Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PAR #33

Merged
merged 3 commits into from
Dec 14, 2022
Merged

PAR #33

merged 3 commits into from
Dec 14, 2022

Conversation

mbilski
Copy link
Contributor

@mbilski mbilski commented Dec 14, 2022

#9

 ➜ go run . https://oauth2c.us.authz.cloudentity.io/oauth2c/demo \
  --client-id cauktionbud6q8ftlqq0 \
  --client-secret HCwQ5uuUWBRHd04ivjX5Kl0Rz8zxMOekeLtqzki0GPc \
  --response-types code \
  --response-mode query \
  --grant-type authorization_code \
  --auth-method client_secret_basic \
  --scopes openid,email,offline_access \
  --par

┌───────────────────────────────────────────────────────────────────────┐
| Issuer URL     | https://oauth2c.us.authz.cloudentity.io/oauth2c/demo |
| Grant type     | authorization_code                                   |
| Auth method    | client_secret_basic                                  |
| Scopes         | openid, email, offline_access                        |
| Response types | code                                                 |
| Response mode  | query                                                |
| PKCE           | false                                                |
| Client ID      | cauktionbud6q8ftlqq0                                 |
| Client secret  | HCwQ5uuUWBRHd04ivjX5Kl0Rz8zxMOekeLtqzki0GPc          |
└───────────────────────────────────────────────────────────────────────┘


                             Authorization Code Flow


# Request PAR

POST https://oauth2c.us.authz.cloudentity.io/oauth2c/demo/par
Headers:
  Content-Type: application/x-www-form-urlencoded
  Authorization: Basic Y2F1a3Rpb25idWQ2cThmdGxxcTA6SEN3UTV1dVVXQlJIZDA0aXZqWDVLbDBSejh6eE1PZWtlTHRxemtpMEdQYw==
Form post:
  response_type: code
  response_mode: query
  scope: openid email offline_access
  client_id: cauktionbud6q8ftlqq0
  redirect_uri: http://localhost:9876/callback
  state: XPN2LKkTbhS36vYeEeEVoS
  nonce: JejA223Ez8hYnpMYswpQLe
Response:
{
  "request_uri": "urn:ietf:params:oauth:request_uri:2IuWflAnGGtoQ9fVkjoit6lrUfL",
  "expires_in": 60
}

# Request authorization

GET https://oauth2c.us.authz.cloudentity.io/oauth2c/demo/oauth2/authorize
Query params:
  client_id: cauktionbud6q8ftlqq0
  request_uri: urn:ietf:params:oauth:request_uri:2IuWflAnGGtoQ9fVkjoit6lrUfL

Open the following URL:

https://oauth2c.us.authz.cloudentity.io/oauth2c/demo/oauth2/authorize?client_id=cauktionbud6q8ftlqq0&request_uri=urn%3Aietf%3Aparams%3Aoauth%3Arequest_uri%3A2IuWflAnGGtoQ9fVkjoit6lrUfL

Opening in existing browser session.

 ▀ Waiting for callback. Go to the browser to authenticate... (0s)libva error: /run/opengl-driver/lib/dri/nvidia_drv_video.so init failed
GET /callback
Query params:
  code: FIfhe9aRkZTYm3DEZPei2cy6BKfU3_BZLweWrA0sbMY.5q8fduW394LaVpJi_MqaYZ_lnJ61CNe6CQVnTykwi1Q
  scope: openid email offline_access
  state: XPN2LKkTbhS36vYeEeEVoS

 SUCCESS  Obtained authorization code

# Exchange authorization code for token

┌─ Client Secret Basic ──────────────────────────────────────┐
| Authorization = Basic BASE64-ENCODE(ClientID:ClientSecret) |
└────────────────────────────────────────────────────────────┘

POST https://oauth2c.us.authz.cloudentity.io/oauth2c/demo/oauth2/token
Headers:
  Authorization: Basic Y2F1a3Rpb25idWQ2cThmdGxxcTA6SEN3UTV1dVVXQlJIZDA0aXZqWDVLbDBSejh6eE1PZWtlTHRxemtpMEdQYw==
  Content-Type: application/x-www-form-urlencoded
Form post:
  code: FIfhe9aRkZTYm3DEZPei2cy6BKfU3_BZLweWrA0sbMY.5q8fduW394LaVpJi_MqaYZ_lnJ61CNe6CQVnTykwi1Q
  grant_type: authorization_code
  redirect_uri: http://localhost:9876/callback
Response:
{
  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjE4NzcyMjIzMzEzNjQwMTY2MDc5ODUxMjAwNDQwNTgwMzg2NDk3NiIsInR5cCI6IkpXVCJ9.eyJhY3IiOiIxIiwiYWlkIjoiZGVtbyIsImFtciI6WyJwd2QiXSwiYXVkIjpbImNhdWt0aW9uYnVkNnE4ZnRscXEwIiwic3BpZmZlOi8vb2F1dGgyYy51cy5hdXRoei5jbG91ZGVudGl0eS5pby9vYXV0aDJjL2RlbW8vZGVtby1wcm9maWxlIl0sImVtYWlsIjoiamRvZUBleGFtcGxlLmNvbSIsImV4cCI6MTY3MTAzNTY1NywiaWF0IjoxNjcxMDMyMDU2LCJpZHAiOiJzYW5kYm94IiwiaXNzIjoiaHR0cHM6Ly9vYXV0aDJjLnVzLmF1dGh6LmNsb3VkZW50aXR5LmlvL29hdXRoMmMvZGVtbyIsImp0aSI6IjBiZjQwMGZhLTQ4M2MtNDRjMC05M2NmLWE0Y2ZkNmFhYjQ1MyIsIm5iZiI6MTY3MTAzMjA1Niwic2NwIjpbIm9wZW5pZCIsImVtYWlsIiwib2ZmbGluZV9hY2Nlc3MiXSwic3QiOiJwdWJsaWMiLCJzdWIiOiIxMWYxZWIzNmUyNDk2NjQ0OTMwMmNjZGVjYjM5NTBiMmQxMzIwNmYwYmQ0NmFhZWE3MDNmYmM4NjY2OWRkMDczIiwidGlkIjoib2F1dGgyYyJ9.Fss-LA-zgsxPWi4ZD6JrtD6vnE49dtbr70k8xhXYYzBmU6p8xzd2XpKYr6FWIDB8wytw7KrKgg1iPj2H4MT7kXv0MwGDuPTHihV2yUNk7hkgM1vdqd7lgJGmhUKaTJAOlpbDXNSmVOhsINt9BIc2yZARpQVis-sEiUiUR0wbZsvCv6RTGH9OryaaW1JhuiRC6N1xlIJILz2TxtxXjSSP8dZNc25Rh_EtjRi1iUzdRFBjt5bwbJ_ZUH70VfxQCFN6f4SP5QC-bu5agBg5nXL66-SVK-nQqY1lHOQd_aN-UiHxyDFlRBa1rBX5rFzcG1XNWSc-515QRNtK47WoA9BdTw",
  "expires_in": 3600,
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjE4NzcyMjIzMzEzNjQwMTY2MDc5ODUxMjAwNDQwNTgwMzg2NDk3NiIsInR5cCI6IkpXVCJ9.eyJhY3IiOiIxIiwiYW1yIjpbInB3ZCJdLCJhdF9oYXNoIjoiTFhMQ1QwWklTS2NFTEd3WGxzUVdndyIsImF1ZCI6ImNhdWt0aW9uYnVkNnE4ZnRscXEwIiwiYXV0aF90aW1lIjoxNjcwNzk5NTUwLCJleHAiOjE2NzEwMzU2NTYsImlhdCI6MTY3MTAzMjA1NiwiaWRwIjoic2FuZGJveCIsImlkcG0iOiJzdGF0aWMiLCJpc3MiOiJodHRwczovL29hdXRoMmMudXMuYXV0aHouY2xvdWRlbnRpdHkuaW8vb2F1dGgyYy9kZW1vIiwianRpIjoiNzIyMTdkMjAtZjUyNS00ZWM2LTlmMjYtNGM3Nzg0MzUxYjUyIiwibm9uY2UiOiJKZWpBMjIzRXo4aFlucE1Zc3dwUUxlIiwicmF0IjoxNjcxMDMyMDU2LCJyZWZyZXNoX3Rva2VuX2V4cGlyZXNfYXQiOjE2NzM2MjQwNTcsInN1YiI6IjExZjFlYjM2ZTI0OTY2NDQ5MzAyY2NkZWNiMzk1MGIyZDEzMjA2ZjBiZDQ2YWFlYTcwM2ZiYzg2NjY5ZGQwNzMifQ.A1L698W3A1E-VsksQpTjHYR1cCEcHhxdPcq9J3DiasCEZJ78PPdhfqV7-fmVSBU27IJpiw5MrBRMsAAsgmMAwQiJKk1xj1vVXuYYwB_dR9Vtpl_BXbczJdo_VABBrmcEvcXPQ-fa7TIyDih4L_oGgCPkr-LRl6zq-5NZUHcZPh45zl0CXzzh9HnFwR_Scc8HMUOxBUhVWEx2l-AGO9WMCzpceDBhjavlYCPuxKBqh5fidp-onzsSOFWQ_8QqXj3JKHwDL66Jzx7Az_OIiaxYrSDjnqsd5iHyJfF0ZbAf5QEoZw_SIPRqvYUsRdbHP73pFLYhzJcYI_h5Wp3MxDKMhg",
  "refresh_token": "NHp2PfUPGjQolLtcJQ_ibAQpg6GMoetN3YVzEYHtkf8.IvEluQyycsnJg15_B3aad0j0FSp09ix1vVLxv1jrZ0Y",
  "scope": "openid email offline_access",
  "token_type": "bearer"
}
Access token:
{
  "acr": "1",
  "aid": "demo",
  "amr": ["pwd"],
  "aud": [
    "cauktionbud6q8ftlqq0",
    "spiffe://oauth2c.us.authz.cloudentity.io/oauth2c/demo/demo-profile"
  ],
  "email": "jdoe@example.com",
  "exp": 1671035657,
  "iat": 1671032056,
  "idp": "sandbox",
  "iss": "https://oauth2c.us.authz.cloudentity.io/oauth2c/demo",
  "jti": "0bf400fa-483c-44c0-93cf-a4cfd6aab453",
  "nbf": 1671032056,
  "scp": ["openid", "email", "offline_access"],
  "st": "public",
  "sub": "11f1eb36e24966449302ccdecb3950b2d13206f0bd46aaea703fbc86669dd073",
  "tid": "oauth2c"
}
ID token:
{
  "acr": "1",
  "amr": ["pwd"],
  "at_hash": "LXLCT0ZISKcELGwXlsQWgw",
  "aud": "cauktionbud6q8ftlqq0",
  "auth_time": 1670799550,
  "exp": 1671035656,
  "iat": 1671032056,
  "idp": "sandbox",
  "idpm": "static",
  "iss": "https://oauth2c.us.authz.cloudentity.io/oauth2c/demo",
  "jti": "72217d20-f525-4ec6-9f26-4c7784351b52",
  "nonce": "JejA223Ez8hYnpMYswpQLe",
  "rat": 1671032056,
  "refresh_token_expires_at": 1673624057,
  "sub": "11f1eb36e24966449302ccdecb3950b2d13206f0bd46aaea703fbc86669dd073"
}

 SUCCESS  Exchanged authorization code for access token

@mbilski mbilski merged commit f58a84f into master Dec 14, 2022
@mbilski mbilski deleted the feature/par branch December 14, 2022 16:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ikawalec ikawalec ikawalec approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mbilski @ikawalec