openactive-test-suite

< Return to Summary File Generated: Fri Oct 01 2021 08:11:40 GMT+0000 (Coordinated Universal Time)

booking-partner-authentication » authorization-persisted

Booking Flow:

Opportunity Type:

Feature: Authentication / Booking Partner Authentication for Multiple Seller Systems (Implemented)

Test: Authorization persists when not requesting offline access

When authorisation is requested without offline access and a user has already given permission, consent must not be required.

Running only this test

npm start -- --runInBand test/features/authentication/booking-partner-authentication/implemented/authorization-persisted-test.js

✅ 8 passed with 0 failures, 0 warnings and 0 suggestions


Open ID Connect Authentication

Credentials

The test suite is using the credentials configured by bookingPartnersForSpecificTests.authorizationPersisted.authentication.clientCredentials for this test:

Discovery Request

GET https://localhost:5003/.well-known/openid-configuration


Response status code: 200.

{
  "issuer": "https://localhost:5003",
  "jwks_uri": "https://localhost:5003/.well-known/openid-configuration/jwks",
  "authorization_endpoint": "https://localhost:5003/connect/authorize",
  "token_endpoint": "https://localhost:5003/connect/token",
  "userinfo_endpoint": "https://localhost:5003/connect/userinfo",
  "end_session_endpoint": "https://localhost:5003/connect/endsession",
  "check_session_iframe": "https://localhost:5003/connect/checksession",
  "revocation_endpoint": "https://localhost:5003/connect/revocation",
  "introspection_endpoint": "https://localhost:5003/connect/introspect",
  "device_authorization_endpoint": "https://localhost:5003/connect/deviceauthorization",
  "frontchannel_logout_supported": true,
  "frontchannel_logout_session_supported": true,
  "backchannel_logout_supported": true,
  "backchannel_logout_session_supported": true,
  "scopes_supported": [
    "openid",
    "openactive-identity",
    "openactive-openbooking",
    "openactive-ordersfeed",
    "offline_access"
  ],
  "claims_supported": [
    "sub",
    "https://openactive.io/sellerId",
    "https://openactive.io/sellerName",
    "https://openactive.io/sellerUrl",
    "https://openactive.io/sellerLogo",
    "https://openactive.io/bookingServiceName",
    "https://openactive.io/bookingServiceUrl",
    "name",
    "https://openactive.io/clientId"
  ],
  "grant_types_supported": [
    "authorization_code",
    "client_credentials",
    "refresh_token",
    "implicit",
    "urn:ietf:params:oauth:grant-type:device_code"
  ],
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "id_token token",
    "code id_token",
    "code token",
    "code id_token token"
  ],
  "response_modes_supported": [
    "form_post",
    "query",
    "fragment"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ],
  "request_parameter_supported": true,
  "registration_endpoint": "https://localhost:5003/connect/register"
}

Authorization Code Flow (first attempt) - 1 Request

POST http://localhost:3000/browser-automation-for-auth

{
  "headless": true,
  "offlineAccess": true,
  "username": "test1",
  "password": "test1",
  "authorizationUrl": "https://localhost:5003/connect/authorize?client_id=clientid_801&scope=openid%20openactive-identity&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcb&code_challenge=J8ZRZgETNvu9UCeRri2AfOcVYBS-qPGl6-V4-SslJvw&code_challenge_method=S256"
}

Screenshot: Login page

"https://localhost:5003/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dclientid_801%26scope%3Dopenid%2520openactive-identity%26response_type%3Dcode%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A3000%252Fcb%26code_challenge%3DJ8ZRZgETNvu9UCeRri2AfOcVYBS-qPGl6-V4-SslJvw%26code_challenge_method%3DS256"

Screenshot: Login page

Screenshot: Authorization page

"https://localhost:5003/consent?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dclientid_801%26scope%3Dopenid%2520openactive-identity%26response_type%3Dcode%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A3000%252Fcb%26code_challenge%3DJ8ZRZgETNvu9UCeRri2AfOcVYBS-qPGl6-V4-SslJvw%26code_challenge_method%3DS256"

Screenshot: Authorization page

Callback URL

"/cb?code=99736731CFDA9389A91B30D9FC2FFE0A6207D05E3A02481FA1833473872B4E9F&scope=openid%20openactive-identity&session_state=9NVPRe4Q1aGNr7bWdTjKLbGf9w-6HBbp43cq6FvAPHc.FA927A00177B41EABD1491DA81E633FF"

Authorization Code Flow (first attempt) - 2 Request

POST https://localhost:5003/connect/token

"grant_type=authorization_code&code=99736731CFDA9389A91B30D9FC2FFE0A6207D05E3A02481FA1833473872B4E9F&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcb&code_verifier=G9JUZodvZ_hG5kd9GZpQM49hplUqtl0g80yKRC56c7Q"

Response status code: 200.

{
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkIwNEY3QjkxREUzQjk0NzhDNjE4MzNGQjI0QUE1Q0RCIiwidHlwIjoiSldUIn0.eyJuYmYiOjE2MzMwNzU5MDgsImV4cCI6MTYzMzA3NjIwOCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMyIsImF1ZCI6ImNsaWVudGlkXzgwMSIsImlhdCI6MTYzMzA3NTkwOCwiYXRfaGFzaCI6IkZHVVlRcU9yMUJBdWpjZjl4Q3ZqY2ciLCJzaWQiOiIzQzJGNzA1RUExNjIyQTBFRTgwRTNGMkRDN0Q3ODE4QiIsInN1YiI6IjEwMCIsImF1dGhfdGltZSI6MTYzMzA3NTkwNiwiaWRwIjoibG9jYWwiLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVyTmFtZSI6IkFjbWUgRml0bmVzcyBMdGQiLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVySWQiOiJodHRwczovL2xvY2FsaG9zdDo1MDAxL2FwaS9pZGVudGlmaWVycy9zZWxsZXJzLzEiLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVyVXJsIjoiaHR0cHM6Ly93d3cuZXhhbXBsZS5jb20iLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVyTG9nbyI6Imh0dHBzOi8vcGxhY2VraXR0ZW4uY29tLzY0MC8zNjAiLCJhbXIiOlsicHdkIl19.nfPjfnV_x-OYkaMAcvsdOYHHjkMRlOGoslXaq5l4EDPn0EUccpf2vqmEnpi39EDsia7GaB5MjyI3BIJaNCKwy-LwUE5fU_ecdYtDzHVY7cJOurCZ3BizJn5Ld_lp35K7OfiJzZBQwREdOonFUgEtI5se8j0Wfuofunb3i-UqEfrHqNu7BxNOf0qZTIS3okB6TUEtuXtgVtuEKnLORMml1xKM4HZRX3SzEcWDXnI-4V-qgo4SrHxTgwP8cpzso_k9U__DssZ2UZgXSnnk9pLR8VWsf37ZCEPWZx44DaoKKjRQY6OSCrGGfvpqUqwrhlgnaTLJA4DByjbTQQOAXP239g",
  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkIwNEY3QjkxREUzQjk0NzhDNjE4MzNGQjI0QUE1Q0RCIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2MzMwNzU5MDgsImV4cCI6MTYzMzA3OTUwOCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMyIsImNsaWVudF9pZCI6ImNsaWVudGlkXzgwMSIsImh0dHBzOi8vb3BlbmFjdGl2ZS5pby9jbGllbnRJZCI6ImNsaWVudGlkXzgwMSIsInN1YiI6IjEwMCIsImF1dGhfdGltZSI6MTYzMzA3NTkwNiwiaWRwIjoibG9jYWwiLCJqdGkiOiI1QUM4NjFGN0Y3MzQ5OENDOENBMUFBQjhFRjY2MDUxNyIsInNpZCI6IjNDMkY3MDVFQTE2MjJBMEVFODBFM0YyREM3RDc4MThCIiwiaWF0IjoxNjMzMDc1OTA4LCJzY29wZSI6WyJvcGVuaWQiLCJvcGVuYWN0aXZlLWlkZW50aXR5Il0sImFtciI6WyJwd2QiXX0.jD55qew8OT_CR-PAUZw3vu4PUSKxwdHAd6KJQ7ucnQ4vfukqOttp3s3NqWWZsTpILelQeiJqMZNON9zmjrqt1X87Z5Kj1BZpHzG5bSog9R86TJ2ew8hSU8FkdCDpEzLNYQVq2c_JlTEi4c-61y0U9pOeoqZZcpDE1VJ5OFqFEmv8SroBxnZQDnzFt_rgZnF4QxwhwGMTCjp4PlZIcmgsCL_SiGCIRDM1J1Bk8HqC14oJTKrENAF3rGz0BphtgmdCnTNhF8AKcAfUUV7Rj0kRIsIbKM5IjN_W2OtpxgpwBEbFZrN1DUQjNK12hNvKBx4JAVwuZZyU7Y8A0xjqsk8Okg",
  "expires_in": 3600,
  "token_type": "Bearer",
  "scope": "openid openactive-identity"
}

Authorization Code Flow (first attempt) - 3 Request

GET https://localhost:5003/.well-known/openid-configuration/jwks


Response status code: 200.

{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "kid": "B04F7B91DE3B9478C61833FB24AA5CDB",
      "e": "AQAB",
      "n": "yZO68vCGrvfBQ5R1z0DVCRAADOWeF3aLlhOaz1Je1SnmohmmlO-1F1hkRM_4MJtR5aECMxMz-MUW1nBCPmUrH0h_rrdCdDdlk8vTHki0ixK-gO73W2ZscOCZ6L2fZ2Oqz0_I840cnSCv55zpiOk9oGJL9TEsLAWYAIyQheaqZO3BkqImuBFmaLVTckvaZeONjHDQa01rxEjRQByir6oYSZPJy54XuRQJaPuCVNeOW8r0R9rKUQf9nl7tnVvhCsU3q1-UPrs8ZW_kaYXuYQJJMk392jX6XNm6czehIYM-O8Z5eGFdR3WW7IAWYEmqTCxrCRuuKU-EEcKOwksx8gBPgQ",
      "alg": "RS256"
    }
  ]
}

Authorization Code Flow (first attempt) - Claims Result

id_token claims:

{
  "nbf": 1633075908,
  "exp": 1633076208,
  "iss": "https://localhost:5003",
  "aud": "clientid_801",
  "iat": 1633075908,
  "at_hash": "FGUYQqOr1BAujcf9xCvjcg",
  "sid": "3C2F705EA1622A0EE80E3F2DC7D7818B",
  "sub": "100",
  "auth_time": 1633075906,
  "idp": "local",
  "https://openactive.io/sellerName": "Acme Fitness Ltd",
  "https://openactive.io/sellerId": "https://localhost:5001/api/identifiers/sellers/1",
  "https://openactive.io/sellerUrl": "https://www.example.com",
  "https://openactive.io/sellerLogo": "https://placekitten.com/640/360",
  "amr": [
    "pwd"
  ]
}

Authorization Code Flow (second attempt) - 1 Request

POST http://localhost:3000/browser-automation-for-auth

{
  "headless": true,
  "offlineAccess": true,
  "username": "test1",
  "password": "test1",
  "authorizationUrl": "https://localhost:5003/connect/authorize?client_id=clientid_801&scope=openid%20openactive-identity&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcb&code_challenge=DnE1SW3nXD5KsyVCsarR5ypED1ta3TfUNrrE5rOKpUE&code_challenge_method=S256"
}

Screenshot: Login page

"https://localhost:5003/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dclientid_801%26scope%3Dopenid%2520openactive-identity%26response_type%3Dcode%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A3000%252Fcb%26code_challenge%3DDnE1SW3nXD5KsyVCsarR5ypED1ta3TfUNrrE5rOKpUE%26code_challenge_method%3DS256"

Screenshot: Login page

Callback URL

"/cb?code=311D8DCDB5EF2F60B3AA3F42F381EE5F4C3DF08755A74997A7527C87F7E57AC5&scope=openid%20openactive-identity&session_state=nxqToPV34nGmKm_qGt9rG6JtRrjAvIEZVsyoJ8cdsBY.B94CBEC4931C153726AFFAA1FEABBF4F"

Authorization Code Flow (second attempt) - 2 Request

POST https://localhost:5003/connect/token

"grant_type=authorization_code&code=311D8DCDB5EF2F60B3AA3F42F381EE5F4C3DF08755A74997A7527C87F7E57AC5&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcb&code_verifier=2Spw1MpQ3zyty_Wq0hJvNfOwiYQtav926vBUGp1KdXI"

Response status code: 200.

{
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkIwNEY3QjkxREUzQjk0NzhDNjE4MzNGQjI0QUE1Q0RCIiwidHlwIjoiSldUIn0.eyJuYmYiOjE2MzMwNzU5MTQsImV4cCI6MTYzMzA3NjIxNCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMyIsImF1ZCI6ImNsaWVudGlkXzgwMSIsImlhdCI6MTYzMzA3NTkxNCwiYXRfaGFzaCI6Ii05T2NRR1NvQmxERGtTUXJqMDVzM2ciLCJzaWQiOiIzOEM3MkNCMDlERDczM0FFNzY3MkZFODAwNkVBRTQwMCIsInN1YiI6IjEwMCIsImF1dGhfdGltZSI6MTYzMzA3NTkxNCwiaWRwIjoibG9jYWwiLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVyTmFtZSI6IkFjbWUgRml0bmVzcyBMdGQiLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVySWQiOiJodHRwczovL2xvY2FsaG9zdDo1MDAxL2FwaS9pZGVudGlmaWVycy9zZWxsZXJzLzEiLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVyVXJsIjoiaHR0cHM6Ly93d3cuZXhhbXBsZS5jb20iLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVyTG9nbyI6Imh0dHBzOi8vcGxhY2VraXR0ZW4uY29tLzY0MC8zNjAiLCJhbXIiOlsicHdkIl19.pPSntMkYsP3EKEVhfnzjtaGh_NQjn9a3FM3XRew7mv3jxw04TkVPXOf3Xc0Z-xxg2F0Tfip7XUwWNeWV51EGjTxe8zCQ44Qtq1tgIQaOFDFjtcNGI2rOwn4dinUKc6iOJmw1S0ptFbYLhopdmLsUHnS0_jGotFZ1wqFFzsoJN32EAu8uafd2IOy9DjA53bJ61qEahlCT1DGFfhvdiVEkSYU0JQ3lTEUBHQlFRdCKIu48M5LXhC8QL0jVviFcKiuasIU2jAgXF7c4S7UlqmMmNeTIg1yBk2bQxVg2bGBnorjngKhGHk12rLTFmt8riYXjGLlk9u1rxQIfSovakyALCA",
  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkIwNEY3QjkxREUzQjk0NzhDNjE4MzNGQjI0QUE1Q0RCIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2MzMwNzU5MTQsImV4cCI6MTYzMzA3OTUxNCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMyIsImNsaWVudF9pZCI6ImNsaWVudGlkXzgwMSIsImh0dHBzOi8vb3BlbmFjdGl2ZS5pby9jbGllbnRJZCI6ImNsaWVudGlkXzgwMSIsInN1YiI6IjEwMCIsImF1dGhfdGltZSI6MTYzMzA3NTkxNCwiaWRwIjoibG9jYWwiLCJqdGkiOiI1MzM3NkI2QUM2NzM3RDVEMzQ4NzA2MjVDNDgwQTc2OCIsInNpZCI6IjM4QzcyQ0IwOURENzMzQUU3NjcyRkU4MDA2RUFFNDAwIiwiaWF0IjoxNjMzMDc1OTE0LCJzY29wZSI6WyJvcGVuaWQiLCJvcGVuYWN0aXZlLWlkZW50aXR5Il0sImFtciI6WyJwd2QiXX0.Fz6NrhaXYPwMwCkmGlyPqtMFZSqpiWODT_rWmWCDYT6lHmW9BbF_QTrpCZYrLdya3vrmuh1Y90LnFf0NDG143JAHPq2FHsL4JEDR-jetlU3yvuMbhmQo-6k9ki9j5yBXZArESPKTMOuzylA-lwzTnXfPnc8S1TW0kYEv421zhlutPolsaBapYypXSlsPK758X_Tu6y8YmHFVJEbS_qnzZflE8haTLn5QKidvK6wlJ-plGIBbCxVRzS81z0dLZI4G0yrBJb8Gr_S5parpWrCPbuqAW_zKr1e9dCRqZi_SNAgU40LI-Fui3ZcETeWLyd-4Snu4KSLKWX_LoACi1SfNew",
  "expires_in": 3600,
  "token_type": "Bearer",
  "scope": "openid openactive-identity"
}

Authorization Code Flow (second attempt) - Claims Result

id_token claims:

{
  "nbf": 1633075914,
  "exp": 1633076214,
  "iss": "https://localhost:5003",
  "aud": "clientid_801",
  "iat": 1633075914,
  "at_hash": "-9OcQGSoBlDDkSQrj05s3g",
  "sid": "38C72CB09DD733AE7672FE8006EAE400",
  "sub": "100",
  "auth_time": 1633075914,
  "idp": "local",
  "https://openactive.io/sellerName": "Acme Fitness Ltd",
  "https://openactive.io/sellerId": "https://localhost:5001/api/identifiers/sellers/1",
  "https://openactive.io/sellerUrl": "https://www.example.com",
  "https://openactive.io/sellerLogo": "https://placekitten.com/640/360",
  "amr": [
    "pwd"
  ]
}

Specs