OC4:FeatureTest-Can Make Access Token Request with client secret post Authentication
From OSIS Open Source Identity Systems
| list help copy as XML edit |
| Feature Test | Can Make Access Token Request with client_secret_post Authentication |
| Test Type | normal |
| Identifier | FTR-rp-tok-cspost |
| Description | Send Access Token Request with client_secret_post Authentication |
| Role tested | RP |
| Known Successful Reference Solution(s) | |
| Success Criteria | Works |
| Failure Criteria | Fails |
Features Proven
| No matching Feature found. |
| Feature | feature_type | solution_role |
|---|
Instructions
- Open the result page for your solution and this test.
- Use the OP http://www.kodtest.se:8088/ . This OP supports provider info discovery and client registration. In order to do this type of authentication you need a client_secret the only way you can get it with this setup is to do a client registration. Once you have done that will have to authenticate before doing the access token request. So an authorization request with response_type="code" is necessary. The username/password use for the login is diana/krall. The response to the access token request should be a JSON structure containing among other things an access_token.
- Set outcome in the results page:
- If the success criteria was met, set the outcome to "Works".
- If the test failed, set the outcome to "Failed" and enter information about the failure in the Notes section.
- If other issues occurred set the result to "Issues" and describe them in the Notes section.
- Add either four tilde ~~~~ signs or a text name into the "Tested by" parameter.
- Update the Date Tested, Browser, and Operating System lines of the results page.
