openactive-test-suite
| < Return to Summary | File Generated: Fri Oct 01 2021 08:18:00 GMT+0000 (Coordinated Universal Time) |
dynamic-client-registration » authorization-code-flow
Booking Flow:
Opportunity Type:
Feature: Authentication / Dynamic Client Registration for Multiple Seller Systems (Implemented)
Test: Authorization Code Flow
The Authorization Code Flow allows Sellers to authenticate with Booking Partners
Running only this test
npm start -- --runInBand test/features/authentication/dynamic-client-registration/implemented/authorization-code-flow-test.js
✅ 7 passed with 0 failures, 0 warnings and 0 suggestions
Open ID Connect Authentication
Credentials
The test suite is using Dynamic Client Registration to retrieve credentials as part of this test, using the following configuration within bookingPartnersForSpecificTests.dynamicPrimary.authentication:
- initialAccessToken:
dynamic-primary-745ddf2d13019ce8b69c
Hence the client_id and client_secret can be found within the Dynamic Client Registration response below.
Discovery Request
GET https://localhost:5003/.well-known/openid-configuration
- accept:
"application/json" - accept-encoding:
"gzip, deflate, br" - host:
"localhost:5003"
Response status code: 200.
{
"issuer": "https://localhost:5003",
"jwks_uri": "https://localhost:5003/.well-known/openid-configuration/jwks",
"authorization_endpoint": "https://localhost:5003/connect/authorize",
"token_endpoint": "https://localhost:5003/connect/token",
"userinfo_endpoint": "https://localhost:5003/connect/userinfo",
"end_session_endpoint": "https://localhost:5003/connect/endsession",
"check_session_iframe": "https://localhost:5003/connect/checksession",
"revocation_endpoint": "https://localhost:5003/connect/revocation",
"introspection_endpoint": "https://localhost:5003/connect/introspect",
"device_authorization_endpoint": "https://localhost:5003/connect/deviceauthorization",
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"backchannel_logout_supported": true,
"backchannel_logout_session_supported": true,
"scopes_supported": [
"openid",
"openactive-identity",
"openactive-openbooking",
"openactive-ordersfeed",
"offline_access"
],
"claims_supported": [
"sub",
"https://openactive.io/sellerId",
"https://openactive.io/sellerName",
"https://openactive.io/sellerUrl",
"https://openactive.io/sellerLogo",
"https://openactive.io/bookingServiceName",
"https://openactive.io/bookingServiceUrl",
"name",
"https://openactive.io/clientId"
],
"grant_types_supported": [
"authorization_code",
"client_credentials",
"refresh_token",
"implicit",
"urn:ietf:params:oauth:grant-type:device_code"
],
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported": [
"form_post",
"query",
"fragment"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"subject_types_supported": [
"public"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"request_parameter_supported": true,
"registration_endpoint": "https://localhost:5003/connect/register"
}
Dynamic Client Registration Request
POST https://localhost:5003/connect/register
- authorization:
"Bearer dynamic-primary-745ddf2d13019ce8b69c" - accept:
"application/json" - content-type:
"application/json" - content-length:
"413" - accept-encoding:
"gzip, deflate, br" - host:
"localhost:5003"
{
"redirect_uris": [
"http://localhost:3000/cb"
],
"grant_types": [
"authorization_code",
"refresh_token",
"client_credentials"
],
"client_name": "OpenActive Test Suite Client",
"client_uri": "https://github.com/openactive/openactive-test-suite",
"logo_uri": "https://via.placeholder.com/512x256.png?text=Logo",
"scope": "openid profile openactive-openbooking openactive-ordersfeed oauth-dymamic-client-update openactive-identity"
}
Response status code: 201.
{
"client_id": "a3639857-326f-45f4-b707-0a1fcd447178",
"client_secret": "5P9WgYhw0hRbKzrC6vSXyeohiNhR9zPdFd9oWY6gjYz",
"client_name": "OpenActive Test Suite Client",
"client_uri": "https://github.com/openactive/openactive-test-suite",
"initiate_login_uri": null,
"logo_uri": "https://via.placeholder.com/512x256.png?text=Logo",
"grant_types": [
"authorization_code",
"refresh_token",
"client_credentials"
],
"redirect_uris": [
"http://localhost:3000/cb"
],
"scope": "openid profile openactive-openbooking openactive-ordersfeed oauth-dymamic-client-update openactive-identity"
}
Authorization Code Flow - 1 Request
POST http://localhost:3000/browser-automation-for-auth
- accept:
"application/json, text/plain, */*" - content-type:
"application/json;charset=utf-8" - content-length:
415 - host:
"localhost:3000"
{
"headless": true,
"offlineAccess": true,
"username": "test1",
"password": "test1",
"authorizationUrl": "https://localhost:5003/connect/authorize?client_id=a3639857-326f-45f4-b707-0a1fcd447178&scope=openid%20openactive-openbooking%20offline_access%20openactive-identity&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcb&code_challenge=lF1-ui0FsinI4_b_x22LdARAe14pqgixEMeSRUVsSP8&code_challenge_method=S256"
}
Screenshot: Login page
"https://localhost:5003/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Da3639857-326f-45f4-b707-0a1fcd447178%26scope%3Dopenid%2520openactive-openbooking%2520offline_access%2520openactive-identity%26response_type%3Dcode%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A3000%252Fcb%26code_challenge%3DlF1-ui0FsinI4_b_x22LdARAe14pqgixEMeSRUVsSP8%26code_challenge_method%3DS256"
Screenshot: Authorization page
"https://localhost:5003/consent?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Da3639857-326f-45f4-b707-0a1fcd447178%26scope%3Dopenid%2520openactive-openbooking%2520offline_access%2520openactive-identity%26response_type%3Dcode%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A3000%252Fcb%26code_challenge%3DlF1-ui0FsinI4_b_x22LdARAe14pqgixEMeSRUVsSP8%26code_challenge_method%3DS256"
Callback URL
"/cb?code=C5B6023CD0DF5113E65B2225EE1A0B8E5CD1253516E148B33D99BECF715FA205&scope=openid%20openactive-openbooking%20offline_access%20openactive-identity&session_state=LfYIOBVNzPARXhVv6K7OrZ4ul7Bec8d1YGHcZXUollY.743AF433187D8B7314AFB1D130F3040C"
Authorization Code Flow - 2 Request
POST https://localhost:5003/connect/token
- authorization:
"Basic YTM2Mzk4NTctMzI2Zi00NWY0LWI3MDctMGExZmNkNDQ3MTc4OjVQOVdnWWh3MGhSYkt6ckM2dlNYeWVvaGlOaFI5elBkRmQ5b1dZNmdqWXo=" - accept:
"application/json" - content-type:
"application/x-www-form-urlencoded" - content-length:
"205" - accept-encoding:
"gzip, deflate, br" - host:
"localhost:5003"
"grant_type=authorization_code&code=C5B6023CD0DF5113E65B2225EE1A0B8E5CD1253516E148B33D99BECF715FA205&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcb&code_verifier=X9Yi9WUQirzdzwYJkMHjR9lgC3faWfKxfOOZapO0g-g"
Response status code: 200.
{
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkIwNEY3QjkxREUzQjk0NzhDNjE4MzNGQjI0QUE1Q0RCIiwidHlwIjoiSldUIn0.eyJuYmYiOjE2MzMwNzYyODQsImV4cCI6MTYzMzA3NjU4NCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMyIsImF1ZCI6ImEzNjM5ODU3LTMyNmYtNDVmNC1iNzA3LTBhMWZjZDQ0NzE3OCIsImlhdCI6MTYzMzA3NjI4NCwiYXRfaGFzaCI6IldhaEdEWnhvVHNzdXBscGptMC1aMnciLCJzaWQiOiI2OTdFNzhCQzAyQTUyREY4NTE2NTU4RkI5MzNFOTA2MSIsInN1YiI6IjEwMCIsImF1dGhfdGltZSI6MTYzMzA3NjI4MiwiaWRwIjoibG9jYWwiLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVyTmFtZSI6IkFjbWUgRml0bmVzcyBMdGQiLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVySWQiOiJodHRwczovL2xvY2FsaG9zdDo1MDAxL2FwaS9pZGVudGlmaWVycy9zZWxsZXJzLzEiLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVyVXJsIjoiaHR0cHM6Ly93d3cuZXhhbXBsZS5jb20iLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVyTG9nbyI6Imh0dHBzOi8vcGxhY2VraXR0ZW4uY29tLzY0MC8zNjAiLCJhbXIiOlsicHdkIl19.cFp25fjWL1jzqJh_60oog4mG0h4NfKxHlDBCkvcDKN7ij1Bl2E91xegzuPW0935Xl7q3fg-bhuG2nclRUVa441bNWy7IAAtza6DlF7xUar48PUlaUrZN67EpLD5NbQJQVOoPV6DgZEF8oLkzYv1ZAJuBbyaNHrA4WPyHUxpZgwn_4lWrpQXus2_yk-JTf6Uwyzfcc8Nadq0IzbAl9u0yQ43ibGd2HGJW18vWrO7LzhJ3aUJ5lSBsguwOBrVY43P7PEgvRSroGZ57DrVDWmo09b8HlJHTFnQ0rAcbaMWF3KLups_HSLYfHa0rEm9_jPmUqfiM9Y5Ni3eJ96B2eARwDg",
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkIwNEY3QjkxREUzQjk0NzhDNjE4MzNGQjI0QUE1Q0RCIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2MzMwNzYyODQsImV4cCI6MTYzMzA3OTg4NCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMyIsImF1ZCI6Im9wZW5ib29raW5nIiwiY2xpZW50X2lkIjoiYTM2Mzk4NTctMzI2Zi00NWY0LWI3MDctMGExZmNkNDQ3MTc4IiwiaHR0cHM6Ly9vcGVuYWN0aXZlLmlvL2NsaWVudElkIjoiYTM2Mzk4NTctMzI2Zi00NWY0LWI3MDctMGExZmNkNDQ3MTc4Iiwic3ViIjoiMTAwIiwiYXV0aF90aW1lIjoxNjMzMDc2MjgyLCJpZHAiOiJsb2NhbCIsImh0dHBzOi8vb3BlbmFjdGl2ZS5pby9zZWxsZXJJZCI6Imh0dHBzOi8vbG9jYWxob3N0OjUwMDEvYXBpL2lkZW50aWZpZXJzL3NlbGxlcnMvMSIsImp0aSI6IkIwQ0ZBRUMyRUJGQzlENjAzMjQ2QjQ0NENFMENFQ0Y2Iiwic2lkIjoiNjk3RTc4QkMwMkE1MkRGODUxNjU1OEZCOTMzRTkwNjEiLCJpYXQiOjE2MzMwNzYyODQsInNjb3BlIjpbIm9wZW5pZCIsIm9wZW5hY3RpdmUtb3BlbmJvb2tpbmciLCJvcGVuYWN0aXZlLWlkZW50aXR5Iiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbInB3ZCJdfQ.ahkaR-NMtmejCXJB8yvO8fcunDbo7ULlIEtRHC4c6Mx8LEB2YHEA5MsAuciDYxIgswj0O85c0o4Hj-1USWZev8EgTd6Rj8-hmOne4JBrR_ZUjvs9DURqF8bdFHvItWuYaY9YmisWYMkkjdI2ry5Sw8LFc3StNalOg0-1D4dS45eXk2YIL9SXvsJaiWpULrBsDJwxFXeE6QOvJAIPALLE1cx9Uz-A_L6SdyifDnlEFJ0szMTmSrlT-G8aK38sU1jWNCwokSQG_Z_5EX4HSmazyfZqQeC-jq2LwX_vbmV1fF7bJ6h0ulaNAEkuMjE8AvQxDZNbD8-nXB65Km83Pqv_XA",
"expires_in": 3600,
"token_type": "Bearer",
"refresh_token": "F0150228413C5DE46A4CDE2FF4C16CB4AEC6A4428F9317BFEEDE0E8B0CD709DD",
"scope": "openid openactive-openbooking offline_access openactive-identity"
}
Authorization Code Flow - 3 Request
GET https://localhost:5003/.well-known/openid-configuration/jwks
- accept:
"application/json" - accept-encoding:
"gzip, deflate, br" - host:
"localhost:5003"
Response status code: 200.
{
"keys": [
{
"kty": "RSA",
"use": "sig",
"kid": "B04F7B91DE3B9478C61833FB24AA5CDB",
"e": "AQAB",
"n": "yZO68vCGrvfBQ5R1z0DVCRAADOWeF3aLlhOaz1Je1SnmohmmlO-1F1hkRM_4MJtR5aECMxMz-MUW1nBCPmUrH0h_rrdCdDdlk8vTHki0ixK-gO73W2ZscOCZ6L2fZ2Oqz0_I840cnSCv55zpiOk9oGJL9TEsLAWYAIyQheaqZO3BkqImuBFmaLVTckvaZeONjHDQa01rxEjRQByir6oYSZPJy54XuRQJaPuCVNeOW8r0R9rKUQf9nl7tnVvhCsU3q1-UPrs8ZW_kaYXuYQJJMk392jX6XNm6czehIYM-O8Z5eGFdR3WW7IAWYEmqTCxrCRuuKU-EEcKOwksx8gBPgQ",
"alg": "RS256"
}
]
}
Authorization Code Flow - Claims Result
id_token claims:
{
"nbf": 1633076284,
"exp": 1633076584,
"iss": "https://localhost:5003",
"aud": "a3639857-326f-45f4-b707-0a1fcd447178",
"iat": 1633076284,
"at_hash": "WahGDZxoTssuplpjm0-Z2w",
"sid": "697E78BC02A52DF8516558FB933E9061",
"sub": "100",
"auth_time": 1633076282,
"idp": "local",
"https://openactive.io/sellerName": "Acme Fitness Ltd",
"https://openactive.io/sellerId": "https://localhost:5001/api/identifiers/sellers/1",
"https://openactive.io/sellerUrl": "https://www.example.com",
"https://openactive.io/sellerLogo": "https://placekitten.com/640/360",
"amr": [
"pwd"
]
}
Refresh Token Request
POST https://localhost:5003/connect/token
- authorization:
"Basic YTM2Mzk4NTctMzI2Zi00NWY0LWI3MDctMGExZmNkNDQ3MTc4OjVQOVdnWWh3MGhSYkt6ckM2dlNYeWVvaGlOaFI5elBkRmQ5b1dZNmdqWXo=" - accept:
"application/json" - content-type:
"application/x-www-form-urlencoded" - content-length:
"103" - accept-encoding:
"gzip, deflate, br" - host:
"localhost:5003"
"grant_type=refresh_token&refresh_token=F0150228413C5DE46A4CDE2FF4C16CB4AEC6A4428F9317BFEEDE0E8B0CD709DD"
Response status code: 200.
{
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkIwNEY3QjkxREUzQjk0NzhDNjE4MzNGQjI0QUE1Q0RCIiwidHlwIjoiSldUIn0.eyJuYmYiOjE2MzMwNzYyODQsImV4cCI6MTYzMzA3NjU4NCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMyIsImF1ZCI6ImEzNjM5ODU3LTMyNmYtNDVmNC1iNzA3LTBhMWZjZDQ0NzE3OCIsImlhdCI6MTYzMzA3NjI4NCwiYXRfaGFzaCI6InB6dk5qUmhFYmZwSUxVME56aEtrRGciLCJzdWIiOiIxMDAiLCJhdXRoX3RpbWUiOjE2MzMwNzYyODIsImlkcCI6ImxvY2FsIiwiaHR0cHM6Ly9vcGVuYWN0aXZlLmlvL3NlbGxlck5hbWUiOiJBY21lIEZpdG5lc3MgTHRkIiwiaHR0cHM6Ly9vcGVuYWN0aXZlLmlvL3NlbGxlcklkIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMS9hcGkvaWRlbnRpZmllcnMvc2VsbGVycy8xIiwiaHR0cHM6Ly9vcGVuYWN0aXZlLmlvL3NlbGxlclVybCI6Imh0dHBzOi8vd3d3LmV4YW1wbGUuY29tIiwiaHR0cHM6Ly9vcGVuYWN0aXZlLmlvL3NlbGxlckxvZ28iOiJodHRwczovL3BsYWNla2l0dGVuLmNvbS82NDAvMzYwIiwiYW1yIjpbInB3ZCJdfQ.Vu-cZCsKCFrMOKVkfNWo2D_5IuA2kKRxq9-B083wnrHl4yFMos48OK23IRelFfCNLPNN84O1adgInnp1ZWnEQxIhUmZCyU9X5jhUKyHU_9Mk4PJ7KJiAPB9SJP6NiCMkwoniDBM7Z4R2VXGTUD6zPyW9-qzmsN8g17nm_RnvSodnpNsXzh7hCJeOpkw2wqhOKJag880IqBzItlxxauJcoFMAZFevJAJCv6gULtcOV_HEtOrlsuVMr1mn9LAxfkccfITFe1uUC9QUFRRfJgt_XY6gFZkH-wWabgEK5G8Gt33H90lbXGpxsC7U5RFUE78OugLb68Ws7sFLlcxYOvUsaQ",
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkIwNEY3QjkxREUzQjk0NzhDNjE4MzNGQjI0QUE1Q0RCIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2MzMwNzYyODQsImV4cCI6MTYzMzA3OTg4NCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMyIsImF1ZCI6Im9wZW5ib29raW5nIiwiY2xpZW50X2lkIjoiYTM2Mzk4NTctMzI2Zi00NWY0LWI3MDctMGExZmNkNDQ3MTc4IiwiaHR0cHM6Ly9vcGVuYWN0aXZlLmlvL2NsaWVudElkIjoiYTM2Mzk4NTctMzI2Zi00NWY0LWI3MDctMGExZmNkNDQ3MTc4Iiwic3ViIjoiMTAwIiwiYXV0aF90aW1lIjoxNjMzMDc2MjgyLCJpZHAiOiJsb2NhbCIsImh0dHBzOi8vb3BlbmFjdGl2ZS5pby9zZWxsZXJJZCI6Imh0dHBzOi8vbG9jYWxob3N0OjUwMDEvYXBpL2lkZW50aWZpZXJzL3NlbGxlcnMvMSIsImp0aSI6IkU3RjU4OTkxQzBGODE4NTk2RTY2MTM0NjA5NDBFODE5IiwiaWF0IjoxNjMzMDc2Mjg0LCJzY29wZSI6WyJvcGVuaWQiLCJvcGVuYWN0aXZlLW9wZW5ib29raW5nIiwib3BlbmFjdGl2ZS1pZGVudGl0eSIsIm9mZmxpbmVfYWNjZXNzIl0sImFtciI6WyJwd2QiXX0.e1o36vajhWRdK8KaD0zAFqpTo_QfPbg8Gbh_rKWPgqXV3G9BWvsuiX08o0BocGv2iYzW14xfHlFfu4FtqKcXhjq-COORE92G25c9GTPiAvDUyu-yaZUSWrx9rVEqJ86GhYI5902_9mV_FoYdb8J5ABFdrga9ZPjwLDHBNZL6Sm-_jgUa4zFaig-rOFeZAgcKBpdrQX2MnTvXtgMiVWnPbcc8XTdDjWLoIv_GKzTSkUJkKmahX4HqyIcmI3OAqXashM3cL3MVc1zlBvMtEDVH2keP1i8otkVhaHTrkCvMsmM1E9anllrKKP4o936t7VAl0rLM9kDGZ_nDwx4tfF91EQ",
"expires_in": 3600,
"token_type": "Bearer",
"refresh_token": "77AC5B188179736499C9E68063BDD4E7CDEF8F6DAEF65D4BC9B19570BD97D14F",
"scope": "openid openactive-openbooking openactive-identity offline_access"
}
Specs
- ✅ should complete Discovery successfully
- ✅ should complete Dynamic Client Registration successfully
- ✅ should complete Authorization Code Flow successfully
- ✅ should include expected
https://openactive.io/sellerIdclaim inid_token - ✅ should return claims within
id_tokenas defined in specification - ✅ should require a consent prompt for Authorization Code Flow
- ✅ should complete token refresh successfully