< Return to Summary | File Generated: Wed Feb 28 2024 15:29:24 GMT+0000 (Coordinated Universal Time)

dynamic-client-registration >> client-credentials-flow

Booking Flow:

Opportunity Type:

Feature: Authentication / Dynamic Client Registration for Multiple Seller Systems (Implemented)

Test: Client Credentials Flow

Client Credentials Flow allows Booking Partners to access the Orders Feed

Running only this test

npm start -- --runInBand test/features/authentication/dynamic-client-registration/implemented/client-credentials-flow-test.js

Is this test failing?

The OpenActive Reference Implementation test result for this test can be used as a reference to help with debugging.


✅ 3 passed with 0 failures, 0 warnings and 0 suggestions


✅ Open ID Connect Authentication

Credentials

The test suite is using Dynamic Client Registration to retrieve credentials as part of this test, using the following configuration within bookingPartnersForSpecificTests.dynamicSecondary.authentication:

Hence the client_id and client_secret can be found within the Dynamic Client Registration response below.

Discovery Request

GET https://localhost:5003/.well-known/openid-configuration


Response status code: 200.

{
  "issuer": "https://localhost:5003",
  "jwks_uri": "https://localhost:5003/.well-known/openid-configuration/jwks",
  "authorization_endpoint": "https://localhost:5003/connect/authorize",
  "token_endpoint": "https://localhost:5003/connect/token",
  "userinfo_endpoint": "https://localhost:5003/connect/userinfo",
  "end_session_endpoint": "https://localhost:5003/connect/endsession",
  "check_session_iframe": "https://localhost:5003/connect/checksession",
  "revocation_endpoint": "https://localhost:5003/connect/revocation",
  "introspection_endpoint": "https://localhost:5003/connect/introspect",
  "device_authorization_endpoint": "https://localhost:5003/connect/deviceauthorization",
  "frontchannel_logout_supported": true,
  "frontchannel_logout_session_supported": true,
  "backchannel_logout_supported": true,
  "backchannel_logout_session_supported": true,
  "scopes_supported": [
    "openid",
    "openactive-identity",
    "openactive-openbooking",
    "openactive-ordersfeed",
    "offline_access"
  ],
  "claims_supported": [
    "sub",
    "https://openactive.io/sellerId",
    "https://openactive.io/sellerName",
    "https://openactive.io/sellerUrl",
    "https://openactive.io/sellerLogo",
    "https://openactive.io/bookingServiceName",
    "https://openactive.io/bookingServiceUrl",
    "name",
    "https://openactive.io/clientId"
  ],
  "grant_types_supported": [
    "authorization_code",
    "client_credentials",
    "refresh_token",
    "implicit",
    "urn:ietf:params:oauth:grant-type:device_code"
  ],
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "id_token token",
    "code id_token",
    "code token",
    "code id_token token"
  ],
  "response_modes_supported": [
    "form_post",
    "query",
    "fragment"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ],
  "request_parameter_supported": true,
  "registration_endpoint": "https://localhost:5003/connect/register"
}

Dynamic Client Registration Request

POST https://localhost:5003/connect/register

{
  "redirect_uris": [
    "http://localhost:3000/cb"
  ],
  "grant_types": [
    "authorization_code",
    "refresh_token",
    "client_credentials"
  ],
  "client_name": "OpenActive Test Suite Client",
  "client_uri": "https://github.com/openactive/openactive-test-suite",
  "logo_uri": "https://via.placeholder.com/512x256.png?text=Logo",
  "scope": "openid profile openactive-openbooking openactive-ordersfeed oauth-dymamic-client-update openactive-identity"
}

Response status code: 201.

{
  "client_id": "f9a9ddf4-b49b-46e6-8bf3-225192cf1669",
  "client_secret": "c5NMxTgaBtFXmRgv5QLVCtQRGJjsSlCJRJPko7QfV4z",
  "client_name": "OpenActive Test Suite Client",
  "client_uri": "https://github.com/openactive/openactive-test-suite",
  "initiate_login_uri": null,
  "logo_uri": "https://via.placeholder.com/512x256.png?text=Logo",
  "grant_types": [
    "authorization_code",
    "refresh_token",
    "client_credentials"
  ],
  "redirect_uris": [
    "http://localhost:3000/cb"
  ],
  "scope": "openid profile openactive-openbooking openactive-ordersfeed oauth-dymamic-client-update openactive-identity"
}

Client Credentials Flow Request

POST https://localhost:5003/connect/token

"grant_type=client_credentials&scope=openactive-ordersfeed"

Response status code: 200.

{
  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkIwNEY3QjkxREUzQjk0NzhDNjE4MzNGQjI0QUE1Q0RCIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE3MDkxMzQxNjUsImV4cCI6MTcwOTEzNzc2NSwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMyIsImF1ZCI6Im9wZW5ib29raW5nIiwiY2xpZW50X2lkIjoiZjlhOWRkZjQtYjQ5Yi00NmU2LThiZjMtMjI1MTkyY2YxNjY5IiwiaHR0cHM6Ly9vcGVuYWN0aXZlLmlvL2NsaWVudElkIjoiZjlhOWRkZjQtYjQ5Yi00NmU2LThiZjMtMjI1MTkyY2YxNjY5IiwianRpIjoiODlGM0ExNkE3MjFGQUVCRUU5N0I3OUU3QUFCNjg0OEUiLCJpYXQiOjE3MDkxMzQxNjUsInNjb3BlIjpbIm9wZW5hY3RpdmUtb3JkZXJzZmVlZCJdfQ.pyqZFH-5EZpESWnX0bOa1Ll8LwgYkS9w5qLkTuoTYS7obUZM8i0oAtk-Ha7zHeAimr_hDSMnqn_klcnotAONt8mzEo4_74tTzKDTRq6j41q7EB9LB_xmkkqMoB4mwHOtBPudtSAwASApOkd7T-5z5soKBn8tnM5KLUv1Upzn_tIvVkzTKyEDdMe0DkX76jFtP5Hyh_B8JpSSJjUsEuPyvZqHKm26L6w8aJmPMgpeJcdG9sSE3gjPWMFuC9Y-NRW9sA-A2QYwiYw-_2lPMGo9QiB4WTf4FPSZ3devh1XOdcgQCG-TxYrLpjwNGfW7qN4NliYMg59vgWZ5PnXvtmyaZg",
  "expires_in": 3600,
  "token_type": "Bearer",
  "scope": "openactive-ordersfeed"
}

Specs