0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | provider_config | kwargs:{'issuer': 'https://testop.funet.fi'}
|
0 | http response | url:https://testop.funet.fi/.well-known/openid-configuration status_code:200
|
0 | ProviderConfigurationResponse | {
"authorization_endpoint": "https://testop.funet.fi/idp/profile/oidc/authorize",
"claims_parameter_supported": true,
"claims_supported": [
"aud",
"iss",
"sub",
"iat",
"exp",
"acr",
"auth_time",
"email",
"email_verified",
"address",
"phone",
"phone_number_verified",
"name",
"family_name",
"given_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"gender",
"birthdate",
"zoneinfo",
"locale",
"updated_at"
],
"display_values_supported": [
"page"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"refresh_token"
],
"id_token_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP",
"RSA-OAEP-256",
"A128KW",
"A192KW",
"A256KW"
],
"id_token_encryption_enc_values_supported": [
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512",
"A128GCM",
"A192GCM",
"A256GCM"
],
"id_token_signing_alg_values_supported": [
"RS256",
"RS384",
"RS512",
"HS256",
"HS384",
"HS512",
"ES256"
],
"issuer": "https://testop.funet.fi",
"jwks_uri": "https://testop.funet.fi/idp/profile/oidc/keyset",
"registration_endpoint": "https://testop.funet.fi/idp/profile/oidc/register",
"request_object_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP",
"RSA-OAEP-256",
"A128KW",
"A192KW",
"A256KW"
],
"request_object_encryption_enc_values_supported": [
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512",
"A128GCM",
"A192GCM",
"A256GCM"
],
"request_object_signing_alg_values_supported": [
"none",
"RS256",
"RS384",
"RS512",
"HS256",
"HS384",
"HS512",
"ES256",
"ES384",
"ES512"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_modes_supported": [
"query",
"fragment",
"form_post"
],
"response_types_supported": [
"code",
"id_token",
"token id_token",
"code id_token",
"code token",
"code token id_token"
],
"scopes_supported": [
"openid",
"profile",
"email",
"address",
"phone",
"offline_access"
],
"subject_types_supported": [
"public",
"pairwise"
],
"token_endpoint": "https://testop.funet.fi/idp/profile/oidc/token",
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt"
],
"userinfo_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP",
"RSA-OAEP-256",
"A128KW",
"A192KW",
"A256KW"
],
"userinfo_encryption_enc_values_supported": [
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512",
"A128GCM",
"A192GCM",
"A256GCM"
],
"userinfo_endpoint": "https://testop.funet.fi/idp/profile/oidc/userinfo",
"userinfo_signing_alg_values_supported": [
"RS256",
"RS384",
"RS512",
"HS256",
"HS384",
"HS512",
"ES256"
],
"version": "3.0"
}
|
0 | phase | <--<-- 2 --- Registration -->--> |
0 | register | kwargs:{'response_types': ['id_token token'], 'grant_types': ['implicit'], 'application_name': 'OIC test tool', 'application_type': 'web', 'redirect_uris': ['https://op.certification.openid.net:60028/authz_cb'], 'contacts': ['roland@example.com'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:60028/logout'], 'url': 'https://testop.funet.fi/idp/profile/oidc/register', 'jwks_uri': 'https://op.certification.openid.net:60028/static/jwks_60028.json', 'token_endpoint_auth_method': 'client_secret_basic'}
|
0 | RegistrationRequest | {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:60028/static/jwks_60028.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:60028/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:60028/authz_cb"
],
"response_types": [
"id_token token"
],
"token_endpoint_auth_method": "client_secret_basic"
}
|
1 | http response | url:https://testop.funet.fi/idp/profile/oidc/register status_code:200
|
1 | RegistrationResponse | {
"application_type": "web",
"client_id": "_34a4525304420a7b933b24e0303751c0",
"client_id_issued_at": 1556545106,
"client_secret": "_0bfa50bc8d747747df1459639ba592e7",
"client_secret_expires_at": 1588081106,
"contacts": [
"roland@example.com"
],
"grant_types": [
"implicit"
],
"id_token_signed_response_alg": "RS256",
"jwks_uri": "https://op.certification.openid.net:60028/static/jwks_60028.json",
"redirect_uris": [
"https://op.certification.openid.net:60028/authz_cb"
],
"response_types": [
"id_token token"
],
"scope": "openid profile email address phone offline_access",
"subject_type": "public",
"tls_client_certificate_bound_access_tokens": false,
"token_endpoint_auth_method": "client_secret_basic"
}
|
1 | phase | <--<-- 3 --- AsyncAuthn -->--> |
1 | AuthorizationRequest | {
"client_id": "_34a4525304420a7b933b24e0303751c0",
"nonce": "EfrSF2uXxjLLQlOn",
"redirect_uri": "https://op.certification.openid.net:60028/authz_cb",
"response_type": "id_token token",
"scope": "openid",
"state": "AGPOYUlp75FisN2r"
}
|
1 | redirect url | https://testop.funet.fi/idp/profile/oidc/authorize?state=AGPOYUlp75FisN2r&nonce=EfrSF2uXxjLLQlOn&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_34a4525304420a7b933b24e0303751c0 |
1 | redirect | https://testop.funet.fi/idp/profile/oidc/authorize?state=AGPOYUlp75FisN2r&nonce=EfrSF2uXxjLLQlOn&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&client_id=_34a4525304420a7b933b24e0303751c0 |
4 | http args | {} |
4 | response | URL with fragment |
4 | response | access_token=AAdzZWNyZXQxcqq-dd9zLYNYTT8NOcyNq0y9vjNHsyMm1DDhsYw8tWYnPyBYbdYMTZweJ1yf2n5PvFpNOxkeyT6c9BWSffEmxov5J7jBZN-p-TBolikSuyvEWlPfJ5iT7Twdm0ntIbKWcTqvtF7mHKQcRPsapjDtqiHPjKARIV967d0oYCaex00X_xhKmm8rtML96HQVf9SLqdusONIEq7s9lKZ9BHr6_LblJNMoPWM8G3TlHXxv0YosXbKe-8xJjZ5c-kdZUMQjVIXFueI7D6rhYqTJnacWFfuqJ2mvGWn_1YrvM9n2QifLU4-7i2yZ1n9Nds4XzLOAoKytJsDOF46tHtF4OSIK2PpahGKuXrI_zITu0DgtCRm-aJ87NiXhtBReuSVdaqRk-22Oxq7txQn-1drI-q9XCtOA748NUKjieSv68ft3FgzgUoN86uDO0lyFvlXtKYyQlltX_fjDCTkm47GGWDPAJdjLHwAqZEXknWY33TCTycyz&id_token=eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiVWt3T010WnBZeHluN21wNS1aVjA3ZyIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiXzM0YTQ1MjUzMDQ0MjBhN2I5MzNiMjRlMDMwMzc1MWMwIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDUwNzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDg3MDksImlhdCI6MTU1NjU0NTEwOSwibm9uY2UiOiJFZnJTRjJ1WHhqTExRbE9uIn0.X_IAo4xyhE_dm3AkbMnrWvQ1S9LJDILONCbhGSocYxMcqAmnOd04PjE5xct9L2umgkr7LWFkUnJn1xzpVeYqys70zvgy4uBiB5WeSCqqJPfwtVAPXZ4TZ_ymhq1PCtTe98xRtH05hk7HtiF2BgnntH2q0iXToQ00WzEiQee0gabkf3ACrL8KA27TT_0mlMZiZOJqe5aSe_6rEZeRc95twP2cQ_HDLoCzc4s2_JmqV1QTNFTA7TZBkXVJWGxqh9AhcCdWhtkjK5kQjrg7BRSSTOBqI7WcvskliKKz1MJFPUswUab7qcy-MtrFoCkO_6nluzutsxHRDAdO3SkvQ8VkNg&state=AGPOYUlp75FisN2r&token_type=Bearer&expires_in=600 |
4 | response | {'access_token':
'AAdzZWNyZXQxcqq-dd9zLYNYTT8NOcyNq0y9vjNHsyMm1DDhsYw8tWYnPyBYbdYMTZweJ1yf2n5PvFpNOxkeyT6c9BWSffEmxov5J7jBZN-p-TBolikSuyvEWlPfJ5iT7Twdm0ntIbKWcTqvtF7mHKQcRPsapjDtqiHPjKARIV967d0oYCaex00X_xhKmm8rtML96HQVf9SLqdusONIEq7s9lKZ9BHr6_LblJNMoPWM8G3TlHXxv0YosXbKe-8xJjZ5c-kdZUMQjVIXFueI7D6rhYqTJnacWFfuqJ2mvGWn_1YrvM9n2QifLU4-7i2yZ1n9Nds4XzLOAoKytJsDOF46tHtF4OSIK2PpahGKuXrI_zITu0DgtCRm-aJ87NiXhtBReuSVdaqRk-22Oxq7txQn-1drI-q9XCtOA748NUKjieSv68ft3FgzgUoN86uDO0lyFvlXtKYyQlltX_fjDCTkm47GGWDPAJdjLHwAqZEXknWY33TCTycyz',
'id_token':
'eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiVWt3T010WnBZeHluN21wNS1aVjA3ZyIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiXzM0YTQ1MjUzMDQ0MjBhN2I5MzNiMjRlMDMwMzc1MWMwIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDUwNzUsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDg3MDksImlhdCI6MTU1NjU0NTEwOSwibm9uY2UiOiJFZnJTRjJ1WHhqTExRbE9uIn0.X_IAo4xyhE_dm3AkbMnrWvQ1S9LJDILONCbhGSocYxMcqAmnOd04PjE5xct9L2umgkr7LWFkUnJn1xzpVeYqys70zvgy4uBiB5WeSCqqJPfwtVAPXZ4TZ_ymhq1PCtTe98xRtH05hk7HtiF2BgnntH2q0iXToQ00WzEiQee0gabkf3ACrL8KA27TT_0mlMZiZOJqe5aSe_6rEZeRc95twP2cQ_HDLoCzc4s2_JmqV1QTNFTA7TZBkXVJWGxqh9AhcCdWhtkjK5kQjrg7BRSSTOBqI7WcvskliKKz1MJFPUswUab7qcy-MtrFoCkO_6nluzutsxHRDAdO3SkvQ8VkNg',
'state': 'AGPOYUlp75FisN2r', 'token_type': 'Bearer', 'expires_in': 600} |
4 | AuthorizationResponse | {
"access_token": "AAdzZWNyZXQxcqq-dd9zLYNYTT8NOcyNq0y9vjNHsyMm1DDhsYw8tWYnPyBYbdYMTZweJ1yf2n5PvFpNOxkeyT6c9BWSffEmxov5J7jBZN-p-TBolikSuyvEWlPfJ5iT7Twdm0ntIbKWcTqvtF7mHKQcRPsapjDtqiHPjKARIV967d0oYCaex00X_xhKmm8rtML96HQVf9SLqdusONIEq7s9lKZ9BHr6_LblJNMoPWM8G3TlHXxv0YosXbKe-8xJjZ5c-kdZUMQjVIXFueI7D6rhYqTJnacWFfuqJ2mvGWn_1YrvM9n2QifLU4-7i2yZ1n9Nds4XzLOAoKytJsDOF46tHtF4OSIK2PpahGKuXrI_zITu0DgtCRm-aJ87NiXhtBReuSVdaqRk-22Oxq7txQn-1drI-q9XCtOA748NUKjieSv68ft3FgzgUoN86uDO0lyFvlXtKYyQlltX_fjDCTkm47GGWDPAJdjLHwAqZEXknWY33TCTycyz",
"expires_in": 600,
"id_token": {
"acr": "password",
"at_hash": "UkwOMtZpYxyn7mp5-ZV07g",
"aud": [
"_34a4525304420a7b933b24e0303751c0"
],
"auth_time": 1556545075,
"exp": 1556548709,
"iat": 1556545109,
"iss": "https://testop.funet.fi",
"nonce": "EfrSF2uXxjLLQlOn",
"sub": "VUG4777YP3NMU5KRFESX6SKRAPXLE4MI"
},
"state": "AGPOYUlp75FisN2r",
"token_type": "Bearer"
}
|
4 | phase | <--<-- 4 --- AccessToken -->--> |
4 | phase | <--<-- 5 --- Note -->--> |
9 | phase | <--<-- 6 --- Webfinger -->--> |
9 | not expected to do | WebFinger |
9 | phase | <--<-- 7 --- Discovery -->--> |
9 | provider_config | kwargs:{'issuer': 'https://testop.funet.fi'}
|
10 | http response | url:https://testop.funet.fi/.well-known/openid-configuration status_code:200
|
10 | ProviderConfigurationResponse | {
"authorization_endpoint": "https://testop.funet.fi/idp/profile/oidc/authorize",
"claims_parameter_supported": true,
"claims_supported": [
"aud",
"iss",
"sub",
"iat",
"exp",
"acr",
"auth_time",
"email",
"email_verified",
"address",
"phone",
"phone_number_verified",
"name",
"family_name",
"given_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"gender",
"birthdate",
"zoneinfo",
"locale",
"updated_at"
],
"display_values_supported": [
"page"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"refresh_token"
],
"id_token_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP",
"RSA-OAEP-256",
"A128KW",
"A192KW",
"A256KW"
],
"id_token_encryption_enc_values_supported": [
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512",
"A128GCM",
"A192GCM",
"A256GCM"
],
"id_token_signing_alg_values_supported": [
"RS256",
"RS384",
"RS512",
"HS256",
"HS384",
"HS512",
"ES256"
],
"issuer": "https://testop.funet.fi",
"jwks_uri": "https://testop.funet.fi/idp/profile/oidc/keyset",
"registration_endpoint": "https://testop.funet.fi/idp/profile/oidc/register",
"request_object_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP",
"RSA-OAEP-256",
"A128KW",
"A192KW",
"A256KW"
],
"request_object_encryption_enc_values_supported": [
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512",
"A128GCM",
"A192GCM",
"A256GCM"
],
"request_object_signing_alg_values_supported": [
"none",
"RS256",
"RS384",
"RS512",
"HS256",
"HS384",
"HS512",
"ES256",
"ES384",
"ES512"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_modes_supported": [
"query",
"fragment",
"form_post"
],
"response_types_supported": [
"code",
"id_token",
"token id_token",
"code id_token",
"code token",
"code token id_token"
],
"scopes_supported": [
"openid",
"profile",
"email",
"address",
"phone",
"offline_access"
],
"subject_types_supported": [
"public",
"pairwise"
],
"token_endpoint": "https://testop.funet.fi/idp/profile/oidc/token",
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt"
],
"userinfo_encryption_alg_values_supported": [
"RSA1_5",
"RSA-OAEP",
"RSA-OAEP-256",
"A128KW",
"A192KW",
"A256KW"
],
"userinfo_encryption_enc_values_supported": [
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512",
"A128GCM",
"A192GCM",
"A256GCM"
],
"userinfo_endpoint": "https://testop.funet.fi/idp/profile/oidc/userinfo",
"userinfo_signing_alg_values_supported": [
"RS256",
"RS384",
"RS512",
"HS256",
"HS384",
"HS512",
"ES256"
],
"version": "3.0"
}
|
10 | phase | <--<-- 8 --- Registration -->--> |
10 | register | kwargs:{'response_types': ['id_token token'], 'grant_types': ['implicit'], 'application_name': 'OIC test tool', 'application_type': 'web', 'redirect_uris': ['https://op.certification.openid.net:60028/authz_cb'], 'contacts': ['roland@example.com'], 'post_logout_redirect_uris': ['https://op.certification.openid.net:60028/logout'], 'url': 'https://testop.funet.fi/idp/profile/oidc/register', 'jwks_uri': 'https://op.certification.openid.net:60028/static/jwks_60028.json', 'token_endpoint_auth_method': 'client_secret_basic'}
|
10 | RegistrationRequest | {
"application_type": "web",
"contacts": [
"roland@example.com"
],
"grant_types": [
"implicit"
],
"jwks_uri": "https://op.certification.openid.net:60028/static/jwks_60028.json",
"post_logout_redirect_uris": [
"https://op.certification.openid.net:60028/logout"
],
"redirect_uris": [
"https://op.certification.openid.net:60028/authz_cb"
],
"response_types": [
"id_token token"
],
"token_endpoint_auth_method": "client_secret_basic"
}
|
11 | http response | url:https://testop.funet.fi/idp/profile/oidc/register status_code:200
|
11 | RegistrationResponse | {
"application_type": "web",
"client_id": "_aed955276f39df05e7bb20c6edb415e3",
"client_id_issued_at": 1556545116,
"client_secret": "_04d65e1103652924ee89e0b8c585af97",
"client_secret_expires_at": 1588081115,
"contacts": [
"roland@example.com"
],
"grant_types": [
"implicit"
],
"id_token_signed_response_alg": "RS256",
"jwks_uri": "https://op.certification.openid.net:60028/static/jwks_60028.json",
"redirect_uris": [
"https://op.certification.openid.net:60028/authz_cb"
],
"response_types": [
"id_token token"
],
"scope": "openid profile email address phone offline_access",
"subject_type": "public",
"tls_client_certificate_bound_access_tokens": false,
"token_endpoint_auth_method": "client_secret_basic"
}
|
11 | phase | <--<-- 9 --- AsyncAuthn -->--> |
11 | AuthorizationRequest | {
"client_id": "_aed955276f39df05e7bb20c6edb415e3",
"max_age": 1,
"nonce": "sCwHyafoXSgEkWui",
"redirect_uri": "https://op.certification.openid.net:60028/authz_cb",
"response_type": "id_token token",
"scope": "openid",
"state": "O5wPyIgQXqW04wxk"
}
|
11 | redirect url | https://testop.funet.fi/idp/profile/oidc/authorize?state=O5wPyIgQXqW04wxk&nonce=sCwHyafoXSgEkWui&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&max_age=1&client_id=_aed955276f39df05e7bb20c6edb415e3 |
11 | redirect | https://testop.funet.fi/idp/profile/oidc/authorize?state=O5wPyIgQXqW04wxk&nonce=sCwHyafoXSgEkWui&response_type=id_token+token&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60028%2Fauthz_cb&max_age=1&client_id=_aed955276f39df05e7bb20c6edb415e3 |
18 | http args | {} |
18 | response | URL with fragment |
18 | response | access_token=AAdzZWNyZXQxpyyfs81w2hGhlmgLJsaD4-QhKgIxvJ9rcqkDMx6RfgrkOTzMCJuCb43G4AeVb0kMCSz7xY0ASQZkwiQaajpTWEB4mXbTmw9LjclZkrBBzwsNIRdEfrgwg4R-Yrcv4kFEFdUX1LBiTL_kvIQegYsb9_V3SZqdO6qMkSP2dBrdt_J3Dn9l2lULDWB4oyjiysXwN3i-wYvDAD5tu083x1ROFyTrXkGPbe7EQC47er2ZkhVN4id7GPTubCC8-chE_7rJOszSpT9F2GCwkD6LU5pcR2GWvlY6jk_UhZSNmON3t9vc0KEA-bnKt8Vhff5lYORQ_-23lyjqbJliv6t6ik9tHKOG4QzBU_4KWVOUMxR__Qf_atIdyantRhszwlFTl_JI3vc2OUGJHuiRVmhhZ86llKA-L8ppCa24b1DWcHdoTjcIelyQCrRecJeBVF8uUw8qfhzxcpvXhDgno4NFJnpT2_gv6IE6VrrQmeg1OG8p5tM&id_token=eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiRzYycWQ2TmJZdGlselFwZmh6NDk0QSIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiX2FlZDk1NTI3NmYzOWRmMDVlN2JiMjBjNmVkYjQxNWUzIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDUxMjEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDg3MjIsImlhdCI6MTU1NjU0NTEyMiwibm9uY2UiOiJzQ3dIeWFmb1hTZ0VrV3VpIn0.PHhPyHwbIvnJ8BZYEb6yZLTrOIKv0mQsoaR9Cl6zX5XYqusWzqbtlWycOHjKpZN-UuL0bvMU5h7gg3QeS5avvnRyKKtHfK3-L-YB_wlCz4Kg3-Ff_a6mhtvppmoaQDdBCB-38IDacMj9Bi4GEWD7eSLijchore6FFEwbFAIIPniqoXwmeJiWLt_R5ANTkho4omqfLbetOu8iLk3A9Zy_SZ-gKQF47ODSEg6Q7XGd5kVAQ8VcGVBG9hG2VH5HbSYE6ipnFjvh2uc1Pvh-w2ifT7SxYR_jrPy8C4XXCKPY2-_nsYO4sJssoVB_uvgjiTk-Q_J11bNNCPQUdbi1A_hy4Q&state=O5wPyIgQXqW04wxk&token_type=Bearer&expires_in=600 |
18 | response | {'access_token':
'AAdzZWNyZXQxpyyfs81w2hGhlmgLJsaD4-QhKgIxvJ9rcqkDMx6RfgrkOTzMCJuCb43G4AeVb0kMCSz7xY0ASQZkwiQaajpTWEB4mXbTmw9LjclZkrBBzwsNIRdEfrgwg4R-Yrcv4kFEFdUX1LBiTL_kvIQegYsb9_V3SZqdO6qMkSP2dBrdt_J3Dn9l2lULDWB4oyjiysXwN3i-wYvDAD5tu083x1ROFyTrXkGPbe7EQC47er2ZkhVN4id7GPTubCC8-chE_7rJOszSpT9F2GCwkD6LU5pcR2GWvlY6jk_UhZSNmON3t9vc0KEA-bnKt8Vhff5lYORQ_-23lyjqbJliv6t6ik9tHKOG4QzBU_4KWVOUMxR__Qf_atIdyantRhszwlFTl_JI3vc2OUGJHuiRVmhhZ86llKA-L8ppCa24b1DWcHdoTjcIelyQCrRecJeBVF8uUw8qfhzxcpvXhDgno4NFJnpT2_gv6IE6VrrQmeg1OG8p5tM',
'id_token':
'eyJraWQiOiJ0ZXN0a2V5UlMiLCJhbGciOiJSUzI1NiJ9.eyJhdF9oYXNoIjoiRzYycWQ2TmJZdGlselFwZmh6NDk0QSIsInN1YiI6IlZVRzQ3NzdZUDNOTVU1S1JGRVNYNlNLUkFQWExFNE1JIiwiYXVkIjoiX2FlZDk1NTI3NmYzOWRmMDVlN2JiMjBjNmVkYjQxNWUzIiwiYWNyIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE1NTY1NDUxMjEsImlzcyI6Imh0dHBzOlwvXC90ZXN0b3AuZnVuZXQuZmkiLCJleHAiOjE1NTY1NDg3MjIsImlhdCI6MTU1NjU0NTEyMiwibm9uY2UiOiJzQ3dIeWFmb1hTZ0VrV3VpIn0.PHhPyHwbIvnJ8BZYEb6yZLTrOIKv0mQsoaR9Cl6zX5XYqusWzqbtlWycOHjKpZN-UuL0bvMU5h7gg3QeS5avvnRyKKtHfK3-L-YB_wlCz4Kg3-Ff_a6mhtvppmoaQDdBCB-38IDacMj9Bi4GEWD7eSLijchore6FFEwbFAIIPniqoXwmeJiWLt_R5ANTkho4omqfLbetOu8iLk3A9Zy_SZ-gKQF47ODSEg6Q7XGd5kVAQ8VcGVBG9hG2VH5HbSYE6ipnFjvh2uc1Pvh-w2ifT7SxYR_jrPy8C4XXCKPY2-_nsYO4sJssoVB_uvgjiTk-Q_J11bNNCPQUdbi1A_hy4Q',
'state': 'O5wPyIgQXqW04wxk', 'token_type': 'Bearer', 'expires_in': 600} |
18 | AuthorizationResponse | {
"access_token": "AAdzZWNyZXQxpyyfs81w2hGhlmgLJsaD4-QhKgIxvJ9rcqkDMx6RfgrkOTzMCJuCb43G4AeVb0kMCSz7xY0ASQZkwiQaajpTWEB4mXbTmw9LjclZkrBBzwsNIRdEfrgwg4R-Yrcv4kFEFdUX1LBiTL_kvIQegYsb9_V3SZqdO6qMkSP2dBrdt_J3Dn9l2lULDWB4oyjiysXwN3i-wYvDAD5tu083x1ROFyTrXkGPbe7EQC47er2ZkhVN4id7GPTubCC8-chE_7rJOszSpT9F2GCwkD6LU5pcR2GWvlY6jk_UhZSNmON3t9vc0KEA-bnKt8Vhff5lYORQ_-23lyjqbJliv6t6ik9tHKOG4QzBU_4KWVOUMxR__Qf_atIdyantRhszwlFTl_JI3vc2OUGJHuiRVmhhZ86llKA-L8ppCa24b1DWcHdoTjcIelyQCrRecJeBVF8uUw8qfhzxcpvXhDgno4NFJnpT2_gv6IE6VrrQmeg1OG8p5tM",
"expires_in": 600,
"id_token": {
"acr": "password",
"at_hash": "G62qd6NbYtilzQpfhz494A",
"aud": [
"_aed955276f39df05e7bb20c6edb415e3"
],
"auth_time": 1556545121,
"exp": 1556548722,
"iat": 1556545122,
"iss": "https://testop.funet.fi",
"nonce": "sCwHyafoXSgEkWui",
"sub": "VUG4777YP3NMU5KRFESX6SKRAPXLE4MI"
},
"state": "O5wPyIgQXqW04wxk",
"token_type": "Bearer"
}
|
18 | phase | <--<-- 10 --- AccessToken -->--> |
18 | phase | <--<-- 11 --- Done -->--> |
18 | end | |
18 | assertion | ClaimsCheck |
18 | condition | claims-check: status=OK [Checks if specific claims is present or not] |
18 | assertion | AuthTimeCheck |
18 | condition | auth_time-check: status=OK [Check that the auth_time returned in the ID Token is in the expected range.] |
18 | assertion | MultipleSignOn |
18 | condition | multiple-sign-on: status=OK [Verifies that multiple authentications was used in the flow] |
18 | assertion | VerifyResponse |
18 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
18 | condition | Done: status=OK |