0 | phase | <--<-- 0 --- Note -->--> |
4 | phase | <--<-- 1 --- Webfinger -->--> |
4 | not expected to do | WebFinger |
4 | phase | <--<-- 2 --- Discovery -->--> |
4 | provider_config | kwargs:{'issuer': 'https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest'}
|
4 | http response | url:https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest/.well-known/openid-configuration status_code:200
|
4 | ProviderConfigurationResponse | {
"acr_values_supported": [
"loginradius:nist:level:1:re-auth"
],
"authorization_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/authorize",
"backchannel_logout_session_supported": false,
"backchannel_logout_supported": false,
"claims_parameter_supported": false,
"claims_supported": [
"family_name",
"locale",
"updated_at",
"acr",
"CustomFields.customerid",
"Uid",
"middle_name",
"profile",
"phone_number_verified",
"name",
"given_name",
"nickname",
"picture",
"birthdate",
"Country",
"Favicon",
"address",
"preferred_username",
"LastName",
"email_verified",
"auth_time",
"UserName",
"email",
"phone_number",
"website",
"FirstName",
"gender",
"zoneinfo"
],
"frontchannel_logout_session_supported": false,
"frontchannel_logout_supported": false,
"grant_types_supported": [
"authorization_code",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest",
"jwks_uri": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest/jwks",
"request_parameter_supported": false,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_modes_supported": [
"query",
"form_post",
"fragment"
],
"response_types_supported": [
"code",
"token",
"id_token",
"code token",
"code id_token",
"token id_token",
"code token id_token"
],
"revocation_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/revoke",
"scopes_supported": [
"openid",
"email",
"phone",
"profile",
"address"
],
"subject_types_supported": [
"public"
],
"token_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic"
],
"userinfo_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest/userinfo",
"version": "3.0"
}
|
4 | phase | <--<-- 3 --- Registration -->--> |
4 | not expected to do | Dynamic registration |
4 | phase | <--<-- 4 --- AsyncAuthn -->--> |
4 | AuthorizationRequest | {
"client_id": "112563f6-1480-40b8-8e28-e072ca212c82",
"nonce": "fIr8aYVunElSB1KB",
"redirect_uri": "https://op.certification.openid.net:61949/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "OZfv8KsvXkJ5ysdN"
}
|
4 | redirect url | https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/authorize?state=OZfv8KsvXkJ5ysdN&nonce=fIr8aYVunElSB1KB&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61949%2Fauthz_cb&client_id=112563f6-1480-40b8-8e28-e072ca212c82 |
4 | redirect | https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/authorize?state=OZfv8KsvXkJ5ysdN&nonce=fIr8aYVunElSB1KB&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61949%2Fauthz_cb&client_id=112563f6-1480-40b8-8e28-e072ca212c82 |
21 | response | Response URL with query part |
21 | response | {'state': 'OZfv8KsvXkJ5ysdN', 'code': 'c29afec3143e88c2dcfa0782125a6324:e19309a2a5e2662828ad1252680ee1eb38028b0eb000282c3cc2d31780019cf0bbb7731aa892c9701f2aec6098acf73093fd3435247352dd9cb2df96a8eeafe2d72a3889ae60dbfd5cf577972b6c3b132942ab08d51195145dc52fdb3f7a9a5cb2b78d64d52963fbfdab2fbb1bda44fc'} |
21 | response | {'state': 'OZfv8KsvXkJ5ysdN', 'code': 'c29afec3143e88c2dcfa0782125a6324:e19309a2a5e2662828ad1252680ee1eb38028b0eb000282c3cc2d31780019cf0bbb7731aa892c9701f2aec6098acf73093fd3435247352dd9cb2df96a8eeafe2d72a3889ae60dbfd5cf577972b6c3b132942ab08d51195145dc52fdb3f7a9a5cb2b78d64d52963fbfdab2fbb1bda44fc'} |
21 | AuthorizationResponse | {
"code": "c29afec3143e88c2dcfa0782125a6324:e19309a2a5e2662828ad1252680ee1eb38028b0eb000282c3cc2d31780019cf0bbb7731aa892c9701f2aec6098acf73093fd3435247352dd9cb2df96a8eeafe2d72a3889ae60dbfd5cf577972b6c3b132942ab08d51195145dc52fdb3f7a9a5cb2b78d64d52963fbfdab2fbb1bda44fc",
"state": "OZfv8KsvXkJ5ysdN"
}
|
21 | phase | <--<-- 5 --- AccessToken -->--> |
21 | request | op_args: {'state': 'OZfv8KsvXkJ5ysdN'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61949/authz_cb'} |
21 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61949/authz_cb', 'code': 'c29afec3143e88c2dcfa0782125a6324:e19309a2a5e2662828ad1252680ee1eb38028b0eb000282c3cc2d31780019cf0bbb7731aa892c9701f2aec6098acf73093fd3435247352dd9cb2df96a8eeafe2d72a3889ae60dbfd5cf577972b6c3b132942ab08d51195145dc52fdb3f7a9a5cb2b78d64d52963fbfdab2fbb1bda44fc', 'state': 'OZfv8KsvXkJ5ysdN', 'grant_type': 'authorization_code', 'client_id': '112563f6-1480-40b8-8e28-e072ca212c82'}, 'state': 'OZfv8KsvXkJ5ysdN', 'authn_method': 'client_secret_basic'}
|
21 | AccessTokenRequest | {
"code": "c29afec3143e88c2dcfa0782125a6324:e19309a2a5e2662828ad1252680ee1eb38028b0eb000282c3cc2d31780019cf0bbb7731aa892c9701f2aec6098acf73093fd3435247352dd9cb2df96a8eeafe2d72a3889ae60dbfd5cf577972b6c3b132942ab08d51195145dc52fdb3f7a9a5cb2b78d64d52963fbfdab2fbb1bda44fc",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61949/authz_cb",
"state": "OZfv8KsvXkJ5ysdN"
}
|
21 | request_url | https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token |
21 | request_http_args | {'headers': {'Authorization': 'Basic MTEyNTYzZjYtMTQ4MC00MGI4LThlMjgtZTA3MmNhMjEyYzgyOjc4ZDNkYmUzLTEwZDEtNDk3Yi05MzU3LThlZWQ0NTkzMzYzZA==', 'Content-Type': 'application/x-www-form-urlencoded'}} |
21 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61949%2Fauthz_cb&code=c29afec3143e88c2dcfa0782125a6324%3Ae19309a2a5e2662828ad1252680ee1eb38028b0eb000282c3cc2d31780019cf0bbb7731aa892c9701f2aec6098acf73093fd3435247352dd9cb2df96a8eeafe2d72a3889ae60dbfd5cf577972b6c3b132942ab08d51195145dc52fdb3f7a9a5cb2b78d64d52963fbfdab2fbb1bda44fc&state=OZfv8KsvXkJ5ysdN |
21 | http response | url:https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token status_code:200
|
21 | response | {'access_token': 'f6d11c35-4b94-45af-9cc8-d31549c34e93', 'token_type': 'Bearer', 'refresh_token': 'f03ab11a-c68d-4b2f-ac6f-9a3f72d80954', 'expires_in': 893, 'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IjIwMSIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjp7ImNvdW50cnkiOm51bGwsImxvY2FsaXR5IjpudWxsLCJwb3N0YWxfY29kZSI6bnVsbCwicmVnaW9uIjpudWxsLCJzdHJlZXRfYWRkcmVzcyI6bnVsbH0sImFzZGZnaCI6IiIsImF1ZCI6IjExMjU2M2Y2LTE0ODAtNDBiOC04ZTI4LWUwNzJjYTIxMmM4MiIsImF1dGhfdGltZSI6MTU5NDI3OTA5MCwiYmlydGhkYXRlIjoiMTk4Ny0wNy0wOCIsImNfaGFzaCI6ImxiSDJhUlpHeFlhODlMNkdQTnVRZHciLCJjb3VudHJ5IjpudWxsLCJlbWFpbCI6W3siVHlwZSI6IlByaW1hcnkiLCJWYWx1ZSI6ImNsb3Vkc3NvdGVzdEBtYWlsYXp5LmNvbSJ9XSwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV4cCI6MTU5NDI3OTY5NiwiZmFtaWx5X25hbWUiOiJ0ZXNydCIsImZhdmljb24xIjpudWxsLCJmbmFtZSI6ImNsb3Vkc3NvdCIsImdlbmRlciI6bnVsbCwiZ2l2ZW5fbmFtZSI6ImNsb3Vkc3NvdCIsImlhdCI6MTU5NDI3OTA5NiwiaXNzIjoiaHR0cHM6Ly9jbG91ZC1hcGkubG9naW5yYWRpdXMuY29tL3Nzby9vaWRjL3YyL2ludGVybmFsLW1heWFuay9vaWRjdGVzdCIsImp0aSI6ImEwNzMzODhhLTg3NTgtNGMzOC1iNzllLWUyYTQxYjIxMDZmMCIsImxuYW1lIjoidGVzcnQiLCJsb2NhbGUiOm51bGwsIm1pZGRsZV9uYW1lIjpudWxsLCJuYW1lIjoiY2xvdWRzc290IHRlc3J0IiwibmJmIjoxNTk0Mjc5MDk2LCJuaWNrbmFtZSI6bnVsbCwibm9uY2UiOiJmSXI4YVlWdW5FbFNCMUtCIiwicGhvbmVfbnVtYmVyIjoiKzE5MDI5MDk1NzE0IiwicGhvbmVfbnVtYmVyX3ZlcmlmaWVkIjp0cnVlLCJwaWN0dXJlIjpudWxsLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJjbG91ZHNzb3Rlc3QiLCJwcm9maWxlIjpudWxsLCJzdWIiOiIwYjdmOTQ1YjhjNWY0YTM2YTM1YmY0OWY3MjM5YmZhNCIsInVpZCI6IjBiN2Y5NDViOGM1ZjRhMzZhMzViZjQ5ZjcyMzliZmE0IiwidXBkYXRlZF9hdCI6MTU2Mzg4NTEwOSwidXNlcm5hbWUiOiJjbG91ZHNzb3Rlc3QiLCJ3ZWJzaXRlIjpudWxsLCJ6b25laW5mbyI6bnVsbH0.deCihDvl65tAsMo8uASAJPGuhqTqJuF_dp58bMhAt5wJE7Ve7afGET8HnJlBabEbvcbSeoFsB57bCxtrUYma_B0-VCQkHTvgRy8y80pMjemklBvpNrQHOMENEp44qK6gFqfALM2WCyVCvLzYVewdGFjRWJGIKn-2taJ3z0XS392VA7JvDsusE0KIowd46YqVe47htH7mzQPIsggLqeW1D35sFRcyZtZkAC5gY9cSoQu5eRsrlK_5DdGCTckuVT9eby6r1ix_UXQF4DzoUP25ZvHkDzDo4aQledYL7cvgF68tYkzQHBQ3nSqwO7yzEgdUNlDmC2El8R519nGvhWWd_Q'} |
21 | AccessTokenResponse | {
"access_token": "f6d11c35-4b94-45af-9cc8-d31549c34e93",
"expires_in": 893,
"id_token": {
"address": {
"country": null,
"locality": null,
"postal_code": null,
"region": null,
"street_address": null
},
"aud": [
"112563f6-1480-40b8-8e28-e072ca212c82"
],
"auth_time": 1594279090,
"birthdate": "1987-07-08",
"c_hash": "lbH2aRZGxYa89L6GPNuQdw",
"country": null,
"email": {
"Type": "Primary",
"Value": "cloudssotest@mailazy.com"
},
"email_verified": true,
"exp": 1594279696,
"family_name": "tesrt",
"favicon1": null,
"fname": "cloudssot",
"gender": null,
"given_name": "cloudssot",
"iat": 1594279096,
"iss": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest",
"jti": "a073388a-8758-4c38-b79e-e2a41b2106f0",
"lname": "tesrt",
"locale": null,
"middle_name": null,
"name": "cloudssot tesrt",
"nbf": 1594279096,
"nickname": null,
"nonce": "fIr8aYVunElSB1KB",
"phone_number": "+19029095714",
"phone_number_verified": true,
"picture": null,
"preferred_username": "cloudssotest",
"profile": null,
"sub": "0b7f945b8c5f4a36a35bf49f7239bfa4",
"uid": "0b7f945b8c5f4a36a35bf49f7239bfa4",
"updated_at": 1563885109,
"username": "cloudssotest",
"website": null,
"zoneinfo": null
},
"refresh_token": "f03ab11a-c68d-4b2f-ac6f-9a3f72d80954",
"token_type": "Bearer"
}
|
21 | jws header | {'alg': 'RS256', 'kid': '201', 'typ': 'JWT'} |
21 | phase | <--<-- 6 --- TimeDelay -->--> |
51 | phase | <--<-- 7 --- AccessToken -->--> |
51 | request | op_args: {'state': 'OZfv8KsvXkJ5ysdN'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61949/authz_cb'} |
51 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61949/authz_cb', 'code': 'c29afec3143e88c2dcfa0782125a6324:e19309a2a5e2662828ad1252680ee1eb38028b0eb000282c3cc2d31780019cf0bbb7731aa892c9701f2aec6098acf73093fd3435247352dd9cb2df96a8eeafe2d72a3889ae60dbfd5cf577972b6c3b132942ab08d51195145dc52fdb3f7a9a5cb2b78d64d52963fbfdab2fbb1bda44fc', 'state': 'OZfv8KsvXkJ5ysdN', 'grant_type': 'authorization_code', 'client_id': '112563f6-1480-40b8-8e28-e072ca212c82'}, 'state': 'OZfv8KsvXkJ5ysdN', 'authn_method': 'client_secret_basic'}
|
51 | AccessTokenRequest | {
"code": "c29afec3143e88c2dcfa0782125a6324:e19309a2a5e2662828ad1252680ee1eb38028b0eb000282c3cc2d31780019cf0bbb7731aa892c9701f2aec6098acf73093fd3435247352dd9cb2df96a8eeafe2d72a3889ae60dbfd5cf577972b6c3b132942ab08d51195145dc52fdb3f7a9a5cb2b78d64d52963fbfdab2fbb1bda44fc",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61949/authz_cb",
"state": "OZfv8KsvXkJ5ysdN"
}
|
51 | request_url | https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token |
51 | request_http_args | {'headers': {'Authorization': 'Basic MTEyNTYzZjYtMTQ4MC00MGI4LThlMjgtZTA3MmNhMjEyYzgyOjc4ZDNkYmUzLTEwZDEtNDk3Yi05MzU3LThlZWQ0NTkzMzYzZA==', 'Content-Type': 'application/x-www-form-urlencoded'}} |
51 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61949%2Fauthz_cb&code=c29afec3143e88c2dcfa0782125a6324%3Ae19309a2a5e2662828ad1252680ee1eb38028b0eb000282c3cc2d31780019cf0bbb7731aa892c9701f2aec6098acf73093fd3435247352dd9cb2df96a8eeafe2d72a3889ae60dbfd5cf577972b6c3b132942ab08d51195145dc52fdb3f7a9a5cb2b78d64d52963fbfdab2fbb1bda44fc&state=OZfv8KsvXkJ5ysdN |
51 | http response | url:https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token status_code:400 message:{"error":"invalid_grant","error_description":"The code is already used"}
|
51 | response | {'error': 'invalid_grant', 'error_description': 'The code is already used'} |
51 | event | Got expected error |
51 | TokenErrorResponse | {
"error": "invalid_grant",
"error_description": "The code is already used"
}
|
51 | phase | <--<-- 8 --- Done -->--> |
51 | end | |
51 | assertion | CheckHTTPErrorResponse |
51 | condition | check-http-error-response: status=OK [Checks that an error code is either 400 or 401 which are the only ones accepted by OAuth2/OIDC.] |
51 | assertion | VerifyResponse |
51 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
51 | condition | Done: status=OK |