0 | phase | <--<-- 0 --- Webfinger -->--> |
0 | not expected to do | WebFinger |
0 | phase | <--<-- 1 --- Discovery -->--> |
0 | provider_config | kwargs:{'issuer': 'https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest'}
|
0 | http response | url:https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest/.well-known/openid-configuration status_code:200
|
0 | ProviderConfigurationResponse | {
"acr_values_supported": [
"loginradius:nist:level:1:re-auth"
],
"authorization_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/authorize",
"backchannel_logout_session_supported": false,
"backchannel_logout_supported": false,
"claims_parameter_supported": false,
"claims_supported": [
"middle_name",
"profile",
"Country",
"Favicon",
"phone_number_verified",
"name",
"given_name",
"nickname",
"picture",
"birthdate",
"address",
"preferred_username",
"LastName",
"email_verified",
"auth_time",
"UserName",
"email",
"phone_number",
"website",
"FirstName",
"gender",
"zoneinfo",
"family_name",
"locale",
"updated_at",
"acr",
"CustomFields.customerid",
"Uid"
],
"frontchannel_logout_session_supported": false,
"frontchannel_logout_supported": false,
"grant_types_supported": [
"authorization_code",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest",
"jwks_uri": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest/jwks",
"request_parameter_supported": false,
"request_uri_parameter_supported": true,
"require_request_uri_registration": false,
"response_modes_supported": [
"query",
"form_post",
"fragment"
],
"response_types_supported": [
"code",
"token",
"id_token",
"code token",
"code id_token",
"token id_token",
"code token id_token"
],
"revocation_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/revoke",
"scopes_supported": [
"openid",
"email",
"phone",
"profile",
"address"
],
"subject_types_supported": [
"public"
],
"token_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic"
],
"userinfo_endpoint": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest/userinfo",
"version": "3.0"
}
|
0 | phase | <--<-- 2 --- Registration -->--> |
0 | not expected to do | Dynamic registration |
0 | phase | <--<-- 3 --- Note -->--> |
3 | phase | <--<-- 4 --- AsyncAuthn -->--> |
3 | AuthorizationRequest | {
"client_id": "112563f6-1480-40b8-8e28-e072ca212c82",
"nonce": "HPSVvFSCM9tAC8dQ",
"redirect_uri": "https://op.certification.openid.net:61949/authz_cb",
"response_type": "code",
"scope": "openid",
"state": "bhik7Kao5pFTcz8O"
}
|
3 | redirect url | https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/authorize?state=bhik7Kao5pFTcz8O&nonce=HPSVvFSCM9tAC8dQ&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61949%2Fauthz_cb&client_id=112563f6-1480-40b8-8e28-e072ca212c82 |
3 | redirect | https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/authorize?state=bhik7Kao5pFTcz8O&nonce=HPSVvFSCM9tAC8dQ&response_type=code&scope=openid&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61949%2Fauthz_cb&client_id=112563f6-1480-40b8-8e28-e072ca212c82 |
10 | response | Response URL with query part |
10 | response | {'state': 'bhik7Kao5pFTcz8O', 'code': '51e0bf4aa141a055b3b7b62cdf899e59:ab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a'} |
10 | response | {'state': 'bhik7Kao5pFTcz8O', 'code': '51e0bf4aa141a055b3b7b62cdf899e59:ab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a'} |
10 | AuthorizationResponse | {
"code": "51e0bf4aa141a055b3b7b62cdf899e59:ab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a",
"state": "bhik7Kao5pFTcz8O"
}
|
10 | phase | <--<-- 5 --- AccessToken -->--> |
10 | request | op_args: {'state': 'bhik7Kao5pFTcz8O'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61949/authz_cb'} |
10 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61949/authz_cb', 'code': '51e0bf4aa141a055b3b7b62cdf899e59:ab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a', 'state': 'bhik7Kao5pFTcz8O', 'grant_type': 'authorization_code', 'client_id': '112563f6-1480-40b8-8e28-e072ca212c82'}, 'state': 'bhik7Kao5pFTcz8O', 'authn_method': 'client_secret_basic'}
|
10 | AccessTokenRequest | {
"code": "51e0bf4aa141a055b3b7b62cdf899e59:ab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61949/authz_cb",
"state": "bhik7Kao5pFTcz8O"
}
|
10 | request_url | https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token |
10 | request_http_args | {'headers': {'Authorization': 'Basic MTEyNTYzZjYtMTQ4MC00MGI4LThlMjgtZTA3MmNhMjEyYzgyOjc4ZDNkYmUzLTEwZDEtNDk3Yi05MzU3LThlZWQ0NTkzMzYzZA==', 'Content-Type': 'application/x-www-form-urlencoded'}} |
10 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61949%2Fauthz_cb&code=51e0bf4aa141a055b3b7b62cdf899e59%3Aab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a&state=bhik7Kao5pFTcz8O |
10 | http response | url:https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token status_code:200
|
10 | response | {'access_token': '236d0abb-83b2-4f19-80ee-6ea4f05649f3', 'token_type': 'Bearer', 'refresh_token': '132e1e7d-18c5-4972-9c53-840c1d921835', 'expires_in': 843, 'id_token': 'eyJhbGciOiJSUzI1NiIsImtpZCI6IjIwMSIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjp7ImNvdW50cnkiOm51bGwsImxvY2FsaXR5IjpudWxsLCJwb3N0YWxfY29kZSI6bnVsbCwicmVnaW9uIjpudWxsLCJzdHJlZXRfYWRkcmVzcyI6bnVsbH0sImFzZGZnaCI6IiIsImF1ZCI6IjExMjU2M2Y2LTE0ODAtNDBiOC04ZTI4LWUwNzJjYTIxMmM4MiIsImF1dGhfdGltZSI6MTU5NDI3OTAxNCwiYmlydGhkYXRlIjoiMTk4Ny0wNy0wOCIsImNfaGFzaCI6IlB3Nkc2ZTdzMF9aaW5HT3hIRDdSQUEiLCJjb3VudHJ5IjpudWxsLCJlbWFpbCI6W3siVHlwZSI6IlByaW1hcnkiLCJWYWx1ZSI6ImNsb3Vkc3NvdGVzdEBtYWlsYXp5LmNvbSJ9XSwiZW1haWxfdmVyaWZpZWQiOnRydWUsImV4cCI6MTU5NDI3OTY3MCwiZmFtaWx5X25hbWUiOiJ0ZXNydCIsImZhdmljb24xIjpudWxsLCJmbmFtZSI6ImNsb3Vkc3NvdCIsImdlbmRlciI6bnVsbCwiZ2l2ZW5fbmFtZSI6ImNsb3Vkc3NvdCIsImlhdCI6MTU5NDI3OTA3MCwiaXNzIjoiaHR0cHM6Ly9jbG91ZC1hcGkubG9naW5yYWRpdXMuY29tL3Nzby9vaWRjL3YyL2ludGVybmFsLW1heWFuay9vaWRjdGVzdCIsImp0aSI6IjM5MzYyYTRiLWJhODAtNDBiYS1hMjBjLWQ3ZWJmMTcyZTExNyIsImxuYW1lIjoidGVzcnQiLCJsb2NhbGUiOm51bGwsIm1pZGRsZV9uYW1lIjpudWxsLCJuYW1lIjoiY2xvdWRzc290IHRlc3J0IiwibmJmIjoxNTk0Mjc5MDcwLCJuaWNrbmFtZSI6bnVsbCwibm9uY2UiOiJIUFNWdkZTQ005dEFDOGRRIiwicGhvbmVfbnVtYmVyIjoiKzE5MDI5MDk1NzE0IiwicGhvbmVfbnVtYmVyX3ZlcmlmaWVkIjp0cnVlLCJwaWN0dXJlIjpudWxsLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJjbG91ZHNzb3Rlc3QiLCJwcm9maWxlIjpudWxsLCJzdWIiOiIwYjdmOTQ1YjhjNWY0YTM2YTM1YmY0OWY3MjM5YmZhNCIsInVpZCI6IjBiN2Y5NDViOGM1ZjRhMzZhMzViZjQ5ZjcyMzliZmE0IiwidXBkYXRlZF9hdCI6MTU2Mzg4NTEwOSwidXNlcm5hbWUiOiJjbG91ZHNzb3Rlc3QiLCJ3ZWJzaXRlIjpudWxsLCJ6b25laW5mbyI6bnVsbH0.Dp66_HT_PXgGQOLkpfZyo56CDwuGMwS3zysYVC74bQKg9oTutvTLuP0RTYvW7-vBjklQsCC9VoxacUXGb-LJMlcOi004HRfgpVazWOuqvyWyCIglNoHQG8Sj02C7KiqBBxtb4n-pFBbhC_uaSFcUBtQS0SsLG723NKET93A-nGoSW0843i9u92E4DDDYIwkzA4Fpmppg8NVCP7bGynK4TBPAgZFzG2nCMqK5uwSFT52gqULAkKRn0MenX4URo_NvkgqlGSjdCWBVZ9wbclOJqUBdqJL2mV5lHk6I9LA4rbLtkscS90baTm1nYOnKSLTxmYj7L4Wh0vQlCIjz38CWiQ'} |
10 | AccessTokenResponse | {
"access_token": "236d0abb-83b2-4f19-80ee-6ea4f05649f3",
"expires_in": 843,
"id_token": {
"address": {
"country": null,
"locality": null,
"postal_code": null,
"region": null,
"street_address": null
},
"aud": [
"112563f6-1480-40b8-8e28-e072ca212c82"
],
"auth_time": 1594279014,
"birthdate": "1987-07-08",
"c_hash": "Pw6G6e7s0_ZinGOxHD7RAA",
"country": null,
"email": {
"Type": "Primary",
"Value": "cloudssotest@mailazy.com"
},
"email_verified": true,
"exp": 1594279670,
"family_name": "tesrt",
"favicon1": null,
"fname": "cloudssot",
"gender": null,
"given_name": "cloudssot",
"iat": 1594279070,
"iss": "https://cloud-api.loginradius.com/sso/oidc/v2/internal-mayank/oidctest",
"jti": "39362a4b-ba80-40ba-a20c-d7ebf172e117",
"lname": "tesrt",
"locale": null,
"middle_name": null,
"name": "cloudssot tesrt",
"nbf": 1594279070,
"nickname": null,
"nonce": "HPSVvFSCM9tAC8dQ",
"phone_number": "+19029095714",
"phone_number_verified": true,
"picture": null,
"preferred_username": "cloudssotest",
"profile": null,
"sub": "0b7f945b8c5f4a36a35bf49f7239bfa4",
"uid": "0b7f945b8c5f4a36a35bf49f7239bfa4",
"updated_at": 1563885109,
"username": "cloudssotest",
"website": null,
"zoneinfo": null
},
"refresh_token": "132e1e7d-18c5-4972-9c53-840c1d921835",
"token_type": "Bearer"
}
|
10 | jws header | {'alg': 'RS256', 'kid': '201', 'typ': 'JWT'} |
10 | phase | <--<-- 6 --- AccessToken -->--> |
10 | request | op_args: {'state': 'bhik7Kao5pFTcz8O'}, req_args: {'redirect_uri': 'https://op.certification.openid.net:61949/authz_cb'} |
10 | do_access_token_request | kwargs:{'request_args': {'redirect_uri': 'https://op.certification.openid.net:61949/authz_cb', 'code': '51e0bf4aa141a055b3b7b62cdf899e59:ab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a', 'state': 'bhik7Kao5pFTcz8O', 'grant_type': 'authorization_code', 'client_id': '112563f6-1480-40b8-8e28-e072ca212c82'}, 'state': 'bhik7Kao5pFTcz8O', 'authn_method': 'client_secret_basic'}
|
10 | AccessTokenRequest | {
"code": "51e0bf4aa141a055b3b7b62cdf899e59:ab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a",
"grant_type": "authorization_code",
"redirect_uri": "https://op.certification.openid.net:61949/authz_cb",
"state": "bhik7Kao5pFTcz8O"
}
|
10 | request_url | https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token |
10 | request_http_args | {'headers': {'Authorization': 'Basic MTEyNTYzZjYtMTQ4MC00MGI4LThlMjgtZTA3MmNhMjEyYzgyOjc4ZDNkYmUzLTEwZDEtNDk3Yi05MzU3LThlZWQ0NTkzMzYzZA==', 'Content-Type': 'application/x-www-form-urlencoded'}} |
10 | request | grant_type=authorization_code&redirect_uri=https%3A%2F%2Fop.certification.openid.net%3A61949%2Fauthz_cb&code=51e0bf4aa141a055b3b7b62cdf899e59%3Aab82a5e8141d3257481ebc25cd772be62318b89831348e0873c5d69424ee79d0096e23b932703e83be6891c9964dd3c11efbcd629f7944e0b2ae785a14610ed5a847fee44305a535181968c904aa5195052a763738ccea93a76d1f06e1fb147047aa2b4cdca5b8e97c56249fb1787a&state=bhik7Kao5pFTcz8O |
10 | http response | url:https://cloud-api.loginradius.com/sso/oidc/v2/oidctest/token status_code:400 message:{"error":"invalid_grant","error_description":"The code is already used"}
|
10 | response | {'error': 'invalid_grant', 'error_description': 'The code is already used'} |
10 | event | Got expected error |
10 | TokenErrorResponse | {
"error": "invalid_grant",
"error_description": "The code is already used"
}
|
10 | phase | <--<-- 7 --- Done -->--> |
10 | end | |
10 | assertion | CheckHTTPErrorResponse |
10 | condition | check-http-error-response: status=OK [Checks that an error code is either 400 or 401 which are the only ones accepted by OAuth2/OIDC.] |
10 | assertion | VerifyResponse |
10 | condition | verify-response: status=OK [Checks that the last response was one of a possible set of OpenID Connect Responses] |
10 | condition | Done: status=OK |