< Return to Summary | File Generated: Thu Apr 17 2025 12:29:03 GMT+0000 (Coordinated Universal Time)

Collapse All Sections Show All Sections Show Only First Error

dynamic-client-registration >> authorization-code-flow

Booking Flow:

Opportunity Type:

Feature: Authentication / Dynamic Client Registration for Multiple Seller Systems (Implemented)

Test: Authorization Code Flow

The Authorization Code Flow allows Sellers to authenticate with Booking Partners

Running only this test

npm start -- --runInBand test/features/authentication/dynamic-client-registration/implemented/authorization-code-flow-test.js

Is this test failing?

The OpenActive Reference Implementation test result for this test can be used as a reference to help with debugging.

✅ 8 passed with 0 failures, 0 warnings and 0 suggestions

✅ Open ID Connect Authentication

Credentials

The test suite is using Dynamic Client Registration to retrieve credentials as part of this test, using the following configuration within bookingPartnersForSpecificTests.dynamicPrimary.authentication:

• initialAccessToken: dynamic-primary-745ddf2d13019ce8b69c

Hence the client_id and client_secret can be found within the Dynamic Client Registration response below.

Discovery Request

GET https://localhost:5003/.well-known/openid-configuration

• accept: "application/json"
• accept-encoding: "gzip, deflate, br"
• host: "localhost:5003"

Response status code: 200.

{
  "issuer": "https://localhost:5003",
  "jwks_uri": "https://localhost:5003/.well-known/openid-configuration/jwks",
  "authorization_endpoint": "https://localhost:5003/connect/authorize",
  "token_endpoint": "https://localhost:5003/connect/token",
  "userinfo_endpoint": "https://localhost:5003/connect/userinfo",
  "end_session_endpoint": "https://localhost:5003/connect/endsession",
  "check_session_iframe": "https://localhost:5003/connect/checksession",
  "revocation_endpoint": "https://localhost:5003/connect/revocation",
  "introspection_endpoint": "https://localhost:5003/connect/introspect",
  "device_authorization_endpoint": "https://localhost:5003/connect/deviceauthorization",
  "frontchannel_logout_supported": true,
  "frontchannel_logout_session_supported": true,
  "backchannel_logout_supported": true,
  "backchannel_logout_session_supported": true,
  "scopes_supported": [
    "openid",
    "openactive-identity",
    "openactive-openbooking",
    "openactive-ordersfeed",
    "offline_access"
  ],
  "claims_supported": [
    "sub",
    "https://openactive.io/sellerId",
    "https://openactive.io/sellerName",
    "https://openactive.io/sellerUrl",
    "https://openactive.io/sellerLogo",
    "https://openactive.io/bookingServiceName",
    "https://openactive.io/bookingServiceUrl",
    "name",
    "https://openactive.io/clientId"
  ],
  "grant_types_supported": [
    "authorization_code",
    "client_credentials",
    "refresh_token",
    "implicit",
    "urn:ietf:params:oauth:grant-type:device_code"
  ],
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "id_token token",
    "code id_token",
    "code token",
    "code id_token token"
  ],
  "response_modes_supported": [
    "form_post",
    "query",
    "fragment"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ],
  "request_parameter_supported": true,
  "registration_endpoint": "https://localhost:5003/connect/register"
}

Dynamic Client Registration Request

POST https://localhost:5003/connect/register

• authorization: "Bearer dynamic-primary-745ddf2d13019ce8b69c"
• accept: "application/json"
• content-type: "application/json"
• content-length: "413"
• accept-encoding: "gzip, deflate, br"
• host: "localhost:5003"

{
  "redirect_uris": [
    "http://localhost:3000/cb"
  ],
  "grant_types": [
    "authorization_code",
    "refresh_token",
    "client_credentials"
  ],
  "client_name": "OpenActive Test Suite Client",
  "client_uri": "https://github.com/openactive/openactive-test-suite",
  "logo_uri": "https://via.placeholder.com/512x256.png?text=Logo",
  "scope": "openid profile openactive-openbooking openactive-ordersfeed oauth-dymamic-client-update openactive-identity"
}

Response status code: 201.

{
  "client_id": "be62fcbf-a9f4-48ed-889b-41ae8887ccd6",
  "client_secret": "58egKWJiBDZIDeLmD75LG7kMeOV9rp57lgmKlIlQdBd",
  "client_name": "OpenActive Test Suite Client",
  "client_uri": "https://github.com/openactive/openactive-test-suite",
  "initiate_login_uri": null,
  "logo_uri": "https://via.placeholder.com/512x256.png?text=Logo",
  "grant_types": [
    "authorization_code",
    "refresh_token",
    "client_credentials"
  ],
  "redirect_uris": [
    "http://localhost:3000/cb"
  ],
  "scope": "openid profile openactive-openbooking openactive-ordersfeed oauth-dymamic-client-update openactive-identity"
}

Authorization Code Flow - 1 Request

POST http://localhost:3000/browser-automation-for-auth

• accept: "application/json, text/plain, */*"
• content-type: "application/json;charset=utf-8"
• content-length: 415
• host: "localhost:3000"

{
  "headless": true,
  "offlineAccess": true,
  "username": "test1",
  "password": "test1",
  "authorizationUrl": "https://localhost:5003/connect/authorize?client_id=be62fcbf-a9f4-48ed-889b-41ae8887ccd6&scope=openid%20openactive-openbooking%20offline_access%20openactive-identity&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcb&code_challenge=JH589yr6QpPLeiWFc3eCZfIeSWQ5AbmcHCC6C9wroj8&code_challenge_method=S256"
}

Screenshot: Login page

"https://localhost:5003/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dbe62fcbf-a9f4-48ed-889b-41ae8887ccd6%26scope%3Dopenid%2520openactive-openbooking%2520offline_access%2520openactive-identity%26response_type%3Dcode%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A3000%252Fcb%26code_challenge%3DJH589yr6QpPLeiWFc3eCZfIeSWQ5AbmcHCC6C9wroj8%26code_challenge_method%3DS256"

Screenshot: Authorization page

"https://localhost:5003/consent?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dbe62fcbf-a9f4-48ed-889b-41ae8887ccd6%26scope%3Dopenid%2520openactive-openbooking%2520offline_access%2520openactive-identity%26response_type%3Dcode%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A3000%252Fcb%26code_challenge%3DJH589yr6QpPLeiWFc3eCZfIeSWQ5AbmcHCC6C9wroj8%26code_challenge_method%3DS256"

Callback URL

"/cb?code=47FE7AF3F92A6CDC5A1BCD9D7AAE798F59FD4B4F6C885BEAA88EE5DCBA6E7B37&scope=openid%20openactive-openbooking%20offline_access%20openactive-identity&session_state=xCrVSTGLN5qwsbi3o1fh57q5Uaweyn5qCR7JEDgzJLk.546D6124996AE9E8B7F878F37B3D2F98"

Authorization Code Flow - 2 Request

POST https://localhost:5003/connect/token

• authorization: "Basic YmU2MmZjYmYtYTlmNC00OGVkLTg4OWItNDFhZTg4ODdjY2Q2OjU4ZWdLV0ppQkRaSURlTG1ENzVMRzdrTWVPVjlycDU3bGdtS2xJbFFkQmQ="
• accept: "application/json"
• content-type: "application/x-www-form-urlencoded"
• content-length: "205"
• accept-encoding: "gzip, deflate, br"
• host: "localhost:5003"

"grant_type=authorization_code&code=47FE7AF3F92A6CDC5A1BCD9D7AAE798F59FD4B4F6C885BEAA88EE5DCBA6E7B37&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcb&code_verifier=N4T6a2v9GHq1rBvAe4jsmYLlGQdJZeJaSOv2_53y8EU"

Response status code: 200.

{
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkIwNEY3QjkxREUzQjk0NzhDNjE4MzNGQjI0QUE1Q0RCIiwidHlwIjoiSldUIn0.eyJuYmYiOjE3NDQ4OTI5NDQsImV4cCI6MTc0NDg5MzI0NCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMyIsImF1ZCI6ImJlNjJmY2JmLWE5ZjQtNDhlZC04ODliLTQxYWU4ODg3Y2NkNiIsImlhdCI6MTc0NDg5Mjk0NCwiYXRfaGFzaCI6Ino0eUFQcHNLU1hnRE0zVkYwTVJrUFEiLCJzaWQiOiIxRDk2NTMwMjg0NDZBRUY1OTM5ODY3QjZGQzQzMDY1NyIsInN1YiI6IjEwMCIsImF1dGhfdGltZSI6MTc0NDg5Mjk0NCwiaWRwIjoibG9jYWwiLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVyTmFtZSI6IkFjbWUgRml0bmVzcyBMdGQiLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVySWQiOiJodHRwczovL2xvY2FsaG9zdDo1MDAxL2FwaS9pZGVudGlmaWVycy9zZWxsZXJzLzEiLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVyVXJsIjoiaHR0cHM6Ly93d3cuZXhhbXBsZS5jb20iLCJodHRwczovL29wZW5hY3RpdmUuaW8vc2VsbGVyTG9nbyI6Imh0dHBzOi8vcGxhY2VraXR0ZW4uY29tLzY0MC8zNjAiLCJhbXIiOlsicHdkIl19.AkBFFK7CaZDM1jk3zGxDTg3dXBcCDRr9weYdfrS-uKzv2x8wp8nO9G5UE9EONVKokwq1j5UVRXoqE1BOVM_40GZm7LdVCTFvE8NiFpGnrJJ6iNJ4ToIDni5LWLw-zaCR-G-jUO0GRUQAG_QkKiawFpJpEeah-hCppvwtKeTbSgUg2viYi48IQ9ERpyoc9JI0GkLesDB8ccyapMbuYG153xROuYP5MJvae0pDLDg30VSdWLyHru4RUQeju2TDn3EOruAdmvTePjJ-GsvPI_vPhd_2iviudf-_Okmk-h3rH47OCeuO_PiLc4P_4NfJ5Peg8pIn-e-R3HvhMgNwouP67A",
  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkIwNEY3QjkxREUzQjk0NzhDNjE4MzNGQjI0QUE1Q0RCIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE3NDQ4OTI5NDQsImV4cCI6MTc0NDg5NjU0NCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMyIsImF1ZCI6Im9wZW5ib29raW5nIiwiY2xpZW50X2lkIjoiYmU2MmZjYmYtYTlmNC00OGVkLTg4OWItNDFhZTg4ODdjY2Q2IiwiaHR0cHM6Ly9vcGVuYWN0aXZlLmlvL2NsaWVudElkIjoiYmU2MmZjYmYtYTlmNC00OGVkLTg4OWItNDFhZTg4ODdjY2Q2Iiwic3ViIjoiMTAwIiwiYXV0aF90aW1lIjoxNzQ0ODkyOTQ0LCJpZHAiOiJsb2NhbCIsImh0dHBzOi8vb3BlbmFjdGl2ZS5pby9zZWxsZXJJZCI6Imh0dHBzOi8vbG9jYWxob3N0OjUwMDEvYXBpL2lkZW50aWZpZXJzL3NlbGxlcnMvMSIsImp0aSI6IjA0RUVBNzAyNEVGOThGNkEyRUJDOThEQzExNjdGRjZBIiwic2lkIjoiMUQ5NjUzMDI4NDQ2QUVGNTkzOTg2N0I2RkM0MzA2NTciLCJpYXQiOjE3NDQ4OTI5NDQsInNjb3BlIjpbIm9wZW5pZCIsIm9wZW5hY3RpdmUtb3BlbmJvb2tpbmciLCJvcGVuYWN0aXZlLWlkZW50aXR5Iiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbInB3ZCJdfQ.TmGaodEcf5surbxnuTYAhfo9ZmxbREefrMA5JOisZq7y4QFF0Rmyh2TqCnnrN_CAGobsZpMkC6fiJ9_vIY877g-9k5v2VZv9XBI3ejDdOfzhuUxjFyXzJMKk5dEX5Mh5RNU6doHfAOagGQBIxHE-ra1MjLXs4km1Mf7j3-Q3er5gBQbbkxO2j5Hy74kA9uyas2sfFdTYaGGKPjGSmAGQDgtJT8vfK1Wt3kI9LetYY4iG7kvbwxJ2IgAQRgtkmxQGHYsXj43IBdB3m3msFGKkaM33vR0KfJzJ43_j9p-4xIHwF68F-cO5uers7ROtGsj8lgU8sWcw1xxCcSObFQ04bg",
  "expires_in": 3600,
  "token_type": "Bearer",
  "refresh_token": "50F42F12577875D4B20847D2BCC4BFDF180668580FD9F92A5A4EEB825222D457",
  "scope": "openid openactive-openbooking offline_access openactive-identity"
}

Authorization Code Flow - 3 Request

GET https://localhost:5003/.well-known/openid-configuration/jwks

• accept: "application/json"
• accept-encoding: "gzip, deflate, br"
• host: "localhost:5003"

Response status code: 200.

{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "kid": "B04F7B91DE3B9478C61833FB24AA5CDB",
      "e": "AQAB",
      "n": "yZO68vCGrvfBQ5R1z0DVCRAADOWeF3aLlhOaz1Je1SnmohmmlO-1F1hkRM_4MJtR5aECMxMz-MUW1nBCPmUrH0h_rrdCdDdlk8vTHki0ixK-gO73W2ZscOCZ6L2fZ2Oqz0_I840cnSCv55zpiOk9oGJL9TEsLAWYAIyQheaqZO3BkqImuBFmaLVTckvaZeONjHDQa01rxEjRQByir6oYSZPJy54XuRQJaPuCVNeOW8r0R9rKUQf9nl7tnVvhCsU3q1-UPrs8ZW_kaYXuYQJJMk392jX6XNm6czehIYM-O8Z5eGFdR3WW7IAWYEmqTCxrCRuuKU-EEcKOwksx8gBPgQ",
      "alg": "RS256"
    }
  ]
}

Authorization Code Flow - Claims Result

id_token claims:

{
  "nbf": 1744892944,
  "exp": 1744893244,
  "iss": "https://localhost:5003",
  "aud": "be62fcbf-a9f4-48ed-889b-41ae8887ccd6",
  "iat": 1744892944,
  "at_hash": "z4yAPpsKSXgDM3VF0MRkPQ",
  "sid": "1D9653028446AEF5939867B6FC430657",
  "sub": "100",
  "auth_time": 1744892944,
  "idp": "local",
  "https://openactive.io/sellerName": "Acme Fitness Ltd",
  "https://openactive.io/sellerId": "https://localhost:5001/api/identifiers/sellers/1",
  "https://openactive.io/sellerUrl": "https://www.example.com",
  "https://openactive.io/sellerLogo": "https://placekitten.com/640/360",
  "amr": [
    "pwd"
  ]
}

Refresh Token Request

POST https://localhost:5003/connect/token

• authorization: "Basic YmU2MmZjYmYtYTlmNC00OGVkLTg4OWItNDFhZTg4ODdjY2Q2OjU4ZWdLV0ppQkRaSURlTG1ENzVMRzdrTWVPVjlycDU3bGdtS2xJbFFkQmQ="
• accept: "application/json"
• content-type: "application/x-www-form-urlencoded"
• content-length: "103"
• accept-encoding: "gzip, deflate, br"
• host: "localhost:5003"

"grant_type=refresh_token&refresh_token=50F42F12577875D4B20847D2BCC4BFDF180668580FD9F92A5A4EEB825222D457"

Response status code: 200.

{
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkIwNEY3QjkxREUzQjk0NzhDNjE4MzNGQjI0QUE1Q0RCIiwidHlwIjoiSldUIn0.eyJuYmYiOjE3NDQ4OTI5NDQsImV4cCI6MTc0NDg5MzI0NCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMyIsImF1ZCI6ImJlNjJmY2JmLWE5ZjQtNDhlZC04ODliLTQxYWU4ODg3Y2NkNiIsImlhdCI6MTc0NDg5Mjk0NCwiYXRfaGFzaCI6ImFHai05cXJLd1ZFVWdVcFJKaTVnVGciLCJzdWIiOiIxMDAiLCJhdXRoX3RpbWUiOjE3NDQ4OTI5NDQsImlkcCI6ImxvY2FsIiwiaHR0cHM6Ly9vcGVuYWN0aXZlLmlvL3NlbGxlck5hbWUiOiJBY21lIEZpdG5lc3MgTHRkIiwiaHR0cHM6Ly9vcGVuYWN0aXZlLmlvL3NlbGxlcklkIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMS9hcGkvaWRlbnRpZmllcnMvc2VsbGVycy8xIiwiaHR0cHM6Ly9vcGVuYWN0aXZlLmlvL3NlbGxlclVybCI6Imh0dHBzOi8vd3d3LmV4YW1wbGUuY29tIiwiaHR0cHM6Ly9vcGVuYWN0aXZlLmlvL3NlbGxlckxvZ28iOiJodHRwczovL3BsYWNla2l0dGVuLmNvbS82NDAvMzYwIiwiYW1yIjpbInB3ZCJdfQ.YeD49uLxPsjf2MecXlPtmxUlC65zk-U4FYERpSLV12ZMIUx5xwhsvUc75o1mbAT3M1tfVTTJdRDM4IzUOX0OaQv2kBjDhiz1c2YpwqFnyyhc0XNhWjIjkUiTA8giSH20bdlPWY-sY-29dUugqYot3sTtFEj_Uu8f4A5_vT4LV4RLXQLijO5R7agD8HR59jNzHOL5aw59au4NNWyk5sycxO-bQiMUxH4fMN-RUIpWo8HrLHL5tzO3HQpWtqtByeu4U603nfLKl-W1wNh9oPOmFzlkQepUmkzG-RJy-LP7NnMXUfeCkp5fqQ_TlU4N43DSSG013moeUOwSiSPxCVJazw",
  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkIwNEY3QjkxREUzQjk0NzhDNjE4MzNGQjI0QUE1Q0RCIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE3NDQ4OTI5NDQsImV4cCI6MTc0NDg5NjU0NCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMyIsImF1ZCI6Im9wZW5ib29raW5nIiwiY2xpZW50X2lkIjoiYmU2MmZjYmYtYTlmNC00OGVkLTg4OWItNDFhZTg4ODdjY2Q2IiwiaHR0cHM6Ly9vcGVuYWN0aXZlLmlvL2NsaWVudElkIjoiYmU2MmZjYmYtYTlmNC00OGVkLTg4OWItNDFhZTg4ODdjY2Q2Iiwic3ViIjoiMTAwIiwiYXV0aF90aW1lIjoxNzQ0ODkyOTQ0LCJpZHAiOiJsb2NhbCIsImh0dHBzOi8vb3BlbmFjdGl2ZS5pby9zZWxsZXJJZCI6Imh0dHBzOi8vbG9jYWxob3N0OjUwMDEvYXBpL2lkZW50aWZpZXJzL3NlbGxlcnMvMSIsImp0aSI6IjAyMEQwRkY5ODZFMEY1QTUxQzlBQkRGMzhENTA5OTZBIiwiaWF0IjoxNzQ0ODkyOTQ0LCJzY29wZSI6WyJvcGVuaWQiLCJvcGVuYWN0aXZlLW9wZW5ib29raW5nIiwib3BlbmFjdGl2ZS1pZGVudGl0eSIsIm9mZmxpbmVfYWNjZXNzIl0sImFtciI6WyJwd2QiXX0.wFtNhLKiX3roH3_0YrxpzcE1PFcXUrtv6O5ZNE1enuSE4JgucaqWA2S6yEs4ax2e7UcASAFf56SmqMLPtzINTiAWCBcYvPkp3jsu4M5nEHJjYQAOpuLvaozrdVgvdxe9JdFrx-zzzufPc6VrHfBEa37VZi-g30dlPorhrihANVk5SKrHqASQUlKsrFT4z3L0kZ0FFK_s9IB7wvliDgA5J5w98H2IQgFibanDIAm3piCOgtL16ZrTJPLW0-13V4X8edo3VjG7pxgWRT356V2zegVSVvPge82iEFCNja76fdXdEqKuHDwm4nMoBSA14vlheVW44SgUpa1uY5ouEIrNUA",
  "expires_in": 3600,
  "token_type": "Bearer",
  "refresh_token": "366514637F91F3CBCBC0D994C8D4A967B66BF225E2C6586D2CFEBE3286686903",
  "scope": "openid openactive-openbooking openactive-identity offline_access"
}

Specs

• ✅ should complete Discovery successfully
• ✅ should complete Dynamic Client Registration successfully
• ✅ should complete Authorization Code Flow successfully
• ✅ should include expected https://openactive.io/sellerId claim in id_token
• ✅ should return claims within id_token as defined in specification
• ✅ should require a consent prompt for Authorization Code Flow
• ✅ should complete token refresh successfully