0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | not expected to do | Dynamic discovery |
0 | phase | <--<-- 2 --- Registration -->--> |
0 | not expected to do | Dynamic registration |
0 | phase | <--<-- 3 --- AsyncAuthn -->--> |
0 | AuthorizationRequest | {
"client_id": "oidcConformance_clientId",
"nonce": "ERZGI03o6E6sGlva",
"redirect_uri": "https://op.certification.openid.net:60272/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "nCAXLK2cSlef667E"
}
|
0 | redirect url | https://oidc-test.ergon.ch/auth-oidc/oauth2/oidcConformance_clientId?state=nCAXLK2cSlef667E&nonce=ERZGI03o6E6sGlva&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60272%2Fauthz_cb&client_id=oidcConformance_clientId |
0 | redirect | https://oidc-test.ergon.ch/auth-oidc/oauth2/oidcConformance_clientId?state=nCAXLK2cSlef667E&nonce=ERZGI03o6E6sGlva&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60272%2Fauthz_cb&client_id=oidcConformance_clientId |
0 | response | Response URL with query part |
0 | response | {'code': 'cP8wOXhN9y0-KaRtlOGL6f_WrGU~v2WWvMj_gYNrwTXb1I_6IA5B1uyDELLOoncmXz07', 'state': 'nCAXLK2cSlef667E'} |
0 | response | {'code': 'cP8wOXhN9y0-KaRtlOGL6f_WrGU~v2WWvMj_gYNrwTXb1I_6IA5B1uyDELLOoncmXz07', 'state': 'nCAXLK2cSlef667E'} |
0 | AuthorizationResponse | {
"code": "cP8wOXhN9y0-KaRtlOGL6f_WrGU~v2WWvMj_gYNrwTXb1I_6IA5B1uyDELLOoncmXz07",
"state": "nCAXLK2cSlef667E"
}
|
0 | phase | <--<-- 4 --- AccessToken -->--> |
0 | request | op_args: {'state': 'nCAXLK2cSlef667E'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:60272/authz_cb'} |
0 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:60272/authz_cb', 'code': 'cP8wOXhN9y0-KaRtlOGL6f_WrGU~v2WWvMj_gYNrwTXb1I_6IA5B1uyDELLOoncmXz07', 'state': 'nCAXLK2cSlef667E', 'grant_type': 'authorization_code', 'client_id': 'oidcConformance_clientId'}, 'state': 'nCAXLK2cSlef667E', 'authn_method': 'client_secret_basic'}
|
0 | AccessTokenRequest | {
"code": "cP8wOXhN9y0-KaRtlOGL6f_WrGU~v2WWvMj_gYNrwTXb1I_6IA5B1uyDELLOoncmXz07",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:60272/authz_cb",
"state": "nCAXLK2cSlef667E"
}
|
0 | request_url | https://oidc-test.ergon.ch/auth-oidc/oauth2/oidcConformance_clientId |
0 | request_http_args | {'headers': {'Authorization': 'Basic b2lkY0NvbmZvcm1hbmNlX2NsaWVudElkOml4MG9vQ2hlX2VlcmUxTXVrX29vamVpOUllX0VpdGhhaTRq', 'Content-Type': 'application/x-www-form-urlencoded'}} |
0 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60272%2Fauthz_cb&code=cP8wOXhN9y0-KaRtlOGL6f_WrGU%7Ev2WWvMj_gYNrwTXb1I_6IA5B1uyDELLOoncmXz07&state=nCAXLK2cSlef667E |
1 | http response | url:https://oidc-test.ergon.ch/auth-oidc/oauth2/oidcConformance_clientId status_code:200
|
1 | response | {'access_token': 'hIUEd8In1E2szwZOuIEjWkIW2vE~WTL8vuzrRfHl8_aaHDb_g0Er3HDCkE2nihFKpJ0k', 'refresh_token': 'i5bx8rdo-nJG9TfX13NqhHRqEPc~tSijce5S9zX_fwd4PS7NdGuSeZaRTJ_pdbvMFxGE', 'id_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJtaWtlIiwiYXVkIjoib2lkY0NvbmZvcm1hbmNlX2NsaWVudElkIiwiYXV0aF90aW1lIjoxNTgwNzQ4NTM2LCJpc3MiOiJodHRwczpcL1wvb2lkYy10ZXN0LmVyZ29uLmNoIiwiZXhwIjoxNTgwNzQ4ODEyLCJpYXQiOjE1ODA3NDg2OTIsIm5vbmNlIjoiRVJaR0kwM282RTZzR2x2YSJ9.KAaIdznNboAr_mLULPpshFLw2pCyTtZmQPyi0xfdSYY', 'token_type': 'bearer', 'expires_in': 179} |
1 | AccessTokenResponse | {
"access_token": "hIUEd8In1E2szwZOuIEjWkIW2vE~WTL8vuzrRfHl8_aaHDb_g0Er3HDCkE2nihFKpJ0k",
"expires_in": 179,
"id_token": {
"aud": [
"oidcConformance_clientId"
],
"auth_time": 1580748536,
"exp": 1580748812,
"iat": 1580748692,
"iss": "https://oidc-test.ergon.ch",
"nonce": "ERZGI03o6E6sGlva",
"sub": "mike"
},
"refresh_token": "i5bx8rdo-nJG9TfX13NqhHRqEPc~tSijce5S9zX_fwd4PS7NdGuSeZaRTJ_pdbvMFxGE",
"token_type": "bearer"
}
|
1 | jws header | {'typ': 'JWT', 'alg': 'HS256'} |
1 | phase | <--<-- 5 --- AsyncAuthn -->--> |
1 | AuthorizationRequest | {
"client_id": "oidcConformance_clientId",
"nonce": "Mj8pdBDRBJ4kDRgQ",
"prompt": [
"none"
],
"redirect_uri": "https://op.certification.openid.net:60272/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "8Hu05VSPxndNLTcl"
}
|
1 | redirect url | https://oidc-test.ergon.ch/auth-oidc/oauth2/oidcConformance_clientId?state=8Hu05VSPxndNLTcl&nonce=Mj8pdBDRBJ4kDRgQ&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60272%2Fauthz_cb&prompt=none&client_id=oidcConformance_clientId |
1 | redirect | https://oidc-test.ergon.ch/auth-oidc/oauth2/oidcConformance_clientId?state=8Hu05VSPxndNLTcl&nonce=Mj8pdBDRBJ4kDRgQ&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60272%2Fauthz_cb&prompt=none&client_id=oidcConformance_clientId |
2 | response | Response URL with query part |
2 | response | {'code': 'WsNEYXzq2xxdvam1tZLFBZGYxNw~zBdKn1qR5TWHuCxhJOLtZo5hxwEYjonhztFyrszh', 'state': '8Hu05VSPxndNLTcl'} |
2 | response | {'code': 'WsNEYXzq2xxdvam1tZLFBZGYxNw~zBdKn1qR5TWHuCxhJOLtZo5hxwEYjonhztFyrszh', 'state': '8Hu05VSPxndNLTcl'} |
2 | AuthorizationResponse | {
"code": "WsNEYXzq2xxdvam1tZLFBZGYxNw~zBdKn1qR5TWHuCxhJOLtZo5hxwEYjonhztFyrszh",
"state": "8Hu05VSPxndNLTcl"
}
|
2 | phase | <--<-- 6 --- AccessToken -->--> |
2 | request | op_args: {'state': '8Hu05VSPxndNLTcl'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:60272/authz_cb'} |
2 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:60272/authz_cb', 'code': 'WsNEYXzq2xxdvam1tZLFBZGYxNw~zBdKn1qR5TWHuCxhJOLtZo5hxwEYjonhztFyrszh', 'state': '8Hu05VSPxndNLTcl', 'grant_type': 'authorization_code', 'client_id': 'oidcConformance_clientId'}, 'state': '8Hu05VSPxndNLTcl', 'authn_method': 'client_secret_basic'}
|
2 | AccessTokenRequest | {
"code": "WsNEYXzq2xxdvam1tZLFBZGYxNw~zBdKn1qR5TWHuCxhJOLtZo5hxwEYjonhztFyrszh",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:60272/authz_cb",
"state": "8Hu05VSPxndNLTcl"
}
|
2 | request_url | https://oidc-test.ergon.ch/auth-oidc/oauth2/oidcConformance_clientId |
2 | request_http_args | {'headers': {'Authorization': 'Basic b2lkY0NvbmZvcm1hbmNlX2NsaWVudElkOml4MG9vQ2hlX2VlcmUxTXVrX29vamVpOUllX0VpdGhhaTRq', 'Content-Type': 'application/x-www-form-urlencoded'}} |
2 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A60272%2Fauthz_cb&code=WsNEYXzq2xxdvam1tZLFBZGYxNw%7EzBdKn1qR5TWHuCxhJOLtZo5hxwEYjonhztFyrszh&state=8Hu05VSPxndNLTcl |
2 | http response | url:https://oidc-test.ergon.ch/auth-oidc/oauth2/oidcConformance_clientId status_code:200
|
2 | response | {'access_token': '6F4h-zKOHSY3eKrgh1OkxSfsGt0~7zCuGdSC7wTUp-x0rzFJnL_ZQXGSMVRo_ADEvOMn', 'refresh_token': 'ifEsEUM0-_8gVLmPqQMU2W9czvI~q6-GZmP1izDOA20AQvjLLet6henjgVmRQGkbMX7L', 'id_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJtaWtlIiwiYXVkIjoib2lkY0NvbmZvcm1hbmNlX2NsaWVudElkIiwiYXV0aF90aW1lIjoxNTgwNzQ4NTM2LCJpc3MiOiJodHRwczpcL1wvb2lkYy10ZXN0LmVyZ29uLmNoIiwiZXhwIjoxNTgwNzQ4ODE0LCJpYXQiOjE1ODA3NDg2OTQsIm5vbmNlIjoiTWo4cGRCRFJCSjRrRFJnUSJ9.Br-erbs-LFzRtQY-YDelLiSTKStnc9QZ2aMo1lpGI2g', 'token_type': 'bearer', 'expires_in': 179} |
2 | AccessTokenResponse | {
"access_token": "6F4h-zKOHSY3eKrgh1OkxSfsGt0~7zCuGdSC7wTUp-x0rzFJnL_ZQXGSMVRo_ADEvOMn",
"expires_in": 179,
"id_token": {
"aud": [
"oidcConformance_clientId"
],
"auth_time": 1580748536,
"exp": 1580748814,
"iat": 1580748694,
"iss": "https://oidc-test.ergon.ch",
"nonce": "Mj8pdBDRBJ4kDRgQ",
"sub": "mike"
},
"refresh_token": "ifEsEUM0-_8gVLmPqQMU2W9czvI~q6-GZmP1izDOA20AQvjLLet6henjgVmRQGkbMX7L",
"token_type": "bearer"
}
|
2 | jws header | {'typ': 'JWT', 'alg': 'HS256'} |
2 | phase | <--<-- 7 --- Done -->--> |
2 | end | |
2 | assertion | SameAuthn |
2 | condition | same-authn: status=OK [Verifies that the same authentication was used twice in the flow.] |
2 | assertion | VerifyResponse |
2 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
2 | condition | Done: status=OK |