuY29tIiwiYXVkIjoiaHR0cHM6Ly9pZHAuYXJtbHMuY29tL3Jlc291cmNlcyIsImNsaWVudF9pZCI6Im9wLmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldCIsInN1YiI6IjAyMDUxNjc1LTdERDMtNDQ2OS1BNDMzLURDRDNBN0VCN0I4OCIsImF1dGhfdGltZSI6MTU1MDI2OTUxMCwiaWRwIjoibG9jYWwiLCJzY29wZSI6WyJvcGVuaWQiXSwiYW1yIjpbImV4dGVybmFsIl19.dt1dQBbtx8v8BOKq5xHkd0NxJw9DHejQPUu2tisGXWmoANcFU372_bVoicyWPqRRBcLlVDAanzsrP85O09bzMRhyfj64TlPRfm6xrBKl3mR5RRrcSCMu2nGZcVtfAfiNEcB0Lnq0KB05l33l289D-xVso629RF9M5_M9vZal-RNM7YvzIvIh3YTQ0yke7JrIPYL0bJ_FoDANBZZvESM-07W0F_-Evrsy5D2Yz3u2KeES55roiJ95yf8IdKWZjWwaCtGuChvoKdrU7-Ri7NCbiPJ7RVFGVcGeMU2qmemj2XxKhiDeYpgOXab6qFFLAsdTQDawuIphaVHkLRilI8bDzA', 'expires_in': 3600, 'token_type': 'Bearer'} |
1 | AccessTokenResponse | {
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkUzOEMwRDRBMzgwNkI1NTMxQTRFN0Y3MTNDQ0ZBMjI2NEE3N0FCNDEiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI0NHdOU2pnR3RWTWFUbjl4UE0taUprcDNxMEUifQ.eyJuYmYiOjE1NTA3ODY2NDcsImV4cCI6MTU1MDc5MDI0NywiaXNzIjoiaHR0cHM6Ly9pZHAuYXJtbHMuY29tIiwiYXVkIjoiaHR0cHM6Ly9pZHAuYXJtbHMuY29tL3Jlc291cmNlcyIsImNsaWVudF9pZCI6Im9wLmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldCIsInN1YiI6IjAyMDUxNjc1LTdERDMtNDQ2OS1BNDMzLURDRDNBN0VCN0I4OCIsImF1dGhfdGltZSI6MTU1MDI2OTUxMCwiaWRwIjoibG9jYWwiLCJzY29wZSI6WyJvcGVuaWQiXSwiYW1yIjpbImV4dGVybmFsIl19.dt1dQBbtx8v8BOKq5xHkd0NxJw9DHejQPUu2tisGXWmoANcFU372_bVoicyWPqRRBcLlVDAanzsrP85O09bzMRhyfj64TlPRfm6xrBKl3mR5RRrcSCMu2nGZcVtfAfiNEcB0Lnq0KB05l33l289D-xVso629RF9M5_M9vZal-RNM7YvzIvIh3YTQ0yke7JrIPYL0bJ_FoDANBZZvESM-07W0F_-Evrsy5D2Yz3u2KeES55roiJ95yf8IdKWZjWwaCtGuChvoKdrU7-Ri7NCbiPJ7RVFGVcGeMU2qmemj2XxKhiDeYpgOXab6qFFLAsdTQDawuIphaVHkLRilI8bDzA",
"expires_in": 3600,
"id_token": {
"amr": [
"external"
],
"at_hash": "uEM1t7QZBCEzoB1Q_e8RZA",
"aud": [
"op.certification.openid.net"
],
"auth_time": 1550269510,
"exp": 1550786947,
"iat": 1550786647,
"idp": "local",
"iss": "https://idp.armls.com",
"nbf": 1550786647,
"nonce": "jMqQEgLJv85S7nyD",
"sid": "59f6584bf14b3a9403f78e04d8f6e071",
"sub": "02051675-7DD3-4469-A433-DCD3A7EB7B88"
},
"token_type": "Bearer"
}
|
1 | jws header | {'alg': 'RS256', 'kid': 'E38C0D4A3806B5531A4E7F713CCFA2264A77AB41', 'typ': 'JWT', 'x5t': '44wNSjgGtVMaTn9xPM-iJkp3q0E'} |
1 | phase | <--<-- 5 --- AsyncAuthn -->--> |
1 | AuthorizationRequest | {
"client_id": "op.certification.openid.net",
"nonce": "WoMXaB7xm8wQI3wD",
"prompt": [
"none"
],
"redirect_uri": "https://op.certification.openid.net:61504/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "rUOXgdqsxOzlJ8fw"
}
|
1 | redirect url | https://idp.armls.com/connect/authorize?state=rUOXgdqsxOzlJ8fw&nonce=WoMXaB7xm8wQI3wD&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61504%2Fauthz_cb&prompt=none&client_id=op.certification.openid.net |
1 | redirect | https://idp.armls.com/connect/authorize?state=rUOXgdqsxOzlJ8fw&nonce=WoMXaB7xm8wQI3wD&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61504%2Fauthz_cb&prompt=none&client_id=op.certification.openid.net |
1 | response | Response URL with query part |
1 | response | {'code': 'a738f3fd42d58d252e948c435d01188d230e1274bf7435a7bb649a9b42164402', 'scope': 'openid', 'state': 'rUOXgdqsxOzlJ8fw', 'session_state': 'XzAFyGL1xkT_BImQz7_trx-24D8y3PASeTCKSZnkQ-o.7afef6be774270db7d1872fdb2b08249'} |
1 | response | {'code': 'a738f3fd42d58d252e948c435d01188d230e1274bf7435a7bb649a9b42164402', 'scope': 'openid', 'state': 'rUOXgdqsxOzlJ8fw', 'session_state': 'XzAFyGL1xkT_BImQz7_trx-24D8y3PASeTCKSZnkQ-o.7afef6be774270db7d1872fdb2b08249'} |
1 | AuthorizationResponse | {
"code": "a738f3fd42d58d252e948c435d01188d230e1274bf7435a7bb649a9b42164402",
"scope": "openid",
"session_state": "XzAFyGL1xkT_BImQz7_trx-24D8y3PASeTCKSZnkQ-o.7afef6be774270db7d1872fdb2b08249",
"state": "rUOXgdqsxOzlJ8fw"
}
|
1 | phase | <--<-- 6 --- AccessToken -->--> |
1 | request | op_args: {'state': 'rUOXgdqsxOzlJ8fw'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61504/authz_cb'} |
1 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61504/authz_cb', 'code': 'a738f3fd42d58d252e948c435d01188d230e1274bf7435a7bb649a9b42164402', 'state': 'rUOXgdqsxOzlJ8fw', 'grant_type': 'authorization_code', 'client_id': 'op.certification.openid.net'}, 'state': 'rUOXgdqsxOzlJ8fw', 'authn_method': 'client_secret_basic'}
|
1 | AccessTokenRequest | {
"code": "a738f3fd42d58d252e948c435d01188d230e1274bf7435a7bb649a9b42164402",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61504/authz_cb",
"state": "rUOXgdqsxOzlJ8fw"
}
|
1 | request_url | https://idp.armls.com/connect/token |
1 | request_http_args | {'headers': {'Authorization': 'Basic b3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0Om9wLmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldA==', 'Content-Type': 'application/x-www-form-urlencoded'}} |
1 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61504%2Fauthz_cb&code=a738f3fd42d58d252e948c435d01188d230e1274bf7435a7bb649a9b42164402&state=rUOXgdqsxOzlJ8fw |
1 | http response | url:https://idp.armls.com/connect/token status_code:200
|
1 | response | {'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IkUzOEMwRDRBMzgwNkI1NTMxQTRFN0Y3MTNDQ0ZBMjI2NEE3N0FCNDEiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI0NHdOU2pnR3RWTWFUbjl4UE0taUprcDNxMEUifQ.eyJuYmYiOjE1NTA3ODY2NDgsImV4cCI6MTU1MDc4Njk0OCwiaXNzIjoiaHR0cHM6Ly9pZHAuYXJtbHMuY29tIiwiYXVkIjoib3AuY2VydGlmaWNhdGlvbi5vcGVuaWQubmV0Iiwibm9uY2UiOiJXb01YYUI3eG04d1FJM3dEIiwiaWF0IjoxNTUwNzg2NjQ4LCJhdF9oYXNoIjoiUmpYWERJN0xnRW45TzJoM01ZZTh3dyIsInNpZCI6IjU5ZjY1ODRiZjE0YjNhOTQwM2Y3OGUwNGQ4ZjZlMDcxIiwic3ViIjoiMDIwNTE2NzUtN0REMy00NDY5LUE0MzMtRENEM0E3RUI3Qjg4IiwiYXV0aF90aW1lIjoxNTUwMjY5NTEwLCJpZHAiOiJsb2NhbCIsImFtciI6WyJleHRlcm5hbCJdfQ.aRSsIOHHYyq9xbUtj7LI1eE0YDJhpJs-lqszD2m6IvQxqUsZ0rYyu4Fe9mlEXLNx_kQ3fc4w9PIE4DO9iLApgYZJU6XWjHyu8Zu8hq7IaRVsHUQocqP0OKhy6KIfItDvAk3omwWoeFCp1Om9OaQhQZNXWkDTe9eZO0GXdlfFqFmx0BzhRp3gRf5X3OzWT5FrundTAuOaei3gsQ1wX_sWo9t1gXT65VIf8Murdf_vhZ-qsFJBYrShZDbnmRAmThyx3rZOe5SdJPGg40Y8guTp2qoYFftzRNPCoUFP4JsK6yOday9YbG0cHNZ2IxUiLUUX7GIBu60VAmjWrnicC5-3tQ', 'access_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IkUzOEMwRDRBMzgwNkI1NTMxQTRFN0Y3MTNDQ0ZBMjI2NEE3N0FCNDEiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI0NHdOU2pnR3RWTWFUbjl4UE0taUprcDNxMEUifQ.eyJuYmYiOjE1NTA3ODY2NDgsImV4cCI6MTU1MDc5MDI0OCwiaXNzIjoiaHR0cHM6Ly9pZHAuYXJtbHMuY29tIiwiYXVkIjoiaHR0cHM6Ly9pZHAuYXJtbHMuY29tL3Jlc291cmNlcyIsImNsaWVudF9pZCI6Im9wLmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldCIsInN1YiI6IjAyMDUxNjc1LTdERDMtNDQ2OS1BNDMzLURDRDNBN0VCN0I4OCIsImF1dGhfdGltZSI6MTU1MDI2OTUxMCwiaWRwIjoibG9jYWwiLCJzY29wZSI6WyJvcGVuaWQiXSwiYW1yIjpbImV4dGVybmFsIl19.OoJZDws2jy1Gki6Qi7d0KI8HVak3APWqmWTjk5vpkZQVB20FmEg_am91i3qB5oRCWlH7j7Y82W-OMnNkdNWznOePJ2_oTXhp_fy-rZlsPsmrJ8Eeq7mvejw7K2pWQU4QonNWK8smv3dfVHOQkQJTvAz0oSeG2dSToXByOFh5-BQI34OKLIPk697Papc8nj7M7_mZ1nLNar7bDRXf-hI882ymWqcVDUBmQbtioMsVKKumslcs87UY_D8QxTZcbymF_ObtxKMuxyqQgqhM2GE6Q5ste4R-W1n4gEtfHPr81KE62nmhh0iB0C343zryzMlLEN_IkNuwA36APNimo33RpA', 'expires_in': 3600, 'token_type': 'Bearer'} |
1 | AccessTokenResponse | {
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkUzOEMwRDRBMzgwNkI1NTMxQTRFN0Y3MTNDQ0ZBMjI2NEE3N0FCNDEiLCJ0eXAiOiJKV1QiLCJ4NXQiOiI0NHdOU2pnR3RWTWFUbjl4UE0taUprcDNxMEUifQ.eyJuYmYiOjE1NTA3ODY2NDgsImV4cCI6MTU1MDc5MDI0OCwiaXNzIjoiaHR0cHM6Ly9pZHAuYXJtbHMuY29tIiwiYXVkIjoiaHR0cHM6Ly9pZHAuYXJtbHMuY29tL3Jlc291cmNlcyIsImNsaWVudF9pZCI6Im9wLmNlcnRpZmljYXRpb24ub3BlbmlkLm5ldCIsInN1YiI6IjAyMDUxNjc1LTdERDMtNDQ2OS1BNDMzLURDRDNBN0VCN0I4OCIsImF1dGhfdGltZSI6MTU1MDI2OTUxMCwiaWRwIjoibG9jYWwiLCJzY29wZSI6WyJvcGVuaWQiXSwiYW1yIjpbImV4dGVybmFsIl19.OoJZDws2jy1Gki6Qi7d0KI8HVak3APWqmWTjk5vpkZQVB20FmEg_am91i3qB5oRCWlH7j7Y82W-OMnNkdNWznOePJ2_oTXhp_fy-rZlsPsmrJ8Eeq7mvejw7K2pWQU4QonNWK8smv3dfVHOQkQJTvAz0oSeG2dSToXByOFh5-BQI34OKLIPk697Papc8nj7M7_mZ1nLNar7bDRXf-hI882ymWqcVDUBmQbtioMsVKKumslcs87UY_D8QxTZcbymF_ObtxKMuxyqQgqhM2GE6Q5ste4R-W1n4gEtfHPr81KE62nmhh0iB0C343zryzMlLEN_IkNuwA36APNimo33RpA",
"expires_in": 3600,
"id_token": {
"amr": [
"external"
],
"at_hash": "RjXXDI7LgEn9O2h3MYe8ww",
"aud": [
"op.certification.openid.net"
],
"auth_time": 1550269510,
"exp": 1550786948,
"iat": 1550786648,
"idp": "local",
"iss": "https://idp.armls.com",
"nbf": 1550786648,
"nonce": "WoMXaB7xm8wQI3wD",
"sid": "59f6584bf14b3a9403f78e04d8f6e071",
"sub": "02051675-7DD3-4469-A433-DCD3A7EB7B88"
},
"token_type": "Bearer"
}
|
1 | jws header | {'alg': 'RS256', 'kid': 'E38C0D4A3806B5531A4E7F713CCFA2264A77AB41', 'typ': 'JWT', 'x5t': '44wNSjgGtVMaTn9xPM-iJkp3q0E'} |
1 | phase | <--<-- 7 --- Done -->--> |
1 | end | |
1 | assertion | SameAuthn |
1 | condition | same-authn: status=OK [Verifies that the same authentication was used twice in the flow.] |
1 | assertion | VerifyResponse |
1 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
1 | condition | Done: status=OK |