From e08177d9c204439ae451544d7ff8aeaa74c37375 Mon Sep 17 00:00:00 2001 From: Steven Bal Date: Mon, 17 Nov 2025 11:49:24 +0100 Subject: [PATCH 1/5] :arrow_up: [maykinmedia/open-api-framework#176] Upgrade mozilla-django-oidc-db to 1.0.2 and django-setup-configuration to 0.11.0 --- requirements/base.txt | 5 ++--- requirements/ci.txt | 5 ++--- requirements/dev.txt | 5 ++--- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 1778b635..7f5b5853 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -160,7 +160,7 @@ django-sendfile2==0.7.0 # via django-privates django-sessionprofile==3.0.0 # via open-api-framework -django-setup-configuration==0.9.0 +django-setup-configuration==0.11.0 # via # -r requirements/base.in # mozilla-django-oidc-db @@ -173,7 +173,6 @@ django-solo==2.2.0 # via # commonground-api-common # django-log-outgoing-requests - # mozilla-django-oidc-db # notifications-api-common # zgw-consumers django-structlog==9.1.1 @@ -252,7 +251,7 @@ maykin-common==0.11.0 # via -r requirements/base.in mozilla-django-oidc==4.0.0 # via mozilla-django-oidc-db -mozilla-django-oidc-db==0.22.0 +mozilla-django-oidc-db==1.1.0 # via # -r requirements/base.in # open-api-framework diff --git a/requirements/ci.txt b/requirements/ci.txt index 32e2037d..4866e13e 100644 --- a/requirements/ci.txt +++ b/requirements/ci.txt @@ -275,7 +275,7 @@ django-sessionprofile==3.0.0 # -c requirements/base.txt # -r requirements/base.txt # open-api-framework -django-setup-configuration==0.9.0 +django-setup-configuration==0.11.0 # via # -c requirements/base.txt # -r requirements/base.txt @@ -291,7 +291,6 @@ django-solo==2.2.0 # -r requirements/base.txt # commonground-api-common # django-log-outgoing-requests - # mozilla-django-oidc-db # notifications-api-common # zgw-consumers django-structlog==9.1.1 @@ -460,7 +459,7 @@ mozilla-django-oidc==4.0.0 # -c requirements/base.txt # -r requirements/base.txt # mozilla-django-oidc-db -mozilla-django-oidc-db==0.22.0 +mozilla-django-oidc-db==1.1.0 # via # -c requirements/base.txt # -r requirements/base.txt diff --git a/requirements/dev.txt b/requirements/dev.txt index 77bc9a4c..ab8d3eb8 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -319,7 +319,7 @@ django-sessionprofile==3.0.0 # -c requirements/ci.txt # -r requirements/ci.txt # open-api-framework -django-setup-configuration==0.9.0 +django-setup-configuration==0.11.0 # via # -c requirements/ci.txt # -r requirements/ci.txt @@ -337,7 +337,6 @@ django-solo==2.2.0 # -r requirements/ci.txt # commonground-api-common # django-log-outgoing-requests - # mozilla-django-oidc-db # notifications-api-common # zgw-consumers django-structlog==9.1.1 @@ -550,7 +549,7 @@ mozilla-django-oidc==4.0.0 # -c requirements/ci.txt # -r requirements/ci.txt # mozilla-django-oidc-db -mozilla-django-oidc-db==0.22.0 +mozilla-django-oidc-db==1.1.0 # via # -c requirements/ci.txt # -r requirements/ci.txt From 8ced8be54dd68936242517e7d6f538e24b0819c6 Mon Sep 17 00:00:00 2001 From: Steven Bal Date: Mon, 17 Nov 2025 11:59:46 +0100 Subject: [PATCH 2/5] :alien: [maykinmedia/open-api-framework#176] Adapt to changes for OIDC lib upgrade --- docker/setup_configuration/data.yaml | 50 +++++++-- src/objects/accounts/tests/factories.py | 31 ++++++ ...cate_email_unique_constraint_violated.yaml | 54 +++++----- .../test_happy_flow.yaml | 54 +++++----- .../test_happy_flow_existing_user.yaml | 54 +++++----- src/objects/accounts/tests/test_oidc.py | 102 ++++++++++++------ src/objects/fixtures/default_admin_index.json | 6 +- src/objects/templates/maykin_2fa/login.html | 4 +- src/objects/utils/tests/keycloak.py | 88 --------------- 9 files changed, 230 insertions(+), 213 deletions(-) rename src/objects/accounts/tests/files/vcr_cassettes/{OIDCFLowTests => OIDCFlowTests}/test_duplicate_email_unique_constraint_violated.yaml (76%) rename src/objects/accounts/tests/files/vcr_cassettes/{OIDCFLowTests => OIDCFlowTests}/test_happy_flow.yaml (76%) rename src/objects/accounts/tests/files/vcr_cassettes/{OIDCFLowTests => OIDCFlowTests}/test_happy_flow_existing_user.yaml (76%) diff --git a/docker/setup_configuration/data.yaml b/docker/setup_configuration/data.yaml index 8fb91c49..54614547 100644 --- a/docker/setup_configuration/data.yaml +++ b/docker/setup_configuration/data.yaml @@ -79,14 +79,44 @@ tokenauth: oidc_db_config_enable: true oidc_db_config_admin_auth: + providers: + - identifier: admin-oidc + oidc_use_nonce: true + oidc_nonce_size: 32 + oidc_state_size: 32 + endpoint_config: + oidc_op_authorization_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/auth + oidc_op_jwks_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/certs + oidc_op_token_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: http://localhost:8080/realms/test/protocol/openid-connect/userinfo items: - - identifier: admin-oidc - oidc_rp_client_id: client-id - oidc_rp_client_secret: secret - endpoint_config: - oidc_op_authorization_endpoint: https://example.com/realms/test/protocol/openid-connect/auth - oidc_op_token_endpoint: https://example.com/realms/test/protocol/openid-connect/token - oidc_op_user_endpoint: https://example.com/realms/test/protocol/openid-connect/userinfo - - # workaround for https://github.com/maykinmedia/django-setup-configuration/issues/27 - userinfo_claims_source: id_token \ No newline at end of file + - identifier: admin-oidc + enabled: true + oidc_rp_client_id: testid + oidc_rp_client_secret: 7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I + oidc_rp_scopes_list: + - openid + - email + - profile + oidc_rp_sign_algo: RS256 + oidc_provider_identifier: admin-oidc + userinfo_claims_source: id_token + options: + user_settings: + claim_mappings: + username: + - sub + first_name: + - given_name + email: + - email + username_case_sensitive: true + groups_settings: + claim_mapping: + - groups + sync: true + sync_pattern: '*' + default_groups: [] + make_users_staff: true + superuser_group_names: + - Registreerders \ No newline at end of file diff --git a/src/objects/accounts/tests/factories.py b/src/objects/accounts/tests/factories.py index 843f3953..41263016 100644 --- a/src/objects/accounts/tests/factories.py +++ b/src/objects/accounts/tests/factories.py @@ -2,6 +2,13 @@ import factory from factory.django import DjangoModelFactory +from mozilla_django_oidc_db.constants import OIDC_ADMIN_CONFIG_IDENTIFIER +from mozilla_django_oidc_db.tests.factories import ( + OIDCClientFactory as BaseOIDCClientFactory, + OIDCProviderFactory, +) + +from objects.utils.tests.keycloak import KEYCLOAK_BASE_URL User = get_user_model() @@ -24,3 +31,27 @@ class Params: class StaffUserFactory(UserFactory): is_staff = True + + +class OIDCClientFactory(BaseOIDCClientFactory): + enabled = True + + class Params: # pyright: ignore[reportIncompatibleVariableOverride] + with_keycloak_provider = factory.Trait( + oidc_provider=factory.SubFactory( + OIDCProviderFactory, + identifier="keycloak-provider", + oidc_op_jwks_endpoint=f"{KEYCLOAK_BASE_URL}/certs", + oidc_op_authorization_endpoint=f"{KEYCLOAK_BASE_URL}/auth", + oidc_op_token_endpoint=f"{KEYCLOAK_BASE_URL}/token", + oidc_op_user_endpoint=f"{KEYCLOAK_BASE_URL}/userinfo", + oidc_op_logout_endpoint=f"{KEYCLOAK_BASE_URL}/logout", + ), + oidc_rp_client_id="testid", + oidc_rp_client_secret="7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I", + oidc_rp_sign_algo="RS256", + ) + with_admin = factory.Trait( + identifier=OIDC_ADMIN_CONFIG_IDENTIFIER, + oidc_rp_scopes_list=["email", "profile", "openid"], + ) diff --git a/src/objects/accounts/tests/files/vcr_cassettes/OIDCFLowTests/test_duplicate_email_unique_constraint_violated.yaml b/src/objects/accounts/tests/files/vcr_cassettes/OIDCFlowTests/test_duplicate_email_unique_constraint_violated.yaml similarity index 76% rename from src/objects/accounts/tests/files/vcr_cassettes/OIDCFLowTests/test_duplicate_email_unique_constraint_violated.yaml rename to src/objects/accounts/tests/files/vcr_cassettes/OIDCFlowTests/test_duplicate_email_unique_constraint_violated.yaml index d01040c0..876972ce 100644 --- a/src/objects/accounts/tests/files/vcr_cassettes/OIDCFLowTests/test_duplicate_email_unique_constraint_violated.yaml +++ b/src/objects/accounts/tests/files/vcr_cassettes/OIDCFlowTests/test_duplicate_email_unique_constraint_violated.yaml @@ -11,23 +11,23 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: http://localhost:8080/realms/test/protocol/openid-connect/auth?response_type=code&scope=openid&client_id=testid&redirect_uri=http%3A%2F%2Ftestserver%2Foidc%2Fcallback%2F&state=not-a-random-string&nonce=not-a-random-string + uri: http://localhost:8080/realms/test/protocol/openid-connect/auth?response_type=code&scope=email+profile+openid&client_id=testid&redirect_uri=http%3A%2F%2Ftestserver%2Foidc%2Fcallback%2F&state=not-a-random-string&nonce=not-a-random-string response: body: string: "\n\n\n\n \n \ \n \n\n \n Sign - in to test\n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n
\n \
\n
test
\n
\n
\n @@ -35,7 +35,7 @@ interactions: \ Sign in to your account\n\n\n \n
\n \
\n\n\n
\n \
\n
\n
\n \n\n \n
\n \
\n
\n
\n \n\n\n\n\n\n + type=\"module\" src=\"/resources/rxcbb/login/keycloak/js/passwordVisibility.js\">\n\n\n\n\n\n \
\n
\n\n
\n
\n\n\n" headers: Cache-Control: @@ -75,11 +75,11 @@ interactions: Referrer-Policy: - no-referrer Set-Cookie: - - AUTH_SESSION_ID=f0823219-f3f6-4c24-a406-175f24d8024e; Version=1; Path=/realms/test/; + - AUTH_SESSION_ID=14048ebb-03a6-4960-a072-6b72bebfc855; Version=1; Path=/realms/test/; SameSite=None; Secure; HttpOnly - - AUTH_SESSION_ID_LEGACY=f0823219-f3f6-4c24-a406-175f24d8024e; Version=1; Path=/realms/test/; + - AUTH_SESSION_ID_LEGACY=14048ebb-03a6-4960-a072-6b72bebfc855; Version=1; Path=/realms/test/; HttpOnly - - KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJjaWQiOiJ0ZXN0aWQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoib3BlbmlkIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsInN0YXRlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyJ9fQ.f7ZABGR0O48xm61gDKLOR_LjWH9a59wtTbGXUfm78sI; + - KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJjaWQiOiJ0ZXN0aWQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoiZW1haWwgcHJvZmlsZSBvcGVuaWQiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHA6Ly90ZXN0c2VydmVyL29pZGMvY2FsbGJhY2svIiwic3RhdGUiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIn19.UKtC_lylKI70bO_ILBG4yJFPnhAaED09GAIZb1wfDh4; Version=1; Path=/realms/test/; HttpOnly Strict-Transport-Security: - max-age=31536000; includeSubDomains @@ -110,11 +110,11 @@ interactions: Content-Type: - application/x-www-form-urlencoded Cookie: - - AUTH_SESSION_ID_LEGACY=f0823219-f3f6-4c24-a406-175f24d8024e; KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJjaWQiOiJ0ZXN0aWQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoib3BlbmlkIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsInN0YXRlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyJ9fQ.f7ZABGR0O48xm61gDKLOR_LjWH9a59wtTbGXUfm78sI + - AUTH_SESSION_ID_LEGACY=14048ebb-03a6-4960-a072-6b72bebfc855; KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJjaWQiOiJ0ZXN0aWQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoiZW1haWwgcHJvZmlsZSBvcGVuaWQiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHA6Ly90ZXN0c2VydmVyL29pZGMvY2FsbGJhY2svIiwic3RhdGUiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIn19.UKtC_lylKI70bO_ILBG4yJFPnhAaED09GAIZb1wfDh4 User-Agent: - python-requests/2.32.4 method: POST - uri: http://localhost:8080/realms/test/login-actions/authenticate?session_code=nLIAtFEFpRhWspjtrknGcBMW3NXtdYwIN8l7B-NHsnw&execution=665c596b-1c9d-47c8-975a-c0de120b2622&client_id=testid&tab_id=m1mQPwrbWDw + uri: http://localhost:8080/realms/test/login-actions/authenticate?session_code=uucVop8HfSE-8U2I9U2dpwGqVsAkZa2L8GNMXwC88WE&execution=99712d10-acb2-4a70-8752-46d960e43045&client_id=testid&tab_id=LCMrdAB2FFI response: body: string: '' @@ -124,7 +124,7 @@ interactions: Content-Security-Policy: - frame-src 'self'; frame-ancestors 'self'; object-src 'none'; Location: - - http://testserver/oidc/callback/?state=not-a-random-string&session_state=f0823219-f3f6-4c24-a406-175f24d8024e&iss=http%3A%2F%2Flocalhost%3A8080%2Frealms%2Ftest&code=9c792f59-1600-4f65-bc73-7eaec693365e.f0823219-f3f6-4c24-a406-175f24d8024e.adf4ad83-4550-4619-9231-73bd8d700f45 + - http://testserver/oidc/callback/?state=not-a-random-string&session_state=14048ebb-03a6-4960-a072-6b72bebfc855&iss=http%3A%2F%2Flocalhost%3A8080%2Frealms%2Ftest&code=6e0e1a6f-86ab-46b6-93b9-25090f9c0d73.14048ebb-03a6-4960-a072-6b72bebfc855.adf4ad83-4550-4619-9231-73bd8d700f45 Referrer-Policy: - no-referrer Set-Cookie: @@ -134,15 +134,15 @@ interactions: Path=/realms/test/; HttpOnly - KC_AUTH_STATE=; Version=1; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=/realms/test/ - - KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NTc1NTA3MTQsImlhdCI6MTc1NzUxNDcxNCwianRpIjoiZDAxMzJhYWQtYThjNC00NWJmLWIyMTYtNjFmMGI4MDdjNWM1IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3RhdGUiOiJmMDgyMzIxOS1mM2Y2LTRjMjQtYTQwNi0xNzVmMjRkODAyNGUiLCJzaWQiOiJmMDgyMzIxOS1mM2Y2LTRjMjQtYTQwNi0xNzVmMjRkODAyNGUiLCJzdGF0ZV9jaGVja2VyIjoiWjJadU9hOVJPTEZiTUNCSlNEcU1CY2ZrQ0l1ZUFtc2c4N21QNENhNkloYyJ9.7IS-w4j3lId9lDuKQ6hz-dqQKxkTV9Xp8GJqlMtg4KM; + - KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NjM0MTMxMjksImlhdCI6MTc2MzM3NzEyOSwianRpIjoiNTNhYTc1MzAtYzhlMS00MzZlLWFhZTEtNzcwMjQ5OTE5ZDM4IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3RhdGUiOiIxNDA0OGViYi0wM2E2LTQ5NjAtYTA3Mi02YjcyYmViZmM4NTUiLCJzaWQiOiIxNDA0OGViYi0wM2E2LTQ5NjAtYTA3Mi02YjcyYmViZmM4NTUiLCJzdGF0ZV9jaGVja2VyIjoiQjNyZzE3ZTVIRUlYbndET0MxUzNGUXBldXdTaDV4WndnRDZReDRXZkpQYyJ9._aPHpaallnGeZswJufSxGxKAooBBvUu555G_Mby2iE8; Version=1; Path=/realms/test/; SameSite=None; Secure; HttpOnly - - KEYCLOAK_IDENTITY_LEGACY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NTc1NTA3MTQsImlhdCI6MTc1NzUxNDcxNCwianRpIjoiZDAxMzJhYWQtYThjNC00NWJmLWIyMTYtNjFmMGI4MDdjNWM1IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3RhdGUiOiJmMDgyMzIxOS1mM2Y2LTRjMjQtYTQwNi0xNzVmMjRkODAyNGUiLCJzaWQiOiJmMDgyMzIxOS1mM2Y2LTRjMjQtYTQwNi0xNzVmMjRkODAyNGUiLCJzdGF0ZV9jaGVja2VyIjoiWjJadU9hOVJPTEZiTUNCSlNEcU1CY2ZrQ0l1ZUFtc2c4N21QNENhNkloYyJ9.7IS-w4j3lId9lDuKQ6hz-dqQKxkTV9Xp8GJqlMtg4KM; + - KEYCLOAK_IDENTITY_LEGACY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NjM0MTMxMjksImlhdCI6MTc2MzM3NzEyOSwianRpIjoiNTNhYTc1MzAtYzhlMS00MzZlLWFhZTEtNzcwMjQ5OTE5ZDM4IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3RhdGUiOiIxNDA0OGViYi0wM2E2LTQ5NjAtYTA3Mi02YjcyYmViZmM4NTUiLCJzaWQiOiIxNDA0OGViYi0wM2E2LTQ5NjAtYTA3Mi02YjcyYmViZmM4NTUiLCJzdGF0ZV9jaGVja2VyIjoiQjNyZzE3ZTVIRUlYbndET0MxUzNGUXBldXdTaDV4WndnRDZReDRXZkpQYyJ9._aPHpaallnGeZswJufSxGxKAooBBvUu555G_Mby2iE8; Version=1; Path=/realms/test/; HttpOnly - - KEYCLOAK_SESSION=test/6db2db87-de31-4e30-9f25-cefe5da8b154/f0823219-f3f6-4c24-a406-175f24d8024e; - Version=1; Expires=Thu, 11-Sep-2025 00:31:54 GMT; Max-Age=36000; Path=/realms/test/; + - KEYCLOAK_SESSION=test/6db2db87-de31-4e30-9f25-cefe5da8b154/14048ebb-03a6-4960-a072-6b72bebfc855; + Version=1; Expires=Mon, 17-Nov-2025 20:58:49 GMT; Max-Age=36000; Path=/realms/test/; SameSite=None; Secure - - KEYCLOAK_SESSION_LEGACY=test/6db2db87-de31-4e30-9f25-cefe5da8b154/f0823219-f3f6-4c24-a406-175f24d8024e; - Version=1; Expires=Thu, 11-Sep-2025 00:31:54 GMT; Max-Age=36000; Path=/realms/test/ + - KEYCLOAK_SESSION_LEGACY=test/6db2db87-de31-4e30-9f25-cefe5da8b154/14048ebb-03a6-4960-a072-6b72bebfc855; + Version=1; Expires=Mon, 17-Nov-2025 20:58:49 GMT; Max-Age=36000; Path=/realms/test/ - KEYCLOAK_REMEMBER_ME=; Version=1; Comment=Expiring cookie; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=/realms/test/; HttpOnly Strict-Transport-Security: @@ -161,7 +161,7 @@ interactions: code: 302 message: Found - request: - body: client_id=testid&client_secret=7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I&grant_type=authorization_code&code=9c792f59-1600-4f65-bc73-7eaec693365e.f0823219-f3f6-4c24-a406-175f24d8024e.adf4ad83-4550-4619-9231-73bd8d700f45&redirect_uri=http%3A%2F%2Ftestserver%2Foidc%2Fcallback%2F + body: client_id=testid&client_secret=7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I&grant_type=authorization_code&code=6e0e1a6f-86ab-46b6-93b9-25090f9c0d73.14048ebb-03a6-4960-a072-6b72bebfc855.adf4ad83-4550-4619-9231-73bd8d700f45&redirect_uri=http%3A%2F%2Ftestserver%2Foidc%2Fcallback%2F headers: Accept: - '*/*' @@ -179,7 +179,7 @@ interactions: uri: http://localhost:8080/realms/test/protocol/openid-connect/token response: body: - string: '{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NTc1MTUwMTQsImlhdCI6MTc1NzUxNDcxNCwiYXV0aF90aW1lIjoxNzU3NTE0NzE0LCJqdGkiOiI0ZjBiMzY0NS01MzIxLTRjN2ItOTlkOS0xM2M3ZDIzZGIwNWIiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoidGVzdGlkIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwic2Vzc2lvbl9zdGF0ZSI6ImYwODIzMjE5LWYzZjYtNGMyNC1hNDA2LTE3NWYyNGQ4MDI0ZSIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovLzEyNy4wLjAuMTo4MDAwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSBrdmsgZ3JvdXBzIGJzbiIsInNpZCI6ImYwODIzMjE5LWYzZjYtNGMyNC1hNDA2LTE3NWYyNGQ4MDI0ZSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJncm91cHMiOlsiUmVnaXN0cmVlcmRlcnMiLCJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl0sInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSJ9.MUjaBS-Byx00FrKZwARjNGHCES6UR8LvwyhPmmGaWX2lfZMHx-Tc-kIu6GDEz3nk4cM1kSl-1h4CFSCWwugQi33eVEWVB1KQRD2FeS5qEC6yEYBzI72_2LoG9UTUH6slJ5bmJ67YdePy4C0HypxfPtIHkqexNIKpG5LfliLrv89E2MLB2VIqweNouYGYh1w8sNnJoLR4GKSmsHrE7PjvBFAPYu31DoQT6aP_h5jlIznUgyOYVx37hXe13hqbI264BlxMHlI-UbceIa6mURwtONfhxw9VR1E6tmASb4nAZZZVAYRivs6dIEV3qP1DfkKRp8095JxQi8Oia2_W4QIV6A","expires_in":300,"refresh_expires_in":1800,"refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NTc1MTY1MTQsImlhdCI6MTc1NzUxNDcxNCwianRpIjoiOGQyMWZiOGUtNjg5My00NWY0LTlhYzYtY2QzYjhjMDMxYzlkIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6InRlc3RpZCIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsInNlc3Npb25fc3RhdGUiOiJmMDgyMzIxOS1mM2Y2LTRjMjQtYTQwNi0xNzVmMjRkODAyNGUiLCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIGt2ayBncm91cHMgYnNuIiwic2lkIjoiZjA4MjMyMTktZjNmNi00YzI0LWE0MDYtMTc1ZjI0ZDgwMjRlIn0.BHTJOaasnnT-MQU-wUJ5u3rT26asHxC4H6Xe-CZufGI","token_type":"Bearer","id_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NTc1MTUwMTQsImlhdCI6MTc1NzUxNDcxNCwiYXV0aF90aW1lIjoxNzU3NTE0NzE0LCJqdGkiOiI2YTBkZTNjYS03ZjI3LTQ1OTQtYjg1MS1lOGU4Y2Y3ZjZlMDAiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJ0ZXN0aWQiLCJzdWIiOiI2ZGIyZGI4Ny1kZTMxLTRlMzAtOWYyNS1jZWZlNWRhOGIxNTQiLCJ0eXAiOiJJRCIsImF6cCI6InRlc3RpZCIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsInNlc3Npb25fc3RhdGUiOiJmMDgyMzIxOS1mM2Y2LTRjMjQtYTQwNi0xNzVmMjRkODAyNGUiLCJhdF9oYXNoIjoid21seTkzb0JNU3NnaXNnQXpQVExxQSIsImFjciI6IjEiLCJzaWQiOiJmMDgyMzIxOS1mM2Y2LTRjMjQtYTQwNi0xNzVmMjRkODAyNGUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZ3JvdXBzIjpbIlJlZ2lzdHJlZXJkZXJzIiwiZGVmYXVsdC1yb2xlcy10ZXN0Iiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20ifQ.jdzpNLDK03Pp8tbv5856nbEtZKAdLTGSt6isDNsZ1i-LwGO8aWwXG50v6tGIa26Vb6Y1n9ex8nOIzWFBJLE-77iuImGyiwU4ODDLcMniDexMmtSz6Qt6SulE-yGhn8Bhiqqhhic_68qgp09Uvx8j0rcA2EgnoMwO-LEcJpdzzZO-dtpvXrojreU1DCdTwc7H4wAhjomfbwF-C1zSZHTIyfYB7fZOrmu6ja3ceqeD7NVS4K5OsMIOkAJHpVqf5LRwi4Qo4MniK2qMTrAhFtnYVdNsALovGa9b5LsFPUWkgKCNGh88QnbMbyQn6ed2ZkZgvC6BATQbh84IILguqMz3Jg","not-before-policy":0,"session_state":"f0823219-f3f6-4c24-a406-175f24d8024e","scope":"openid + string: '{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NjMzNzc0MjksImlhdCI6MTc2MzM3NzEyOSwiYXV0aF90aW1lIjoxNzYzMzc3MTI5LCJqdGkiOiJjODg3ZGE2OC00MzI3LTQ3NzAtOTc2MS05MTVmYWFmMGRjNTEiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoidGVzdGlkIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwic2Vzc2lvbl9zdGF0ZSI6IjE0MDQ4ZWJiLTAzYTYtNDk2MC1hMDcyLTZiNzJiZWJmYzg1NSIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovLzEyNy4wLjAuMTo4MDAwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSBrdmsgZ3JvdXBzIGJzbiIsInNpZCI6IjE0MDQ4ZWJiLTAzYTYtNDk2MC1hMDcyLTZiNzJiZWJmYzg1NSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJncm91cHMiOlsiUmVnaXN0cmVlcmRlcnMiLCJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl0sInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSJ9.LideM1Tv5werlTBv9_IPID5QI_z9FvZ6geBj9R1SHuh0qnALf2YrmQ8-HJdGPiPzwk3cox7gkDo0bt2ScpfwQzzpWS4FERD4UPyIcTPiC9n3j1vHsdWMMou_hBXEHsjTqkNcyHepu-ZCTzWsEYne1glB4_OfWg-3CL397V3KIcLWgPnCBw-G5UGfLOYOrIMn8gv07FbQGYC36lo3EolKM73VI-4feVeKss59WrbJffJd3N2x4_3uLFIeXPbdf1L_qvb6n3bqHsSxfb3jkoOyxXHqO6DeB1VfAMPkOB7bXrlFAyJ615ogtAX0ysCRk87HAbym6P0Z5WIBtiMTgPu1SQ","expires_in":300,"refresh_expires_in":1799,"refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NjMzNzg5MjgsImlhdCI6MTc2MzM3NzEyOSwianRpIjoiYWIyNDEyOTQtZGQ0ZC00NDE3LWE2YjAtNGIzMWRlMzM1NjU2IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6InRlc3RpZCIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsInNlc3Npb25fc3RhdGUiOiIxNDA0OGViYi0wM2E2LTQ5NjAtYTA3Mi02YjcyYmViZmM4NTUiLCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIGt2ayBncm91cHMgYnNuIiwic2lkIjoiMTQwNDhlYmItMDNhNi00OTYwLWEwNzItNmI3MmJlYmZjODU1In0.cV0NLlF8yuBd6To9I0MNgl5tEetmPiHuOE6Nit6_8wA","token_type":"Bearer","id_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NjMzNzc0MjksImlhdCI6MTc2MzM3NzEyOSwiYXV0aF90aW1lIjoxNzYzMzc3MTI5LCJqdGkiOiI5ZjFkYmNhZi1kYTJjLTQ0MjYtYjZlOC04ZGRkOGFkZTFmZGEiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJ0ZXN0aWQiLCJzdWIiOiI2ZGIyZGI4Ny1kZTMxLTRlMzAtOWYyNS1jZWZlNWRhOGIxNTQiLCJ0eXAiOiJJRCIsImF6cCI6InRlc3RpZCIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsInNlc3Npb25fc3RhdGUiOiIxNDA0OGViYi0wM2E2LTQ5NjAtYTA3Mi02YjcyYmViZmM4NTUiLCJhdF9oYXNoIjoiOHJfZzlSeExRdUZFVFZ6WlBraG8wUSIsImFjciI6IjEiLCJzaWQiOiIxNDA0OGViYi0wM2E2LTQ5NjAtYTA3Mi02YjcyYmViZmM4NTUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZ3JvdXBzIjpbIlJlZ2lzdHJlZXJkZXJzIiwiZGVmYXVsdC1yb2xlcy10ZXN0Iiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20ifQ.IKIeK0u5ETfuyUPa6fwTVK-FFSzmWeCVLpqzLNajuVcsD8VIt4YuE6BTBnsXN947Xi1LhHmimGAgHG3pLrG8ESQB1-Sua7HQEjCgzgkR08aLCeMUMPBKLR3bH1vZDmb0k3eHYnFA4tDH8KJWi8stxHIe5b8tT6pFgKd-mjx8mJoOHeOtg6ElQklWh9ScT2DE40Gpr7svlhSvVfjRDfPWQ2orPIZlLXnQUwHJfVzMta_uoC1mdl0k8Zm-NZNuJArt9iB-ah7Y-aiDh0oO6bzpoDsRuSfAA3f0EQJLlaSagh40srO2q-49bEi2JgQDkba-oad9IPmNfSsmAA914EOA3A","not-before-policy":0,"session_state":"14048ebb-03a6-4960-a072-6b72bebfc855","scope":"openid email profile kvk groups bsn"}' headers: Cache-Control: @@ -247,7 +247,7 @@ interactions: Accept-Encoding: - gzip, deflate Authorization: - - Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NTc1MTUwMTQsImlhdCI6MTc1NzUxNDcxNCwiYXV0aF90aW1lIjoxNzU3NTE0NzE0LCJqdGkiOiI0ZjBiMzY0NS01MzIxLTRjN2ItOTlkOS0xM2M3ZDIzZGIwNWIiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoidGVzdGlkIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwic2Vzc2lvbl9zdGF0ZSI6ImYwODIzMjE5LWYzZjYtNGMyNC1hNDA2LTE3NWYyNGQ4MDI0ZSIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovLzEyNy4wLjAuMTo4MDAwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSBrdmsgZ3JvdXBzIGJzbiIsInNpZCI6ImYwODIzMjE5LWYzZjYtNGMyNC1hNDA2LTE3NWYyNGQ4MDI0ZSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJncm91cHMiOlsiUmVnaXN0cmVlcmRlcnMiLCJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl0sInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSJ9.MUjaBS-Byx00FrKZwARjNGHCES6UR8LvwyhPmmGaWX2lfZMHx-Tc-kIu6GDEz3nk4cM1kSl-1h4CFSCWwugQi33eVEWVB1KQRD2FeS5qEC6yEYBzI72_2LoG9UTUH6slJ5bmJ67YdePy4C0HypxfPtIHkqexNIKpG5LfliLrv89E2MLB2VIqweNouYGYh1w8sNnJoLR4GKSmsHrE7PjvBFAPYu31DoQT6aP_h5jlIznUgyOYVx37hXe13hqbI264BlxMHlI-UbceIa6mURwtONfhxw9VR1E6tmASb4nAZZZVAYRivs6dIEV3qP1DfkKRp8095JxQi8Oia2_W4QIV6A + - Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NjMzNzc0MjksImlhdCI6MTc2MzM3NzEyOSwiYXV0aF90aW1lIjoxNzYzMzc3MTI5LCJqdGkiOiJjODg3ZGE2OC00MzI3LTQ3NzAtOTc2MS05MTVmYWFmMGRjNTEiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoidGVzdGlkIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwic2Vzc2lvbl9zdGF0ZSI6IjE0MDQ4ZWJiLTAzYTYtNDk2MC1hMDcyLTZiNzJiZWJmYzg1NSIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovLzEyNy4wLjAuMTo4MDAwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSBrdmsgZ3JvdXBzIGJzbiIsInNpZCI6IjE0MDQ4ZWJiLTAzYTYtNDk2MC1hMDcyLTZiNzJiZWJmYzg1NSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJncm91cHMiOlsiUmVnaXN0cmVlcmRlcnMiLCJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl0sInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSJ9.LideM1Tv5werlTBv9_IPID5QI_z9FvZ6geBj9R1SHuh0qnALf2YrmQ8-HJdGPiPzwk3cox7gkDo0bt2ScpfwQzzpWS4FERD4UPyIcTPiC9n3j1vHsdWMMou_hBXEHsjTqkNcyHepu-ZCTzWsEYne1glB4_OfWg-3CL397V3KIcLWgPnCBw-G5UGfLOYOrIMn8gv07FbQGYC36lo3EolKM73VI-4feVeKss59WrbJffJd3N2x4_3uLFIeXPbdf1L_qvb6n3bqHsSxfb3jkoOyxXHqO6DeB1VfAMPkOB7bXrlFAyJ615ogtAX0ysCRk87HAbym6P0Z5WIBtiMTgPu1SQ Connection: - keep-alive User-Agent: diff --git a/src/objects/accounts/tests/files/vcr_cassettes/OIDCFLowTests/test_happy_flow.yaml b/src/objects/accounts/tests/files/vcr_cassettes/OIDCFlowTests/test_happy_flow.yaml similarity index 76% rename from src/objects/accounts/tests/files/vcr_cassettes/OIDCFLowTests/test_happy_flow.yaml rename to src/objects/accounts/tests/files/vcr_cassettes/OIDCFlowTests/test_happy_flow.yaml index 5a17e2f7..96cf735a 100644 --- a/src/objects/accounts/tests/files/vcr_cassettes/OIDCFLowTests/test_happy_flow.yaml +++ b/src/objects/accounts/tests/files/vcr_cassettes/OIDCFlowTests/test_happy_flow.yaml @@ -11,23 +11,23 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: http://localhost:8080/realms/test/protocol/openid-connect/auth?response_type=code&scope=openid&client_id=testid&redirect_uri=http%3A%2F%2Ftestserver%2Foidc%2Fcallback%2F&state=not-a-random-string&nonce=not-a-random-string + uri: http://localhost:8080/realms/test/protocol/openid-connect/auth?response_type=code&scope=email+profile+openid&client_id=testid&redirect_uri=http%3A%2F%2Ftestserver%2Foidc%2Fcallback%2F&state=not-a-random-string&nonce=not-a-random-string response: body: string: "\n\n\n\n \n \ \n \n\n \n Sign - in to test\n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n
\n \
\n
test
\n
\n
\n @@ -35,7 +35,7 @@ interactions: \ Sign in to your account\n\n\n \n
\n \
\n\n\n
\n \
\n
\n
\n \n\n \n
\n \
\n
\n
\n \n\n\n\n\n\n + type=\"module\" src=\"/resources/rxcbb/login/keycloak/js/passwordVisibility.js\">\n\n\n\n\n\n \
\n
\n\n
\n
\n\n\n" headers: Cache-Control: @@ -75,11 +75,11 @@ interactions: Referrer-Policy: - no-referrer Set-Cookie: - - AUTH_SESSION_ID=befa4b65-599a-4d6f-853b-efb529e6b9d8; Version=1; Path=/realms/test/; + - AUTH_SESSION_ID=5b1f9bbb-9f3e-4cef-aa91-7f5cdaa42fa2; Version=1; Path=/realms/test/; SameSite=None; Secure; HttpOnly - - AUTH_SESSION_ID_LEGACY=befa4b65-599a-4d6f-853b-efb529e6b9d8; Version=1; Path=/realms/test/; + - AUTH_SESSION_ID_LEGACY=5b1f9bbb-9f3e-4cef-aa91-7f5cdaa42fa2; Version=1; Path=/realms/test/; HttpOnly - - KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJjaWQiOiJ0ZXN0aWQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoib3BlbmlkIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsInN0YXRlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyJ9fQ.f7ZABGR0O48xm61gDKLOR_LjWH9a59wtTbGXUfm78sI; + - KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJjaWQiOiJ0ZXN0aWQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoiZW1haWwgcHJvZmlsZSBvcGVuaWQiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHA6Ly90ZXN0c2VydmVyL29pZGMvY2FsbGJhY2svIiwic3RhdGUiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIn19.UKtC_lylKI70bO_ILBG4yJFPnhAaED09GAIZb1wfDh4; Version=1; Path=/realms/test/; HttpOnly Strict-Transport-Security: - max-age=31536000; includeSubDomains @@ -110,11 +110,11 @@ interactions: Content-Type: - application/x-www-form-urlencoded Cookie: - - AUTH_SESSION_ID_LEGACY=befa4b65-599a-4d6f-853b-efb529e6b9d8; KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJjaWQiOiJ0ZXN0aWQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoib3BlbmlkIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsInN0YXRlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyJ9fQ.f7ZABGR0O48xm61gDKLOR_LjWH9a59wtTbGXUfm78sI + - AUTH_SESSION_ID_LEGACY=5b1f9bbb-9f3e-4cef-aa91-7f5cdaa42fa2; KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJjaWQiOiJ0ZXN0aWQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoiZW1haWwgcHJvZmlsZSBvcGVuaWQiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHA6Ly90ZXN0c2VydmVyL29pZGMvY2FsbGJhY2svIiwic3RhdGUiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIn19.UKtC_lylKI70bO_ILBG4yJFPnhAaED09GAIZb1wfDh4 User-Agent: - python-requests/2.32.4 method: POST - uri: http://localhost:8080/realms/test/login-actions/authenticate?session_code=fdSGh0_mqVLikTGBAwAqUQqQktWEvsHX-x8dTvC1v9s&execution=665c596b-1c9d-47c8-975a-c0de120b2622&client_id=testid&tab_id=EmBUIcmqJvc + uri: http://localhost:8080/realms/test/login-actions/authenticate?session_code=bmK2NHpC315yn8id2W0qGQaiRLfuMYtDM6T-NydCl1M&execution=99712d10-acb2-4a70-8752-46d960e43045&client_id=testid&tab_id=sPIIBAzB0ok response: body: string: '' @@ -124,7 +124,7 @@ interactions: Content-Security-Policy: - frame-src 'self'; frame-ancestors 'self'; object-src 'none'; Location: - - http://testserver/oidc/callback/?state=not-a-random-string&session_state=befa4b65-599a-4d6f-853b-efb529e6b9d8&iss=http%3A%2F%2Flocalhost%3A8080%2Frealms%2Ftest&code=12cbf915-d4d9-42f1-9a78-6d9306bce18d.befa4b65-599a-4d6f-853b-efb529e6b9d8.adf4ad83-4550-4619-9231-73bd8d700f45 + - http://testserver/oidc/callback/?state=not-a-random-string&session_state=5b1f9bbb-9f3e-4cef-aa91-7f5cdaa42fa2&iss=http%3A%2F%2Flocalhost%3A8080%2Frealms%2Ftest&code=9005f6ca-3bba-41e9-b8f7-7262338b93c0.5b1f9bbb-9f3e-4cef-aa91-7f5cdaa42fa2.adf4ad83-4550-4619-9231-73bd8d700f45 Referrer-Policy: - no-referrer Set-Cookie: @@ -134,15 +134,15 @@ interactions: Path=/realms/test/; HttpOnly - KC_AUTH_STATE=; Version=1; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=/realms/test/ - - KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NTc1NTA3MTUsImlhdCI6MTc1NzUxNDcxNSwianRpIjoiNzA2ZGEwNDUtN2ZmZC00MTVmLThjY2ItYzc5YTQyMmVlNDU2IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3RhdGUiOiJiZWZhNGI2NS01OTlhLTRkNmYtODUzYi1lZmI1MjllNmI5ZDgiLCJzaWQiOiJiZWZhNGI2NS01OTlhLTRkNmYtODUzYi1lZmI1MjllNmI5ZDgiLCJzdGF0ZV9jaGVja2VyIjoiT25hdzlqLWJwY0hlSHdQSk9XQmFzRl8wbGZkZzVUSDhBeVJaeXpQX2w5ZyJ9.AlCcP4LASoIIUBRTA_JApxtlTku8DEgwYwEURSAAbK0; + - KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NjM0MTMxMzAsImlhdCI6MTc2MzM3NzEzMCwianRpIjoiYTRjZTBiOGQtNmY1YS00MDQxLTkzZjAtOWEyMDEzNDBiNmMyIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3RhdGUiOiI1YjFmOWJiYi05ZjNlLTRjZWYtYWE5MS03ZjVjZGFhNDJmYTIiLCJzaWQiOiI1YjFmOWJiYi05ZjNlLTRjZWYtYWE5MS03ZjVjZGFhNDJmYTIiLCJzdGF0ZV9jaGVja2VyIjoid2Nma1hkaVVLVEJsRTk5bVJMYUJJaVhvSkh0QnA1c2Jtd0JJeG5lQXRUbyJ9.D14N5cbyt1D6qwAlwpR9eCiM2YkfakFvGzyS-KcOBT0; Version=1; Path=/realms/test/; SameSite=None; Secure; HttpOnly - - KEYCLOAK_IDENTITY_LEGACY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NTc1NTA3MTUsImlhdCI6MTc1NzUxNDcxNSwianRpIjoiNzA2ZGEwNDUtN2ZmZC00MTVmLThjY2ItYzc5YTQyMmVlNDU2IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3RhdGUiOiJiZWZhNGI2NS01OTlhLTRkNmYtODUzYi1lZmI1MjllNmI5ZDgiLCJzaWQiOiJiZWZhNGI2NS01OTlhLTRkNmYtODUzYi1lZmI1MjllNmI5ZDgiLCJzdGF0ZV9jaGVja2VyIjoiT25hdzlqLWJwY0hlSHdQSk9XQmFzRl8wbGZkZzVUSDhBeVJaeXpQX2w5ZyJ9.AlCcP4LASoIIUBRTA_JApxtlTku8DEgwYwEURSAAbK0; + - KEYCLOAK_IDENTITY_LEGACY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NjM0MTMxMzAsImlhdCI6MTc2MzM3NzEzMCwianRpIjoiYTRjZTBiOGQtNmY1YS00MDQxLTkzZjAtOWEyMDEzNDBiNmMyIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3RhdGUiOiI1YjFmOWJiYi05ZjNlLTRjZWYtYWE5MS03ZjVjZGFhNDJmYTIiLCJzaWQiOiI1YjFmOWJiYi05ZjNlLTRjZWYtYWE5MS03ZjVjZGFhNDJmYTIiLCJzdGF0ZV9jaGVja2VyIjoid2Nma1hkaVVLVEJsRTk5bVJMYUJJaVhvSkh0QnA1c2Jtd0JJeG5lQXRUbyJ9.D14N5cbyt1D6qwAlwpR9eCiM2YkfakFvGzyS-KcOBT0; Version=1; Path=/realms/test/; HttpOnly - - KEYCLOAK_SESSION=test/6db2db87-de31-4e30-9f25-cefe5da8b154/befa4b65-599a-4d6f-853b-efb529e6b9d8; - Version=1; Expires=Thu, 11-Sep-2025 00:31:55 GMT; Max-Age=36000; Path=/realms/test/; + - KEYCLOAK_SESSION=test/6db2db87-de31-4e30-9f25-cefe5da8b154/5b1f9bbb-9f3e-4cef-aa91-7f5cdaa42fa2; + Version=1; Expires=Mon, 17-Nov-2025 20:58:50 GMT; Max-Age=36000; Path=/realms/test/; SameSite=None; Secure - - KEYCLOAK_SESSION_LEGACY=test/6db2db87-de31-4e30-9f25-cefe5da8b154/befa4b65-599a-4d6f-853b-efb529e6b9d8; - Version=1; Expires=Thu, 11-Sep-2025 00:31:55 GMT; Max-Age=36000; Path=/realms/test/ + - KEYCLOAK_SESSION_LEGACY=test/6db2db87-de31-4e30-9f25-cefe5da8b154/5b1f9bbb-9f3e-4cef-aa91-7f5cdaa42fa2; + Version=1; Expires=Mon, 17-Nov-2025 20:58:50 GMT; Max-Age=36000; Path=/realms/test/ - KEYCLOAK_REMEMBER_ME=; Version=1; Comment=Expiring cookie; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=/realms/test/; HttpOnly Strict-Transport-Security: @@ -161,7 +161,7 @@ interactions: code: 302 message: Found - request: - body: client_id=testid&client_secret=7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I&grant_type=authorization_code&code=12cbf915-d4d9-42f1-9a78-6d9306bce18d.befa4b65-599a-4d6f-853b-efb529e6b9d8.adf4ad83-4550-4619-9231-73bd8d700f45&redirect_uri=http%3A%2F%2Ftestserver%2Foidc%2Fcallback%2F + body: client_id=testid&client_secret=7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I&grant_type=authorization_code&code=9005f6ca-3bba-41e9-b8f7-7262338b93c0.5b1f9bbb-9f3e-4cef-aa91-7f5cdaa42fa2.adf4ad83-4550-4619-9231-73bd8d700f45&redirect_uri=http%3A%2F%2Ftestserver%2Foidc%2Fcallback%2F headers: Accept: - '*/*' @@ -179,7 +179,7 @@ interactions: uri: http://localhost:8080/realms/test/protocol/openid-connect/token response: body: - string: '{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NTc1MTUwMTUsImlhdCI6MTc1NzUxNDcxNSwiYXV0aF90aW1lIjoxNzU3NTE0NzE1LCJqdGkiOiI2MmVjZmFmZS03MDUyLTQxMTgtYWY0Mi1jZWRlN2IxOTBlY2QiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoidGVzdGlkIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwic2Vzc2lvbl9zdGF0ZSI6ImJlZmE0YjY1LTU5OWEtNGQ2Zi04NTNiLWVmYjUyOWU2YjlkOCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovLzEyNy4wLjAuMTo4MDAwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSBrdmsgZ3JvdXBzIGJzbiIsInNpZCI6ImJlZmE0YjY1LTU5OWEtNGQ2Zi04NTNiLWVmYjUyOWU2YjlkOCIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJncm91cHMiOlsiUmVnaXN0cmVlcmRlcnMiLCJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl0sInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSJ9.EpNsoH_um6MvQQKVINfUPC0ZCl_xDvebgOUrCzDh5Mrir5xPIDnOcDDvk_tpGWbKzKj2n_jgYTX8IUpCpMjI2e15nv6oCMQXSoSyTEF1BgK8Xe3j2-UCZoCi6rjPr2XBz2TUkDueHLcFAc9Ox77stG5_63AIOCsxguw9cPQcncI4CEiBjnM5TrhvAbNu_tMIL-6YAIijWBkt9Nzkj0ozC7gT0271xXG5Ys8n9up61645VpPH_Goa0bskIoSqXdAdHhjDeM8bsCqGKwI8bUlAOwx-D119h7g9r_M-70CB1pwpyEovYek1xKvfu2HKACi1g9GTF0yu_2vSZTpOTOqiiQ","expires_in":300,"refresh_expires_in":1800,"refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NTc1MTY1MTUsImlhdCI6MTc1NzUxNDcxNSwianRpIjoiOWQwZmQxNzItNTRlMC00MjhhLTliMTAtYzkwN2RhYTQ0MmJhIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6InRlc3RpZCIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsInNlc3Npb25fc3RhdGUiOiJiZWZhNGI2NS01OTlhLTRkNmYtODUzYi1lZmI1MjllNmI5ZDgiLCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIGt2ayBncm91cHMgYnNuIiwic2lkIjoiYmVmYTRiNjUtNTk5YS00ZDZmLTg1M2ItZWZiNTI5ZTZiOWQ4In0.o5C6tLSisNLcUtnKzl1QGmTzRRXT-HUS-zTrck0Kdv4","token_type":"Bearer","id_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NTc1MTUwMTUsImlhdCI6MTc1NzUxNDcxNSwiYXV0aF90aW1lIjoxNzU3NTE0NzE1LCJqdGkiOiI3OWRiNGExMC03OWZmLTRjODctYTg4ZC1hYTIyMjljNGVmOTAiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJ0ZXN0aWQiLCJzdWIiOiI2ZGIyZGI4Ny1kZTMxLTRlMzAtOWYyNS1jZWZlNWRhOGIxNTQiLCJ0eXAiOiJJRCIsImF6cCI6InRlc3RpZCIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsInNlc3Npb25fc3RhdGUiOiJiZWZhNGI2NS01OTlhLTRkNmYtODUzYi1lZmI1MjllNmI5ZDgiLCJhdF9oYXNoIjoiZi05anM1X010eUJ1V2Q3Q25pYTBwZyIsImFjciI6IjEiLCJzaWQiOiJiZWZhNGI2NS01OTlhLTRkNmYtODUzYi1lZmI1MjllNmI5ZDgiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZ3JvdXBzIjpbIlJlZ2lzdHJlZXJkZXJzIiwiZGVmYXVsdC1yb2xlcy10ZXN0Iiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20ifQ.uGPRL1RW_LdRliai8Bht1Ap6x6N77gTZ39eLbWPwXx83tEqNems8PJlRyBiYJ5ABLUgTnW6r6KEpuYyo_nKtEWVIBKVIIYqqmJDXYB8oAy8KGvUAHkIBkf_KAmfN3WWLi5gpU5db_InlmhT6fJHAhEKrMuOjerz1EFrRhWGw6sl1kazmZ0ps0vmAt85gjliSjc0JEOQnG8EkGac8SIk_1mdzhi9y8GlldQU_yjw9Wk_PaczDRdc22P_CvYACas8JfoVP1dr03t27fnxYxnDyQSkXYWMbUT67KR4IVaDjO5KbPhfu4OQFnHoMIG1YIN9VckghvVY3Lat6IDNoFiNkSQ","not-before-policy":0,"session_state":"befa4b65-599a-4d6f-853b-efb529e6b9d8","scope":"openid + string: '{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NjMzNzc0MzAsImlhdCI6MTc2MzM3NzEzMCwiYXV0aF90aW1lIjoxNzYzMzc3MTMwLCJqdGkiOiI1OTZhNDU3Ni1hZmJmLTQzZjUtYTJiMS03ZjRjOTEwZTQ3NTgiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoidGVzdGlkIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwic2Vzc2lvbl9zdGF0ZSI6IjViMWY5YmJiLTlmM2UtNGNlZi1hYTkxLTdmNWNkYWE0MmZhMiIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovLzEyNy4wLjAuMTo4MDAwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSBrdmsgZ3JvdXBzIGJzbiIsInNpZCI6IjViMWY5YmJiLTlmM2UtNGNlZi1hYTkxLTdmNWNkYWE0MmZhMiIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJncm91cHMiOlsiUmVnaXN0cmVlcmRlcnMiLCJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl0sInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSJ9.K-SqXJkucKGzu2qMQyEvYzoqZLuT-XRf-1IWZcTdv8jcn3jq94LDxRjVAxFtCWzekb7anVKIXz8T_PSeB0WrpFOeKiCx1eTXrAr4g-yCU6EIj5UFGGdz_W9ygQX1EcWcMIwgf5dQCxTtnJUll9PTn-9c9sqy86Y201qa15MVFiEyyVnbEgvaRU4isvcA0R0bfa68zCGhrJIs7qwjkbD8795nr6KGbisIF__lJtrhe9akKoSJ8E3NetXT1IlOoSxtsTPKh--z94S4fwDt72Qjt7e83612-Z83Rpt6rIeDIujZHeygvlIDrlVcEuQJce0TGClOzmEQLIbRvbzIWA7X5A","expires_in":300,"refresh_expires_in":1800,"refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NjMzNzg5MzAsImlhdCI6MTc2MzM3NzEzMCwianRpIjoiMTQ5YmFmNWEtYmE5OC00OWVkLWI5ZmYtYWU1YzVmZTYxMzhjIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6InRlc3RpZCIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsInNlc3Npb25fc3RhdGUiOiI1YjFmOWJiYi05ZjNlLTRjZWYtYWE5MS03ZjVjZGFhNDJmYTIiLCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIGt2ayBncm91cHMgYnNuIiwic2lkIjoiNWIxZjliYmItOWYzZS00Y2VmLWFhOTEtN2Y1Y2RhYTQyZmEyIn0.xesc6nuB72I95ryuYYf4kyKyhHqH8PL9JYTG4wukEYk","token_type":"Bearer","id_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NjMzNzc0MzAsImlhdCI6MTc2MzM3NzEzMCwiYXV0aF90aW1lIjoxNzYzMzc3MTMwLCJqdGkiOiI3ZjgwNTUxYi00OGFhLTRhOTctYmE1YS1lNmQ5ZDQyYzViNDciLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJ0ZXN0aWQiLCJzdWIiOiI2ZGIyZGI4Ny1kZTMxLTRlMzAtOWYyNS1jZWZlNWRhOGIxNTQiLCJ0eXAiOiJJRCIsImF6cCI6InRlc3RpZCIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsInNlc3Npb25fc3RhdGUiOiI1YjFmOWJiYi05ZjNlLTRjZWYtYWE5MS03ZjVjZGFhNDJmYTIiLCJhdF9oYXNoIjoiYkg0OEtHODgzTW02YnFDMjQ5bTRudyIsImFjciI6IjEiLCJzaWQiOiI1YjFmOWJiYi05ZjNlLTRjZWYtYWE5MS03ZjVjZGFhNDJmYTIiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZ3JvdXBzIjpbIlJlZ2lzdHJlZXJkZXJzIiwiZGVmYXVsdC1yb2xlcy10ZXN0Iiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20ifQ.wpmvpXyN81dU5VnyYqpvJMA2W1ttL4Inj8qDNCDcN4kEQgokp5Q-I-5XD0q-46HoJPoeXkB6mIf3Gqqm0Z7UK6ti4EYDOT4LjjApwY-Egg9OIYjBKHSby_Fl8j4cpF8X8PBXCXnAVQPL2A_ZiyGiN-p1y9JVPdn4Af_G1Gs1HLv0DJ4J7jLhjhDHDjTdtMO2qsxOasfLYU4U9WQS-4RtSAQtTmoJAKyVVayCXj4davidBcrs4vWS50V-sb3K6XmEhVOCHnv5tlEbRfxVKkyXyqSHeR3lI2HTNaCsiOaZ7MEOCaaXL_6SE4u5F0QD3RRJ5QZxjb9cxhpMyFBotA8RiQ","not-before-policy":0,"session_state":"5b1f9bbb-9f3e-4cef-aa91-7f5cdaa42fa2","scope":"openid email profile kvk groups bsn"}' headers: Cache-Control: @@ -247,7 +247,7 @@ interactions: Accept-Encoding: - gzip, deflate Authorization: - - Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NTc1MTUwMTUsImlhdCI6MTc1NzUxNDcxNSwiYXV0aF90aW1lIjoxNzU3NTE0NzE1LCJqdGkiOiI2MmVjZmFmZS03MDUyLTQxMTgtYWY0Mi1jZWRlN2IxOTBlY2QiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoidGVzdGlkIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwic2Vzc2lvbl9zdGF0ZSI6ImJlZmE0YjY1LTU5OWEtNGQ2Zi04NTNiLWVmYjUyOWU2YjlkOCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovLzEyNy4wLjAuMTo4MDAwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSBrdmsgZ3JvdXBzIGJzbiIsInNpZCI6ImJlZmE0YjY1LTU5OWEtNGQ2Zi04NTNiLWVmYjUyOWU2YjlkOCIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJncm91cHMiOlsiUmVnaXN0cmVlcmRlcnMiLCJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl0sInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSJ9.EpNsoH_um6MvQQKVINfUPC0ZCl_xDvebgOUrCzDh5Mrir5xPIDnOcDDvk_tpGWbKzKj2n_jgYTX8IUpCpMjI2e15nv6oCMQXSoSyTEF1BgK8Xe3j2-UCZoCi6rjPr2XBz2TUkDueHLcFAc9Ox77stG5_63AIOCsxguw9cPQcncI4CEiBjnM5TrhvAbNu_tMIL-6YAIijWBkt9Nzkj0ozC7gT0271xXG5Ys8n9up61645VpPH_Goa0bskIoSqXdAdHhjDeM8bsCqGKwI8bUlAOwx-D119h7g9r_M-70CB1pwpyEovYek1xKvfu2HKACi1g9GTF0yu_2vSZTpOTOqiiQ + - Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NjMzNzc0MzAsImlhdCI6MTc2MzM3NzEzMCwiYXV0aF90aW1lIjoxNzYzMzc3MTMwLCJqdGkiOiI1OTZhNDU3Ni1hZmJmLTQzZjUtYTJiMS03ZjRjOTEwZTQ3NTgiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoidGVzdGlkIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwic2Vzc2lvbl9zdGF0ZSI6IjViMWY5YmJiLTlmM2UtNGNlZi1hYTkxLTdmNWNkYWE0MmZhMiIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovLzEyNy4wLjAuMTo4MDAwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSBrdmsgZ3JvdXBzIGJzbiIsInNpZCI6IjViMWY5YmJiLTlmM2UtNGNlZi1hYTkxLTdmNWNkYWE0MmZhMiIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJncm91cHMiOlsiUmVnaXN0cmVlcmRlcnMiLCJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl0sInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSJ9.K-SqXJkucKGzu2qMQyEvYzoqZLuT-XRf-1IWZcTdv8jcn3jq94LDxRjVAxFtCWzekb7anVKIXz8T_PSeB0WrpFOeKiCx1eTXrAr4g-yCU6EIj5UFGGdz_W9ygQX1EcWcMIwgf5dQCxTtnJUll9PTn-9c9sqy86Y201qa15MVFiEyyVnbEgvaRU4isvcA0R0bfa68zCGhrJIs7qwjkbD8795nr6KGbisIF__lJtrhe9akKoSJ8E3NetXT1IlOoSxtsTPKh--z94S4fwDt72Qjt7e83612-Z83Rpt6rIeDIujZHeygvlIDrlVcEuQJce0TGClOzmEQLIbRvbzIWA7X5A Connection: - keep-alive User-Agent: diff --git a/src/objects/accounts/tests/files/vcr_cassettes/OIDCFLowTests/test_happy_flow_existing_user.yaml b/src/objects/accounts/tests/files/vcr_cassettes/OIDCFlowTests/test_happy_flow_existing_user.yaml similarity index 76% rename from src/objects/accounts/tests/files/vcr_cassettes/OIDCFLowTests/test_happy_flow_existing_user.yaml rename to src/objects/accounts/tests/files/vcr_cassettes/OIDCFlowTests/test_happy_flow_existing_user.yaml index 734cdf69..e07f0451 100644 --- a/src/objects/accounts/tests/files/vcr_cassettes/OIDCFLowTests/test_happy_flow_existing_user.yaml +++ b/src/objects/accounts/tests/files/vcr_cassettes/OIDCFlowTests/test_happy_flow_existing_user.yaml @@ -11,23 +11,23 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: http://localhost:8080/realms/test/protocol/openid-connect/auth?response_type=code&scope=openid&client_id=testid&redirect_uri=http%3A%2F%2Ftestserver%2Foidc%2Fcallback%2F&state=not-a-random-string&nonce=not-a-random-string + uri: http://localhost:8080/realms/test/protocol/openid-connect/auth?response_type=code&scope=email+profile+openid&client_id=testid&redirect_uri=http%3A%2F%2Ftestserver%2Foidc%2Fcallback%2F&state=not-a-random-string&nonce=not-a-random-string response: body: string: "\n\n\n\n \n \ \n \n\n \n Sign - in to test\n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n
\n \
\n
test
\n
\n
\n @@ -35,7 +35,7 @@ interactions: \ Sign in to your account\n\n\n \n
\n \
\n\n\n
\n \
\n
\n
\n \n\n \n
\n \
\n
\n
\n \n\n\n\n\n\n + type=\"module\" src=\"/resources/rxcbb/login/keycloak/js/passwordVisibility.js\">\n\n\n\n\n\n \
\n
\n\n
\n
\n\n\n" headers: Cache-Control: @@ -75,11 +75,11 @@ interactions: Referrer-Policy: - no-referrer Set-Cookie: - - AUTH_SESSION_ID=7f19ddf6-3b95-416b-989c-2e1b38a87dda; Version=1; Path=/realms/test/; + - AUTH_SESSION_ID=0f494ced-7bef-4da8-b41f-04fb55b46cd8; Version=1; Path=/realms/test/; SameSite=None; Secure; HttpOnly - - AUTH_SESSION_ID_LEGACY=7f19ddf6-3b95-416b-989c-2e1b38a87dda; Version=1; Path=/realms/test/; + - AUTH_SESSION_ID_LEGACY=0f494ced-7bef-4da8-b41f-04fb55b46cd8; Version=1; Path=/realms/test/; HttpOnly - - KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJjaWQiOiJ0ZXN0aWQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoib3BlbmlkIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsInN0YXRlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyJ9fQ.f7ZABGR0O48xm61gDKLOR_LjWH9a59wtTbGXUfm78sI; + - KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJjaWQiOiJ0ZXN0aWQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoiZW1haWwgcHJvZmlsZSBvcGVuaWQiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHA6Ly90ZXN0c2VydmVyL29pZGMvY2FsbGJhY2svIiwic3RhdGUiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIn19.UKtC_lylKI70bO_ILBG4yJFPnhAaED09GAIZb1wfDh4; Version=1; Path=/realms/test/; HttpOnly Strict-Transport-Security: - max-age=31536000; includeSubDomains @@ -110,11 +110,11 @@ interactions: Content-Type: - application/x-www-form-urlencoded Cookie: - - AUTH_SESSION_ID_LEGACY=7f19ddf6-3b95-416b-989c-2e1b38a87dda; KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJjaWQiOiJ0ZXN0aWQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoib3BlbmlkIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0IiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJyZWRpcmVjdF91cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsInN0YXRlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyJ9fQ.f7ZABGR0O48xm61gDKLOR_LjWH9a59wtTbGXUfm78sI + - AUTH_SESSION_ID_LEGACY=0f494ced-7bef-4da8-b41f-04fb55b46cd8; KC_RESTART=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJjaWQiOiJ0ZXN0aWQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwOi8vdGVzdHNlcnZlci9vaWRjL2NhbGxiYWNrLyIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoiZW1haWwgcHJvZmlsZSBvcGVuaWQiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHA6Ly90ZXN0c2VydmVyL29pZGMvY2FsbGJhY2svIiwic3RhdGUiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIn19.UKtC_lylKI70bO_ILBG4yJFPnhAaED09GAIZb1wfDh4 User-Agent: - python-requests/2.32.4 method: POST - uri: http://localhost:8080/realms/test/login-actions/authenticate?session_code=26AmeTpkqJVM9pQ8Qb5c8K6PmsFqLEc_wOvBvybh5Hg&execution=665c596b-1c9d-47c8-975a-c0de120b2622&client_id=testid&tab_id=Z0L6N5SxTTc + uri: http://localhost:8080/realms/test/login-actions/authenticate?session_code=38EdgQsekoEfQAPzX80AQ3Gc2x3cW3eSoEJ0APOe1BE&execution=99712d10-acb2-4a70-8752-46d960e43045&client_id=testid&tab_id=VowfcmlfRT8 response: body: string: '' @@ -124,7 +124,7 @@ interactions: Content-Security-Policy: - frame-src 'self'; frame-ancestors 'self'; object-src 'none'; Location: - - http://testserver/oidc/callback/?state=not-a-random-string&session_state=7f19ddf6-3b95-416b-989c-2e1b38a87dda&iss=http%3A%2F%2Flocalhost%3A8080%2Frealms%2Ftest&code=010d0abd-9fa6-45f9-9d10-31549e3559c8.7f19ddf6-3b95-416b-989c-2e1b38a87dda.adf4ad83-4550-4619-9231-73bd8d700f45 + - http://testserver/oidc/callback/?state=not-a-random-string&session_state=0f494ced-7bef-4da8-b41f-04fb55b46cd8&iss=http%3A%2F%2Flocalhost%3A8080%2Frealms%2Ftest&code=b195a91d-3d95-4b13-aae4-f142a8e4b0fc.0f494ced-7bef-4da8-b41f-04fb55b46cd8.adf4ad83-4550-4619-9231-73bd8d700f45 Referrer-Policy: - no-referrer Set-Cookie: @@ -134,15 +134,15 @@ interactions: Path=/realms/test/; HttpOnly - KC_AUTH_STATE=; Version=1; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=/realms/test/ - - KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NTc1NTA3MTUsImlhdCI6MTc1NzUxNDcxNSwianRpIjoiMGQ5YzRiNjktMjFiOS00NjZhLWIwODktZTBhZGYwYTQ3Y2QwIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3RhdGUiOiI3ZjE5ZGRmNi0zYjk1LTQxNmItOTg5Yy0yZTFiMzhhODdkZGEiLCJzaWQiOiI3ZjE5ZGRmNi0zYjk1LTQxNmItOTg5Yy0yZTFiMzhhODdkZGEiLCJzdGF0ZV9jaGVja2VyIjoiREdiSG9sS0M0cnF5UWJIS0lnYk9fV3VHcFVabGpKVmlrV2pqZ05ZN2FzayJ9.hc5q1DfumTFg6RpcCyldTzKwJA3eOWt4Tc6VxRogMEU; + - KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NjM0MTMxMzAsImlhdCI6MTc2MzM3NzEzMCwianRpIjoiOTExYmFjM2YtYjJlNC00MzhjLWFhN2UtNmE4MTlmNmJjMDI4IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3RhdGUiOiIwZjQ5NGNlZC03YmVmLTRkYTgtYjQxZi0wNGZiNTViNDZjZDgiLCJzaWQiOiIwZjQ5NGNlZC03YmVmLTRkYTgtYjQxZi0wNGZiNTViNDZjZDgiLCJzdGF0ZV9jaGVja2VyIjoiOVlZVUVDSEtocVl6aDIwdDdJZ0NZNGRKbmk1Y2VhekIzQjdNWTNZWVkwWSJ9.Oq7eGik2NNM2pdAA-vGjc9fU8TsalR-Qu5vWSZKuaIE; Version=1; Path=/realms/test/; SameSite=None; Secure; HttpOnly - - KEYCLOAK_IDENTITY_LEGACY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NTc1NTA3MTUsImlhdCI6MTc1NzUxNDcxNSwianRpIjoiMGQ5YzRiNjktMjFiOS00NjZhLWIwODktZTBhZGYwYTQ3Y2QwIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3RhdGUiOiI3ZjE5ZGRmNi0zYjk1LTQxNmItOTg5Yy0yZTFiMzhhODdkZGEiLCJzaWQiOiI3ZjE5ZGRmNi0zYjk1LTQxNmItOTg5Yy0yZTFiMzhhODdkZGEiLCJzdGF0ZV9jaGVja2VyIjoiREdiSG9sS0M0cnF5UWJIS0lnYk9fV3VHcFVabGpKVmlrV2pqZ05ZN2FzayJ9.hc5q1DfumTFg6RpcCyldTzKwJA3eOWt4Tc6VxRogMEU; + - KEYCLOAK_IDENTITY_LEGACY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NjM0MTMxMzAsImlhdCI6MTc2MzM3NzEzMCwianRpIjoiOTExYmFjM2YtYjJlNC00MzhjLWFhN2UtNmE4MTlmNmJjMDI4IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3RhdGUiOiIwZjQ5NGNlZC03YmVmLTRkYTgtYjQxZi0wNGZiNTViNDZjZDgiLCJzaWQiOiIwZjQ5NGNlZC03YmVmLTRkYTgtYjQxZi0wNGZiNTViNDZjZDgiLCJzdGF0ZV9jaGVja2VyIjoiOVlZVUVDSEtocVl6aDIwdDdJZ0NZNGRKbmk1Y2VhekIzQjdNWTNZWVkwWSJ9.Oq7eGik2NNM2pdAA-vGjc9fU8TsalR-Qu5vWSZKuaIE; Version=1; Path=/realms/test/; HttpOnly - - KEYCLOAK_SESSION=test/6db2db87-de31-4e30-9f25-cefe5da8b154/7f19ddf6-3b95-416b-989c-2e1b38a87dda; - Version=1; Expires=Thu, 11-Sep-2025 00:31:55 GMT; Max-Age=36000; Path=/realms/test/; + - KEYCLOAK_SESSION=test/6db2db87-de31-4e30-9f25-cefe5da8b154/0f494ced-7bef-4da8-b41f-04fb55b46cd8; + Version=1; Expires=Mon, 17-Nov-2025 20:58:50 GMT; Max-Age=36000; Path=/realms/test/; SameSite=None; Secure - - KEYCLOAK_SESSION_LEGACY=test/6db2db87-de31-4e30-9f25-cefe5da8b154/7f19ddf6-3b95-416b-989c-2e1b38a87dda; - Version=1; Expires=Thu, 11-Sep-2025 00:31:55 GMT; Max-Age=36000; Path=/realms/test/ + - KEYCLOAK_SESSION_LEGACY=test/6db2db87-de31-4e30-9f25-cefe5da8b154/0f494ced-7bef-4da8-b41f-04fb55b46cd8; + Version=1; Expires=Mon, 17-Nov-2025 20:58:50 GMT; Max-Age=36000; Path=/realms/test/ - KEYCLOAK_REMEMBER_ME=; Version=1; Comment=Expiring cookie; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=/realms/test/; HttpOnly Strict-Transport-Security: @@ -161,7 +161,7 @@ interactions: code: 302 message: Found - request: - body: client_id=testid&client_secret=7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I&grant_type=authorization_code&code=010d0abd-9fa6-45f9-9d10-31549e3559c8.7f19ddf6-3b95-416b-989c-2e1b38a87dda.adf4ad83-4550-4619-9231-73bd8d700f45&redirect_uri=http%3A%2F%2Ftestserver%2Foidc%2Fcallback%2F + body: client_id=testid&client_secret=7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I&grant_type=authorization_code&code=b195a91d-3d95-4b13-aae4-f142a8e4b0fc.0f494ced-7bef-4da8-b41f-04fb55b46cd8.adf4ad83-4550-4619-9231-73bd8d700f45&redirect_uri=http%3A%2F%2Ftestserver%2Foidc%2Fcallback%2F headers: Accept: - '*/*' @@ -179,7 +179,7 @@ interactions: uri: http://localhost:8080/realms/test/protocol/openid-connect/token response: body: - string: '{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NTc1MTUwMTUsImlhdCI6MTc1NzUxNDcxNSwiYXV0aF90aW1lIjoxNzU3NTE0NzE1LCJqdGkiOiI0YzlmNGQzZi1iODE1LTQ1ZDctYTdhNC03ZTc3MGEwZDg0MjQiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoidGVzdGlkIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwic2Vzc2lvbl9zdGF0ZSI6IjdmMTlkZGY2LTNiOTUtNDE2Yi05ODljLTJlMWIzOGE4N2RkYSIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovLzEyNy4wLjAuMTo4MDAwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSBrdmsgZ3JvdXBzIGJzbiIsInNpZCI6IjdmMTlkZGY2LTNiOTUtNDE2Yi05ODljLTJlMWIzOGE4N2RkYSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJncm91cHMiOlsiUmVnaXN0cmVlcmRlcnMiLCJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl0sInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSJ9.0qYhair64_q3ePWMv6IGiQPNJGXDvAFBBCz540jwKm0RnPDdLB4j0hPPpKhaqNSxCwlE1UIM63XgzJDYsc4YEc6yb-KxOnVdl85ybuUMk6I_idYPtmKDDlClwX8PGI6wzauaZrSuvMUK1_ToiweuU3o7Dte9isvdKOyKjBqTxRGEBslsQ6XoIX1wqooNgm2XE2lmtajvIoYzNxPgUugyWwp3ORKbGvhFpC0kJ-wZ2yMLoyIxuHFB-DlrUFsMUtxCqsGRnQRdAjAaszuFiqbnncShprpq00AaGISQa1X3g3tgxD5-U5amHAeP_1n4_18WNFxFpTyt3SP36BYNZLjnZw","expires_in":300,"refresh_expires_in":1800,"refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NTc1MTY1MTUsImlhdCI6MTc1NzUxNDcxNSwianRpIjoiM2U2ZWI3MWEtYWZhNy00NTM5LWE4OTQtYTQzMGU4MjBiZjgxIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6InRlc3RpZCIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsInNlc3Npb25fc3RhdGUiOiI3ZjE5ZGRmNi0zYjk1LTQxNmItOTg5Yy0yZTFiMzhhODdkZGEiLCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIGt2ayBncm91cHMgYnNuIiwic2lkIjoiN2YxOWRkZjYtM2I5NS00MTZiLTk4OWMtMmUxYjM4YTg3ZGRhIn0.M3qWmwdxnDheRQ37JAxMTbaPQjcDaKWFek9LTl6Ynu8","token_type":"Bearer","id_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NTc1MTUwMTUsImlhdCI6MTc1NzUxNDcxNSwiYXV0aF90aW1lIjoxNzU3NTE0NzE1LCJqdGkiOiI0ZTA2NTZhYy01MDVlLTQzZmYtOThlYS0wNDg3NTExZDhkOTYiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJ0ZXN0aWQiLCJzdWIiOiI2ZGIyZGI4Ny1kZTMxLTRlMzAtOWYyNS1jZWZlNWRhOGIxNTQiLCJ0eXAiOiJJRCIsImF6cCI6InRlc3RpZCIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsInNlc3Npb25fc3RhdGUiOiI3ZjE5ZGRmNi0zYjk1LTQxNmItOTg5Yy0yZTFiMzhhODdkZGEiLCJhdF9oYXNoIjoic1pWM3lOZWNKMGJFeG8zYlAzZ2NXZyIsImFjciI6IjEiLCJzaWQiOiI3ZjE5ZGRmNi0zYjk1LTQxNmItOTg5Yy0yZTFiMzhhODdkZGEiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZ3JvdXBzIjpbIlJlZ2lzdHJlZXJkZXJzIiwiZGVmYXVsdC1yb2xlcy10ZXN0Iiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20ifQ.aDvQwa3J8KgsStd3b7F5P3F18C0Acxh85A7BAe4WGSepDU5ovoxqVJNOSeXI8WUV1SKpdtajknD9PpR_YRMi5bSIFVVk2QxjOylBl0jHdi_FgCR5XUBwO62NRBgQitiFhPc9zkMvPGPylGSpXYAtBSrj_i_6WB9o9ZDvt1_0Ibxds6kfBNq8n7g4OcoPaE68vVVlrG1CwwfCMSJKsQWMrqDPDuklA_-TOzwZ3tPnzWifayYR4tRAxFs5d5jVWVpihJ4lxtQ8A5klLgY012daeez06FPaBSo2xTwWrXUT4d-sr2yFcoujHwGZsku9aUUZq6p9UWkEPNB5Zi1uDSCp1w","not-before-policy":0,"session_state":"7f19ddf6-3b95-416b-989c-2e1b38a87dda","scope":"openid + string: '{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NjMzNzc0MzAsImlhdCI6MTc2MzM3NzEzMCwiYXV0aF90aW1lIjoxNzYzMzc3MTMwLCJqdGkiOiJlN2I4ODMxMi1mOWIzLTQ0MzEtYTE3Yy05MGMxYjgyZjQzZTIiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoidGVzdGlkIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwic2Vzc2lvbl9zdGF0ZSI6IjBmNDk0Y2VkLTdiZWYtNGRhOC1iNDFmLTA0ZmI1NWI0NmNkOCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovLzEyNy4wLjAuMTo4MDAwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSBrdmsgZ3JvdXBzIGJzbiIsInNpZCI6IjBmNDk0Y2VkLTdiZWYtNGRhOC1iNDFmLTA0ZmI1NWI0NmNkOCIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJncm91cHMiOlsiUmVnaXN0cmVlcmRlcnMiLCJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl0sInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSJ9.nyVuD-wsoDl_-YOr1xHAyvVoNcVJDij7tnKvlPrgm4aDa8IKX5WamtGv_fY3_ptTuka5SIvn4LuOiR7sVr28UbhMPz6pHddtwbIyiUNLQd9in18XIsmNhTNua5aA1h2JhVPwpEiGIBZV8VIwbX_X0SsO1SsPXW_QitX0bdJ2wgVVwKiPsNxHrvlTL7HCzb9P9-1ibm1QPRyBhJHxA6JhUMHoVcDIHlHxkB7qPdIGiNL-X5nvrqOQa5AMupS9Y9j4DmyBxNaklNPUbwB47Wkp_LdvHiQnJDVwqM5MBsoish7hgnhRiieX5Tj8psa-XLcVTeZzEvT8czKLtc4zo_m7Mg","expires_in":300,"refresh_expires_in":1800,"refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlNzE1ZTA1MS02Y2RiLTQ4Y2MtYjRmNC1mMDcyMmM4MWY5ZDMifQ.eyJleHAiOjE3NjMzNzg5MzAsImlhdCI6MTc2MzM3NzEzMCwianRpIjoiNGEwOWQ0YjktODg1MS00MDNmLTkwYjAtMmIxMDNjN2M5MDRkIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6InRlc3RpZCIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsInNlc3Npb25fc3RhdGUiOiIwZjQ5NGNlZC03YmVmLTRkYTgtYjQxZi0wNGZiNTViNDZjZDgiLCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIGt2ayBncm91cHMgYnNuIiwic2lkIjoiMGY0OTRjZWQtN2JlZi00ZGE4LWI0MWYtMDRmYjU1YjQ2Y2Q4In0.FPsP_qHC063UgnZ6j1L5unDYNGtOMzRUNxFaIFaJBoc","token_type":"Bearer","id_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NjMzNzc0MzAsImlhdCI6MTc2MzM3NzEzMCwiYXV0aF90aW1lIjoxNzYzMzc3MTMwLCJqdGkiOiJiN2ZmNzI1NC1hYTgzLTRkMWEtYTg2OS1iZTI3ZjI3ZWMxZWIiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJ0ZXN0aWQiLCJzdWIiOiI2ZGIyZGI4Ny1kZTMxLTRlMzAtOWYyNS1jZWZlNWRhOGIxNTQiLCJ0eXAiOiJJRCIsImF6cCI6InRlc3RpZCIsIm5vbmNlIjoibm90LWEtcmFuZG9tLXN0cmluZyIsInNlc3Npb25fc3RhdGUiOiIwZjQ5NGNlZC03YmVmLTRkYTgtYjQxZi0wNGZiNTViNDZjZDgiLCJhdF9oYXNoIjoiczF5ZHd4MkZRSk1yazFSTmFuMUhOQSIsImFjciI6IjEiLCJzaWQiOiIwZjQ5NGNlZC03YmVmLTRkYTgtYjQxZi0wNGZiNTViNDZjZDgiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiZ3JvdXBzIjpbIlJlZ2lzdHJlZXJkZXJzIiwiZGVmYXVsdC1yb2xlcy10ZXN0Iiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiIsImVtYWlsIjoiYWRtaW5AZXhhbXBsZS5jb20ifQ.RNyihptsBS2K96Y6yNKHX8PFIVFdXfAuZSUVRtgnAHj4Lr1A4r9unaEcPd-Ddue5Z43sjR5AtHtBjTI1ISTuwgQ5KonKj8JDVCAV4LBTtYqN1AQ4d2-7xrY1sCaiJxjJSriaMOgVdQJQiBlCvWfqSyv5ouIbXSj_jwlhcSCGKXR5FQ0gKxIVn7nuibVw8-x86541IoM_caMxEpzUAkoEOYb9QPAyTXdjF-Z3U522C42uvhsdAlste5AP5CawrtvWK3cDRHkQZO0_XtLf-4SBhSEG6-NL8BaXVRsIQUIAjljgHloq76ngvrjMOrOSpIhKe_8cJGkGUdLVN0z7wsKtjQ","not-before-policy":0,"session_state":"0f494ced-7bef-4da8-b41f-04fb55b46cd8","scope":"openid email profile kvk groups bsn"}' headers: Cache-Control: @@ -247,7 +247,7 @@ interactions: Accept-Encoding: - gzip, deflate Authorization: - - Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NTc1MTUwMTUsImlhdCI6MTc1NzUxNDcxNSwiYXV0aF90aW1lIjoxNzU3NTE0NzE1LCJqdGkiOiI0YzlmNGQzZi1iODE1LTQ1ZDctYTdhNC03ZTc3MGEwZDg0MjQiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoidGVzdGlkIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwic2Vzc2lvbl9zdGF0ZSI6IjdmMTlkZGY2LTNiOTUtNDE2Yi05ODljLTJlMWIzOGE4N2RkYSIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovLzEyNy4wLjAuMTo4MDAwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSBrdmsgZ3JvdXBzIGJzbiIsInNpZCI6IjdmMTlkZGY2LTNiOTUtNDE2Yi05ODljLTJlMWIzOGE4N2RkYSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJncm91cHMiOlsiUmVnaXN0cmVlcmRlcnMiLCJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl0sInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSJ9.0qYhair64_q3ePWMv6IGiQPNJGXDvAFBBCz540jwKm0RnPDdLB4j0hPPpKhaqNSxCwlE1UIM63XgzJDYsc4YEc6yb-KxOnVdl85ybuUMk6I_idYPtmKDDlClwX8PGI6wzauaZrSuvMUK1_ToiweuU3o7Dte9isvdKOyKjBqTxRGEBslsQ6XoIX1wqooNgm2XE2lmtajvIoYzNxPgUugyWwp3ORKbGvhFpC0kJ-wZ2yMLoyIxuHFB-DlrUFsMUtxCqsGRnQRdAjAaszuFiqbnncShprpq00AaGISQa1X3g3tgxD5-U5amHAeP_1n4_18WNFxFpTyt3SP36BYNZLjnZw + - Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0VU5RQWN2VWN2LURGVU94XzRPMWd0MTNPZEpTb3RxRUtQWnVyczJ2UVc4In0.eyJleHAiOjE3NjMzNzc0MzAsImlhdCI6MTc2MzM3NzEzMCwiYXV0aF90aW1lIjoxNzYzMzc3MTMwLCJqdGkiOiJlN2I4ODMxMi1mOWIzLTQ0MzEtYTE3Yy05MGMxYjgyZjQzZTIiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNmRiMmRiODctZGUzMS00ZTMwLTlmMjUtY2VmZTVkYThiMTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoidGVzdGlkIiwibm9uY2UiOiJub3QtYS1yYW5kb20tc3RyaW5nIiwic2Vzc2lvbl9zdGF0ZSI6IjBmNDk0Y2VkLTdiZWYtNGRhOC1iNDFmLTA0ZmI1NWI0NmNkOCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovLzEyNy4wLjAuMTo4MDAwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJvcGVuaWQgZW1haWwgcHJvZmlsZSBrdmsgZ3JvdXBzIGJzbiIsInNpZCI6IjBmNDk0Y2VkLTdiZWYtNGRhOC1iNDFmLTA0ZmI1NWI0NmNkOCIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJncm91cHMiOlsiUmVnaXN0cmVlcmRlcnMiLCJkZWZhdWx0LXJvbGVzLXRlc3QiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl0sInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSJ9.nyVuD-wsoDl_-YOr1xHAyvVoNcVJDij7tnKvlPrgm4aDa8IKX5WamtGv_fY3_ptTuka5SIvn4LuOiR7sVr28UbhMPz6pHddtwbIyiUNLQd9in18XIsmNhTNua5aA1h2JhVPwpEiGIBZV8VIwbX_X0SsO1SsPXW_QitX0bdJ2wgVVwKiPsNxHrvlTL7HCzb9P9-1ibm1QPRyBhJHxA6JhUMHoVcDIHlHxkB7qPdIGiNL-X5nvrqOQa5AMupS9Y9j4DmyBxNaklNPUbwB47Wkp_LdvHiQnJDVwqM5MBsoish7hgnhRiieX5Tj8psa-XLcVTeZzEvT8czKLtc4zo_m7Mg Connection: - keep-alive User-Agent: diff --git a/src/objects/accounts/tests/test_oidc.py b/src/objects/accounts/tests/test_oidc.py index cf2ee7ee..bd947300 100644 --- a/src/objects/accounts/tests/test_oidc.py +++ b/src/objects/accounts/tests/test_oidc.py @@ -1,32 +1,37 @@ -from functools import partial +""" +Test authentication to the admin with OpenID Connect. + +Some of these tests use VCR. When re-recording, making sure to: + +.. code-block:: bash + + cd docker + docker compose -f keycloak/docker-compose.keycloak.yml up + +to bring up a Keycloak instance. +""" from django.urls import reverse from django.utils.translation import gettext as _ from django_webtest import WebTest from maykin_common.vcr import VCRMixin -from mozilla_django_oidc_db.models import OpenIDConnectConfig - -from objects.utils.tests.keycloak import keycloak_login, mock_oidc_db_config +from mozilla_django_oidc_db.models import OIDCClient +from mozilla_django_oidc_db.tests.mixins import OIDCMixin +from mozilla_django_oidc_db.tests.utils import keycloak_login from ..models import User -from .factories import StaffUserFactory - -mock_admin_oidc_config = partial( - mock_oidc_db_config, - app_label="mozilla_django_oidc_db", - model="OpenIDConnectConfig", - id=1, # required for the group queries because we're using in-memory objects - make_users_staff=True, - username_claim=["preferred_username"], -) +from .factories import OIDCClientFactory, StaffUserFactory -class OIDCLoginButtonTestCase(WebTest): +class OIDCLoginButtonTestCase(OIDCMixin, WebTest): def test_oidc_button_disabled(self): - config = OpenIDConnectConfig.get_solo() - config.enabled = False - config.save() + OIDCClientFactory.create( + with_keycloak_provider=True, + with_admin=True, + with_admin_options=True, + enabled=False, + ) response = self.app.get(reverse("admin:login")) @@ -38,13 +43,11 @@ def test_oidc_button_disabled(self): self.assertIsNone(oidc_login_link) def test_oidc_button_enabled(self): - config = OpenIDConnectConfig.get_solo() - config.enabled = True - config.oidc_op_token_endpoint = "https://some.endpoint.nl/" - config.oidc_op_user_endpoint = "https://some.endpoint.nl/" - config.oidc_rp_client_id = "id" - config.oidc_rp_client_secret = "secret" - config.save() + OIDCClientFactory.create( + with_keycloak_provider=True, + with_admin=True, + with_admin_options=True, + ) response = self.app.get(reverse("admin:login")) @@ -58,10 +61,28 @@ def test_oidc_button_enabled(self): oidc_login_link.attrs["href"], reverse("oidc_authentication_init") ) + def test_config_not_found(self): + assert not OIDCClient.objects.exists() + + response = self.app.get(reverse("admin:login")) -class OIDCFLowTests(VCRMixin, WebTest): - @mock_admin_oidc_config() + self.assertEqual(response.status_code, 200) + oidc_login_link = response.html.find( + "a", string=_("Login with organization account") + ) + + # Verify that the login button is not visible + self.assertIsNone(oidc_login_link) + + +class OIDCFlowTests(OIDCMixin, VCRMixin, WebTest): def test_duplicate_email_unique_constraint_violated(self): + OIDCClientFactory.create( + with_keycloak_provider=True, + with_admin=True, + with_admin_options=True, + ) + # this user collides on the email address staff_user = StaffUserFactory.create( username="no-match", email="admin@example.com" @@ -82,8 +103,8 @@ def test_duplicate_email_unique_constraint_violated(self): self.assertEqual(error_page.request.path, reverse("admin-oidc-error")) self.assertEqual( error_page.context["oidc_error"], - 'duplicate key value violates unique constraint "filled_email_unique"\n' - "DETAIL: Key (email)=(admin@example.com) already exists.", + 'duplicate key value violates unique constraint "filled_email_unique"' + "\nDETAIL: Key (email)=(admin@example.com) already exists.", ) self.assertContains( error_page, "duplicate key value violates unique constraint" @@ -96,13 +117,23 @@ def test_duplicate_email_unique_constraint_violated(self): self.assertEqual(staff_user.email, "admin@example.com") self.assertTrue(staff_user.is_staff) - @mock_admin_oidc_config() def test_happy_flow(self): + oidc_client = OIDCClientFactory.create( + with_keycloak_provider=True, + with_admin=True, + with_admin_options=True, + ) + oidc_client.options["user_settings"]["claim_mappings"]["username"] = [ + "preferred_username" + ] + oidc_client.save() + login_page = self.app.get(reverse("admin:login")) start_response = login_page.click( description=_("Login with organization account") ) assert start_response.status_code == 302 + redirect_uri = keycloak_login( start_response["Location"], username="admin", password="admin" ) @@ -116,8 +147,17 @@ def test_happy_flow(self): user = User.objects.get() self.assertEqual(user.username, "admin") - @mock_admin_oidc_config(make_users_staff=False) def test_happy_flow_existing_user(self): + oidc_client = OIDCClientFactory.create( + with_keycloak_provider=True, + with_admin=True, + with_admin_options=True, + ) + oidc_client.options["user_settings"]["claim_mappings"]["username"] = [ + "preferred_username" + ] + oidc_client.save() + staff_user = StaffUserFactory.create(username="admin", email="update-me") login_page = self.app.get(reverse("admin:login")) start_response = login_page.click( diff --git a/src/objects/fixtures/default_admin_index.json b/src/objects/fixtures/default_admin_index.json index 7ae95c50..6a97b622 100644 --- a/src/objects/fixtures/default_admin_index.json +++ b/src/objects/fixtures/default_admin_index.json @@ -54,7 +54,11 @@ ], [ "mozilla_django_oidc_db", - "openidconnectconfig" + "oidcprovider" + ], + [ + "mozilla_django_oidc_db", + "oidcclient" ], [ "log_outgoing_requests", diff --git a/src/objects/templates/maykin_2fa/login.html b/src/objects/templates/maykin_2fa/login.html index 51987a80..893945cb 100644 --- a/src/objects/templates/maykin_2fa/login.html +++ b/src/objects/templates/maykin_2fa/login.html @@ -1,8 +1,8 @@ {% extends "maykin_2fa/login.html" %} -{% load solo_tags i18n %} +{% load mozilla_django_oidc_db i18n %} {% block extra_login_options %} - {% get_solo 'mozilla_django_oidc_db.OpenIDConnectConfig' as oidc_config %} + {% get_oidc_admin_client as oidc_config %} {% if oidc_config.enabled %}