{ "info": { "_postman_id": "b21319cf-b97a-469c-9dca-095ce4614843", "name": "PingOne Advanced Identity Cloud Collection", "description": "> **Tip**\n>\n> Edit the `amRealm` Postman variable to change the realm of requests in this collection. \n\nAM uses the default authentication service configured for the realm. You can override the default by specifying authentication services in the REST request.\n\n> **Tip**\n>\n> Edit the `amAuthenticationTree` Postman variable to change the AM service used by requests in this collection. \n", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "_exporter_id": "29766250" }, "item": [ { "name": "Prerequisites", "item": [ { "name": "Step 1. Get service account access token using JWT profile", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "pm.test(\"Signed token assigned to globals\", function () {", " const signedToken = pm.globals.get(\"signedAdminServiceAccountJWT\");", " pm.expect(signedToken.length).to.greaterThan(0);", "});", "", "pm.globals.set(\"serviceAccountAccessToken\", JSONResponse.access_token);", "", "// Get custom cookie name\",", "var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());", "//pm.collectionVariables.set(\"cookieName\", customCookieName);", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse).to.have.property('access_token');", " pm.expect(JSONResponse).to.have.property('scope');", " pm.expect(JSONResponse).to.have.property('token_type');", " pm.expect(JSONResponse).to.have.property('expires_in');", "});", "", "pm.test(\"Response contains requested scopes\", function () {", " pm.expect(JSONResponse.scope).to.eql(\"fr:am:* fr:idm:*\");", "});" ], "type": "text/javascript", "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ "// Load the cryptographic utility library from global variable", "eval( pm.variables.get('postmanUtilLib') )", "", "// Collect the service account's JSON web key provided by Advanced Identity Cloud", "const keyFile = JSON.parse(pm.variables.get('postmanServiceAccountJWK'));", "", "// Specify the correct algorithm for Advanced Identity Cloud", "var header = {", " 'typ': 'JWT',", " 'alg': 'RS256'", "};", "", "// Obtain the current time", "var currentTimestamp = Math.floor(Date.now() / 1000)", "", "// Populate the request body", "var data = {", " 'iss': pm.variables.get('postmanServiceAccountID') || '',", " 'sub': pm.variables.get('postmanServiceAccountID') || '',", " 'aud': pm.variables.get('amUrl') + '/oauth2/access_token' || '',", " 'exp': currentTimestamp + 180, // Request JWT should be be short-lived", " 'jti': pm.variables.replaceIn('{{$guid}}') // A `uuid-v4` style guid", "}", "", "const signedToken = pmlib.jwtSign(keyFile, data, header, 180, 'RS256');", "pm.globals.set(\"signedAdminServiceAccountJWT\", signedToken);" ], "type": "text/javascript", "packages": {} } } ], "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_id", "value": "service-account", "type": "text" }, { "key": "grant_type", "value": "urn:ietf:params:oauth:grant-type:jwt-bearer", "type": "text" }, { "key": "assertion", "value": "{{signedAdminServiceAccountJWT}}", "type": "text" }, { "key": "scope", "value": "fr:am:* fr:idm:*", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2", "access_token" ] } }, "response": [] }, { "name": "Step 2: [fr:am:*] Create a Confidential OAuth 2.0 Client", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "const JSONResponse = pm.response.json();", "", "pm.test(\"Status code is 201 Created or 200 OK\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,201]);", "});", "", "pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse).to.have.property('_id');", " pm.expect(JSONResponse).to.have.property('advancedOAuth2ClientConfig');", " pm.expect(JSONResponse).to.have.property('coreOAuth2ClientConfig');", "});", "", "pm.test(\"Response contains requested client ID\", function () {", " pm.expect(JSONResponse._id).to.eql(pm.variables.get(\"postmanConfidentialClientId\"));", "});", "", "pm.test(\"Response contains confidential client type\", function () {", " pm.expect(JSONResponse.coreOAuth2ClientConfig.clientType.value).to.eql(\"Confidential\");", "});", "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "PUT", "header": [ { "key": "accept", "value": "application/json", "description": "Specifies certain media types which are acceptable for the resource.", "type": "text" }, { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource.", "type": "text" }, { "key": "X-Requested-With", "value": "PingOne Advanced Identity Cloud Postman Collection", "description": "Custom header.", "type": "text" }, { "key": "{{cookieName}}", "value": "{{adminSSOToken}}", "description": "SSO token of an administrator. ", "type": "text", "disabled": true } ], "body": { "mode": "raw", "raw": "{\n \"coreOAuth2ClientConfig\": {\n \"agentgroup\": \"\",\n \"status\": {\n \"inherited\": false,\n \"value\": \"Active\"\n },\n \n \"userpassword\": \"{{postmanClientSecret}}\",\n \"clientType\": {\n \"inherited\": false,\n \"value\": \"Confidential\"\n },\n \"loopbackInterfaceRedirection\": {\n \"inherited\": true,\n \"value\": true\n },\n \"redirectionUris\": {\n \"inherited\": false,\n \"value\": [\n \"{{redirectUri}}\"\n ]\n },\n \"scopes\": {\n \"inherited\": false,\n \"value\": [\n \"write\",\n \"read\",\n \"share\",\n \"print\",\n \"copy\",\n \"delete\",\n \"manage\",\n \"edit\",\n \"am-introspect-all-tokens\",\n \"openid\"\n ]\n },\n \"defaultScopes\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"clientName\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"authorizationCodeLifetime\": {\n \"inherited\": true,\n \"value\": 0\n },\n \"refreshTokenLifetime\": {\n \"inherited\": true,\n \"value\": 0\n },\n \"accessTokenLifetime\": {\n \"inherited\": true,\n \"value\": 0\n }\n },\n \"advancedOAuth2ClientConfig\": {\n \"name\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"descriptions\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"requestUris\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"responseTypes\": {\n \"inherited\": false,\n \"value\": [\n \"code\",\n \"token\"\n ]\n },\n \"grantTypes\": {\n \"inherited\": false,\n \"value\": [\n \"authorization_code\",\n \"implicit\",\n \"password\",\n \"client_credentials\",\n \"refresh_token\",\n \"urn:ietf:params:oauth:grant-type:uma-ticket\",\n \"urn:ietf:params:oauth:grant-type:device_code\",\n \"urn:ietf:params:oauth:grant-type:saml2-bearer\",\n \"urn:ietf:params:oauth:grant-type:jwt-bearer\",\n \"urn:openid:params:grant-type:ciba\"\n ]\n },\n \"contacts\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"tokenEndpointAuthMethod\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"sectorIdentifierUri\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"subjectType\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"updateAccessToken\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"clientUri\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"logoUri\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"policyUri\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"isConsentImplied\": {\n \"inherited\": true,\n \"value\": true\n },\n \"mixUpMitigation\": {\n \"inherited\": true,\n \"value\": true\n }\n },\n \"coreOpenIDClientConfig\": {\n \"claims\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"postLogoutRedirectUri\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"clientSessionUri\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"defaultMaxAge\": {\n \"inherited\": true,\n \"value\": 0\n },\n \"defaultMaxAgeEnabled\": {\n \"inherited\": true,\n \"value\": true\n },\n \"defaultAcrValues\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"jwtTokenLifetime\": {\n \"inherited\": true,\n \"value\": 0\n }\n },\n \"signEncOAuth2ClientConfig\": {\n \"jwksUri\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"jwksCacheTimeout\": {\n \"inherited\": true,\n \"value\": 0\n },\n \"jwkStoreCacheMissCacheTime\": {\n \"inherited\": true,\n \"value\": 0\n },\n \"tokenEndpointAuthSigningAlgorithm\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"jwkSet\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"idTokenSignedResponseAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"idTokenEncryptionEnabled\": {\n \"inherited\": true,\n \"value\": true\n },\n \"idTokenEncryptionAlgorithm\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"idTokenEncryptionMethod\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"idTokenPublicEncryptionKey\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"clientJwtPublicKey\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"mTLSTrustedCert\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"mTLSSubjectDN\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"mTLSCertificateBoundAccessTokens\": {\n \"inherited\": true,\n \"value\": true\n },\n \"publicKeyLocation\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"userinfoResponseFormat\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"userinfoSignedResponseAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"userinfoEncryptedResponseAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"userinfoEncryptedResponseEncryptionAlgorithm\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"requestParameterSignedAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"requestParameterEncryptedAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"requestParameterEncryptedEncryptionAlgorithm\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"tokenIntrospectionResponseFormat\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"tokenIntrospectionSignedResponseAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"tokenIntrospectionEncryptedResponseAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"tokenIntrospectionEncryptedResponseEncryptionAlgorithm\": {\n \"inherited\": true,\n \"value\": \"string\"\n }\n },\n \"coreUmaClientConfig\": {\n \"claimsRedirectionUris\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n }\n }\n}" }, "url": { "raw": "{{amUrl}}/json{{realm}}/realm-config/agents/OAuth2Client/{{postmanConfidentialClientId}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "realm-config", "agents", "OAuth2Client", "{{postmanConfidentialClientId}}" ] }, "description": "Register a demonstration confidential client, used in the OAuth 2.0 flows section of the collection." }, "response": [] }, { "name": "Step 3: [fr:am:*] Create a Public OAuth 2.0 Client", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "const JSONResponse = pm.response.json();", "", "pm.test(\"Status code is 201 Created or 200 OK\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,201]);", "});", "", "pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse).to.have.property('_id');", " pm.expect(JSONResponse).to.have.property('advancedOAuth2ClientConfig');", " pm.expect(JSONResponse).to.have.property('coreOAuth2ClientConfig');", "});", "", "pm.test(\"Response contains requested client ID\", function () {", " pm.expect(JSONResponse._id).to.eql(pm.variables.get(\"postmanPublicClientId\"));", "});", "", "pm.test(\"Response contains public client type\", function () {", " pm.expect(JSONResponse.coreOAuth2ClientConfig.clientType.value).to.eql(\"Public\");", "});" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "PUT", "header": [ { "key": "accept", "value": "application/json", "description": "Specifies certain media types which are acceptable for the resource.", "type": "text" }, { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource.", "type": "text" }, { "key": "X-Requested-With", "value": "PingOne Advanced Identity Cloud Postman Collection", "description": "Custom header.", "type": "text" }, { "key": "{{cookieName}}", "value": "{{adminSSOToken}}", "description": "SSO token of an administrator. ", "type": "text" } ], "body": { "mode": "raw", "raw": "{\n \"coreOAuth2ClientConfig\": {\n \"agentgroup\": \"\",\n \"status\": {\n \"inherited\": false,\n \"value\": \"Active\"\n },\n \n \"userpassword\": \"{{postmanClientSecret}}\",\n \"clientType\": {\n \"inherited\": false,\n \"value\": \"Public\"\n },\n \"loopbackInterfaceRedirection\": {\n \"inherited\": true,\n \"value\": true\n },\n \"redirectionUris\": {\n \"inherited\": false,\n \"value\": [\n \"{{redirectUri}}\"\n ]\n },\n \"scopes\": {\n \"inherited\": false,\n \"value\": [\n \"write\",\n \"read\",\n \"share\",\n \"print\",\n \"copy\",\n \"delete\",\n \"manage\",\n \"edit\"\n ]\n },\n \"defaultScopes\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"clientName\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"authorizationCodeLifetime\": {\n \"inherited\": true,\n \"value\": 0\n },\n \"refreshTokenLifetime\": {\n \"inherited\": true,\n \"value\": 0\n },\n \"accessTokenLifetime\": {\n \"inherited\": true,\n \"value\": 0\n }\n },\n \"advancedOAuth2ClientConfig\": {\n \"name\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"descriptions\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"requestUris\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"responseTypes\": [\n \"code\",\n \"token\"\n ],\n \"grantTypes\": {\n \"inherited\": false,\n \"value\": [\n \"authorization_code\",\n \"implicit\",\n \"password\",\n \"client_credentials\",\n \"refresh_token\",\n \"urn:ietf:params:oauth:grant-type:uma-ticket\",\n \"urn:ietf:params:oauth:grant-type:device_code\",\n \"urn:ietf:params:oauth:grant-type:saml2-bearer\",\n \"urn:ietf:params:oauth:grant-type:jwt-bearer\",\n \"urn:openid:params:grant-type:ciba\"\n ]\n },\n \"contacts\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"tokenEndpointAuthMethod\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"sectorIdentifierUri\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"subjectType\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"updateAccessToken\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"clientUri\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"logoUri\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"policyUri\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"isConsentImplied\": {\n \"inherited\": true,\n \"value\": true\n },\n \"mixUpMitigation\": {\n \"inherited\": true,\n \"value\": true\n }\n },\n \"coreOpenIDClientConfig\": {\n \"claims\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"postLogoutRedirectUri\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"clientSessionUri\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"defaultMaxAge\": {\n \"inherited\": true,\n \"value\": 0\n },\n \"defaultMaxAgeEnabled\": {\n \"inherited\": true,\n \"value\": true\n },\n \"defaultAcrValues\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"jwtTokenLifetime\": {\n \"inherited\": true,\n \"value\": 0\n }\n },\n \"signEncOAuth2ClientConfig\": {\n \"jwksUri\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"jwksCacheTimeout\": {\n \"inherited\": true,\n \"value\": 0\n },\n \"jwkStoreCacheMissCacheTime\": {\n \"inherited\": true,\n \"value\": 0\n },\n \"tokenEndpointAuthSigningAlgorithm\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"jwkSet\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"idTokenSignedResponseAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"idTokenEncryptionEnabled\": {\n \"inherited\": true,\n \"value\": true\n },\n \"idTokenEncryptionAlgorithm\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"idTokenEncryptionMethod\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"idTokenPublicEncryptionKey\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"clientJwtPublicKey\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"mTLSTrustedCert\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"mTLSSubjectDN\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"mTLSCertificateBoundAccessTokens\": {\n \"inherited\": true,\n \"value\": true\n },\n \"publicKeyLocation\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"userinfoResponseFormat\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"userinfoSignedResponseAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"userinfoEncryptedResponseAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"userinfoEncryptedResponseEncryptionAlgorithm\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"requestParameterSignedAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"requestParameterEncryptedAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"requestParameterEncryptedEncryptionAlgorithm\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"tokenIntrospectionResponseFormat\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"tokenIntrospectionSignedResponseAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"tokenIntrospectionEncryptedResponseAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"tokenIntrospectionEncryptedResponseEncryptionAlgorithm\": {\n \"inherited\": true,\n \"value\": \"string\"\n }\n },\n \"coreUmaClientConfig\": {\n \"claimsRedirectionUris\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n }\n }\n}" }, "url": { "raw": "{{amUrl}}/json{{realm}}/realm-config/agents/OAuth2Client/{{postmanPublicClientId}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "realm-config", "agents", "OAuth2Client", "{{postmanPublicClientId}}" ] }, "description": "Register a demonstration public client, used in the OAuth 2.0 flows section of the collection." }, "response": [] }, { "name": "Step 4: [fr:idm:*] Create a Demo Managed Identity in the Alpha realm", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript" } }, { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Tests", "", "pm.test(\"Status code is 201 Created or 403 Forbidden\", function () {", " pm.expect(pm.response.code).to.be.oneOf([201,403]);", "});", "", "if(pm.response.code === 201){", "", " if(JSONResponse._id && JSONResponse._id != \"\"){", " pm.globals.set(\"managedUserId\", JSONResponse._id);", " }", "", " if(JSONResponse.userName && JSONResponse.userName != \"\"){", " pm.globals.set(\"managedUsername\", JSONResponse.userName);", " }", "", " pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse).to.have.property('_id');", " pm.expect(JSONResponse).to.have.property('userName');", " pm.expect(JSONResponse).to.have.property('sn');", " pm.expect(JSONResponse).to.have.property('givenName');", " pm.expect(JSONResponse).to.have.property('mail');", " pm.expect(JSONResponse).to.have.property('telephoneNumber');", " });", "", " pm.test(\"Response does not contain password\", function () {", " pm.expect(JSONResponse).to.not.have.property('password');", " });", "", " pm.test(\"Response contains requested user name\", function () {", " pm.expect(JSONResponse.userName).to.eql(pm.variables.get(\"postmanDemoUsername\"));", " });", "};", "", "if(pm.response.code === 403){", " pm.test(\"Policy validation failed\", function () {", " pm.expect(JSONResponse.message).to.eql(\"Policy validation failed\");", " });", "", " pm.test(\"Username is not unique\", function () {", " pm.expect(JSONResponse.detail.failedPolicyRequirements[0].property).to.eql(\"userName\");", " });", "}" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "POST", "header": [], "body": { "mode": "raw", "raw": "{\n \"userName\": \"{{postmanDemoUsername}}\",\n \"sn\": \"Demo-User\",\n \"givenName\": \"Postman\",\n \"mail\": \"{{postmanDemoEmail}}\",\n \"telephoneNumber\": \"{{$randomPhoneNumber}}\",\n \"password\": \"{{postmanDemoPassword}}\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{idmUrl}}/managed/alpha_user?_action=create", "host": [ "{{idmUrl}}" ], "path": [ "managed", "alpha_user" ], "query": [ { "key": "_action", "value": "create" } ] }, "description": "Create a demonstration `alpha_user` in the Alpha realm. A number of requests in the Postman Collection require this user to be present, for example the *Intelligent Access* section." }, "response": [] } ], "description": "This Postman Collection requires a number of prerequisites in order to function.\n\nEnsure you have completed these steps at least once for each new Advanced Identity Cloud instance you connect to with the collection.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Managed Identities", "item": [ { "name": "Server-assigned ID", "item": [ { "name": "Step 1: [fr:idm:*] Create a Managed Identity", "event": [ { "listen": "prerequest", "script": { "exec": [ "const varFirstName = pm.variables.replaceIn('{{$randomFirstName}}');", "const varLastName = pm.variables.replaceIn('{{$randomLastName}}');", "const varRandomHexColor = pm.variables.replaceIn('{{$randomHexColor}}');", "const varUserName = '_postman.' + varFirstName + \".\" + varLastName;", "", "pm.variables.set(\"varFirstName\", varFirstName);", "pm.variables.set(\"varLastName\", varLastName);", "pm.variables.set(\"varUserName\", varUserName.toLowerCase());" ], "type": "text/javascript" } }, { "listen": "test", "script": { "exec": [ "//Tests", "", "pm.test(\"Status code is 201 Created\", () => {", " pm.expect(pm.response.code).to.eql(201);", "});", "", "pm.test(\"Response contains JSON data \", function () {", " pm.response.to.be.withBody;", "", " const JSONResponse = pm.response.json();", "", " // Variables", "", " if(JSONResponse._id && JSONResponse._id != \"\"){", " pm.globals.set(\"managedUserId\", JSONResponse._id);", " }", "", " if(JSONResponse.userName && JSONResponse.userName != \"\"){", " pm.globals.set(\"managedUsername\", JSONResponse.userName);", " }", "", " // Response tests", "", " pm.test(\"Response contains _id and userName\", function () {", " pm.expect(JSONResponse).to.have.property('_id');", " pm.expect(JSONResponse).to.have.property('userName');", " });", "", "});", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [], "body": { "mode": "raw", "raw": "{\n \"userName\": \"{{varUserName}}\",\n \"sn\": \"{{varLastName}}\",\n \"givenName\": \"{{varFirstName}}\",\n \"mail\": \"{{varFirstName}}.{{varLastName}}@postman.example.com\",\n \"telephoneNumber\": \"{{$randomPhoneNumber}}\",\n \"password\": \"{{$randomPassword}}{{$randomHexColor}}\",\n \"description\": \"Demo managed identity with server-assigned ID, created by Advanced Identity Cloud Postman collection.\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{platformUrl}}/openidm/managed/alpha_user?_action=create", "host": [ "{{platformUrl}}" ], "path": [ "openidm", "managed", "alpha_user" ], "query": [ { "key": "_action", "value": "create" } ] }, "description": "Create a new managed identity." }, "response": [] }, { "name": "Step 2: [fr:idm:*] Read a Managed Identity", "event": [ { "listen": "test", "script": { "exec": [ "//Tests", "", "pm.test(\"Status code is 200 OK\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains JSON data \", function () {", " pm.response.to.be.withBody;", "", " const JSONResponse = pm.response.json();", "", " // Variables", "", " if(JSONResponse._id && JSONResponse._id != \"\"){", " pm.globals.set(\"managedUserId\", JSONResponse._id);", " }", "", " if(JSONResponse.userName && JSONResponse.userName != \"\"){", " pm.globals.set(\"managedUsername\", JSONResponse.userName);", " }", "", " // Response tests", "", " pm.test(\"Response contains _id and userName\", function () {", " pm.expect(JSONResponse.result[0]).to.have.property('_id');", " pm.expect(JSONResponse.result[0]).to.have.property('userName');", " });", "", "});", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "GET", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) ", "disabled": true } ], "url": { "raw": "{{platformUrl}}/openidm/managed/alpha_user?_queryFilter=userName eq \"{{managedUsername}}\"", "host": [ "{{platformUrl}}" ], "path": [ "openidm", "managed", "alpha_user" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_queryFilter", "value": "userName eq \"{{managedUsername}}\"" } ] }, "description": "Obtain the details of a managed identity." }, "response": [] }, { "name": "Step 3: [fr:idm:*] Update a Managed Identity", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript" } }, { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "if(JSONResponse._id && JSONResponse._id != \"\"){", " pm.globals.set(\"managedUserId\", JSONResponse._id);", "}", "", "//Tests", "", "pm.test(\"Status code is 200 OK\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse).to.have.property('_id');", " pm.expect(JSONResponse).to.have.property('userName');", " pm.expect(JSONResponse).to.have.property('telephoneNumber');", "});" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) ", "disabled": true } ], "body": { "mode": "raw", "raw": "[\n {\n \"operation\": \"replace\",\n \"field\": \"/telephoneNumber\",\n \"value\": \"{{$randomPhoneNumber}}\"\n }\n]", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{platformUrl}}/openidm/managed/alpha_user?_action=patch&_queryFilter=userName eq \"{{managedUsername}}\"", "host": [ "{{platformUrl}}" ], "path": [ "openidm", "managed", "alpha_user" ], "query": [ { "key": "_action", "value": "patch" }, { "key": "_queryFilter", "value": "userName eq \"{{managedUsername}}\"" }, { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true } ] }, "description": "Update the details, in this case; the telephone number, of a managed identity." }, "response": [] }, { "name": "Step 4: [fr:idm:*] Delete a Managed Identity", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript" } }, { "listen": "test", "script": { "exec": [ "//Tests", "", "pm.test(\"Status code is 200 OK or 404 Not Found\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,404]);", "});", "", "if(pm.response.code === 200){", " const JSONResponse = pm.response.json();", " ", " pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse).to.have.property('_id');", " pm.expect(JSONResponse).to.have.property('userName');", " pm.expect(JSONResponse).to.have.property('telephoneNumber');", " });", "};" ], "type": "text/javascript" } } ], "request": { "method": "DELETE", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) ", "disabled": true } ], "body": { "mode": "raw", "raw": "", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{platformUrl}}/openidm/managed/alpha_user/:_id", "host": [ "{{platformUrl}}" ], "path": [ "openidm", "managed", "alpha_user", ":_id" ], "variable": [ { "key": "_id", "value": "{{managedUserId}}" } ] }, "description": "Delete a managed identity." }, "response": [] } ], "description": "In this section, the Advanced Identity Cloud assigns the ID to your identites, ensuring uniqueness.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Client-assigned ID", "item": [ { "name": "Step 1: [fr:idm:*] Create a Managed Identity", "event": [ { "listen": "prerequest", "script": { "exec": [ "const varFirstName = pm.variables.replaceIn('{{$randomFirstName}}');", "const varLastName = pm.variables.replaceIn('{{$randomLastName}}');", "const varRandomHexColor = pm.variables.replaceIn('{{$randomHexColor}}');", "const varUserName = '_postman.' + varFirstName + \".\" + varLastName;", "", "pm.variables.set(\"varFirstName\", varFirstName);", "pm.variables.set(\"varLastName\", varLastName);", "pm.variables.set(\"varUserName\", varUserName.toLowerCase());", "pm.variables.set(\"managedUserId\", pm.globals.replaceIn('{{$guid}}'))" ], "type": "text/javascript" } }, { "listen": "test", "script": { "exec": [ "//Tests", "", "pm.test(\"Status code is 201 Created\", () => {", " pm.expect(pm.response.code).to.eql(201);", "});", "", "pm.test(\"Response contains JSON data \", function () {", " pm.response.to.be.withBody;", "", " const JSONResponse = pm.response.json();", "", " // Variables", "", " if(JSONResponse._id && JSONResponse._id != \"\"){", " pm.globals.set(\"managedUserId\", JSONResponse._id);", " }", "", " if(JSONResponse.userName && JSONResponse.userName != \"\"){", " pm.globals.set(\"managedUsername\", JSONResponse.userName);", " }", "", " // Response tests", "", " pm.test(\"Response contains _id and userName\", function () {", " pm.expect(JSONResponse).to.have.property('_id');", " pm.expect(JSONResponse).to.have.property('userName');", " });", "", "});", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "PUT", "header": [], "body": { "mode": "raw", "raw": "{\n \"userName\": \"{{varUserName}}\",\n \"sn\": \"{{varLastName}}\",\n \"givenName\": \"{{varFirstName}}\",\n \"mail\": \"{{varFirstName}}.{{varLastName}}@postman.example.com\",\n \"telephoneNumber\": \"{{$randomPhoneNumber}}\",\n \"password\": \"{{$randomPassword}}{{$randomHexColor}}\",\n \"description\": \"Demo managed identity with client-assigned ID, created by Advanced Identity Cloud Postman collection.\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{platformUrl}}/openidm/managed/alpha_user/:_id", "host": [ "{{platformUrl}}" ], "path": [ "openidm", "managed", "alpha_user", ":_id" ], "variable": [ { "key": "_id", "value": "{{managedUserId}}" } ] } }, "response": [] }, { "name": "Step 2: [fr:idm:*] Read a Managed Identity", "event": [ { "listen": "test", "script": { "exec": [ "//Tests", "", "pm.test(\"Status code is 200 OK\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains JSON data \", function () {", " pm.response.to.be.withBody;", "", " const JSONResponse = pm.response.json();", "", " // Variables", "", " if(JSONResponse._id && JSONResponse._id != \"\"){", " pm.globals.set(\"managedUserId\", JSONResponse._id);", " }", "", " if(JSONResponse.userName && JSONResponse.userName != \"\"){", " pm.globals.set(\"managedUsername\", JSONResponse.userName);", " }", "", " // Response tests", "", " pm.test(\"Response contains _id and userName\", function () {", " pm.expect(JSONResponse).to.have.property('_id');", " pm.expect(JSONResponse).to.have.property('userName');", " });", "", "});", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "GET", "header": [], "url": { "raw": "{{platformUrl}}/openidm/managed/alpha_user/:_id", "host": [ "{{platformUrl}}" ], "path": [ "openidm", "managed", "alpha_user", ":_id" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true } ], "variable": [ { "key": "_id", "value": "{{managedUserId}}" } ] } }, "response": [] }, { "name": "Step 3: [fr:idm:*] Update a Managed Identity", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript" } }, { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "if(JSONResponse._id && JSONResponse._id != \"\"){", " pm.globals.set(\"managedUserId\", JSONResponse._id);", "}", "", "//Tests", "", "pm.test(\"Status code is 200 OK\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse).to.have.property('_id');", " pm.expect(JSONResponse).to.have.property('userName');", " pm.expect(JSONResponse).to.have.property('telephoneNumber');", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "PATCH", "header": [], "body": { "mode": "raw", "raw": "[\n {\n \"operation\": \"replace\",\n \"field\": \"/telephoneNumber\",\n \"value\": \"{{$randomPhoneNumber}}\"\n }\n]", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{platformUrl}}/openidm/managed/alpha_user/:_id", "host": [ "{{platformUrl}}" ], "path": [ "openidm", "managed", "alpha_user", ":_id" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true } ], "variable": [ { "key": "_id", "value": "{{managedUserId}}" } ] } }, "response": [] }, { "name": "Step 4: [fr:idm:*] Delete a Managed Identity", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript" } }, { "listen": "test", "script": { "exec": [ "//Tests", "", "pm.test(\"Status code is 200 OK or 404 Not Found\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,404]);", "});", "", "if(pm.response.code === 200){", " const JSONResponse = pm.response.json();", " ", " pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse).to.have.property('_id');", " pm.expect(JSONResponse).to.have.property('userName');", " pm.expect(JSONResponse).to.have.property('telephoneNumber');", " });", "};" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "DELETE", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) ", "disabled": true }, { "key": "X-OpenIDM-Username", "value": "{{adminUsername}}", "type": "text" }, { "key": "X-OpenIDM-Password", "value": "{{adminPassword}}", "type": "text" } ], "body": { "mode": "raw", "raw": "", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{platformUrl}}/openidm/managed/alpha_user/:_id", "host": [ "{{platformUrl}}" ], "path": [ "openidm", "managed", "alpha_user", ":_id" ], "variable": [ { "key": "_id", "value": "{{managedUserId}}" } ] } }, "response": [] } ] }, { "name": "[fr:idm:*] Query All Managed Identities", "event": [ { "listen": "test", "script": { "exec": [ "//Tests", "", "pm.test(\"Status code is 200 OK\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200]);", "});", "", "if(pm.response.code === 200){", " const JSONResponse = pm.response.json();", " ", "", " pm.test(\"Response returns managed users\", function () {", " pm.expect(JSONResponse.resultCount).to.be.gt(0);", " });", "};" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "GET", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) ", "disabled": true } ], "url": { "raw": "{{platformUrl}}/openidm/managed/alpha_user?_fields=userName,givenName,sn,mail,accountStatus&_prettyPrint=true&_queryFilter=true", "host": [ "{{platformUrl}}" ], "path": [ "openidm", "managed", "alpha_user" ], "query": [ { "key": "_fields", "value": "userName,givenName,sn,mail,accountStatus", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned." }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_queryFilter", "value": "true" } ] } }, "response": [] } ], "description": "User objects that are stored in the Advanced Identity Cloud are referred to as managed identities.\n\nYou can add, change, and delete managed users by using the platform UI, or over the REST interface by using these endpoints.\n\nAll of the calls in this section require administrative access. The access token is provided as a bearer token in the headers of each request.\n\n> Note:\n>\n> Some of the examples in this collection use client-assigned IDs (such as bjensen and scarter) when creating objects because it makes the examples easier to read. \n> \n> In the Server assigned IDs section they are created with IDs such as 55ef0a75-f261-47e9-a72b-f5c61c32d339. \n> \n> Generally, immutable server-assigned UUIDs are used in production environments.", "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "User Self-service", "item": [ { "name": "Registration", "item": [ { "name": "Step 1: Request \"Registration\" Journey Callback", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", "}", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId or authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId', 'authId');", "});", "", "", "" ], "type": "text/javascript" } }, { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue=Registration", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "Registration", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] }, "description": "The first step is to make a POST call to the `/json/authenticate` endpoint, without providing any credentials, or cookies.\n\nThe Advanced Identity Cloud provides a *Registration* journey out-of-the-box, which is specified in this request.\n\nEach request that is part of the registration journey uses the same `authId` value to track progress. Ensure the `authId` JWT is sent in each subsequent request, until a session token is issued." }, "response": [ { "name": "Success. Callback generated by Username and Password collectors, together in a page node.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "url": { "raw": "https://.forgeblocks.com/am/json/realms/root/realms/alpha/authenticate?authIndexType=service&authIndexValue=Login", "protocol": "https", "host": [ "", "forgeblocks", "com" ], "path": [ "am", "json", "realms", "root", "realms", "alpha", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "Login", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "2153" }, { "key": "Date", "value": "Wed, 12 Aug 2020 12:01:51 GMT" } ], "cookie": [], "body": "{\n \"authId\": \"eyJ0eXAizI1NiJ9...eyJTkNVS-36NdGPz0ldtTxs\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"\"\n }\n ],\n \"_id\": 1\n }\n ]\n}" } ] }, { "name": "Step 2: Handle \"Registration\" Journey Callback", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", " ", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId or authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId', 'authId');", "});", "" ], "type": "text/javascript" } }, { "listen": "prerequest", "script": { "exec": [ "const varFirstName = pm.variables.replaceIn('{{$randomFirstName}}');", "const varLastName = pm.variables.replaceIn('{{$randomLastName}}');", "const varRandomHexColor = pm.variables.replaceIn('{{$randomHexColor}}');", "const varUserName = '_postman.' + varFirstName + \".\" + varLastName;", "", "pm.variables.set(\"varFirstName\", varFirstName);", "pm.variables.set(\"varLastName\", varLastName);", "pm.variables.set(\"varUserName\", varUserName.toLowerCase());" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"ValidatedCreateUsernameCallback\",\n \"output\": [\n {\n \"name\": \"policies\",\n \"value\": {\n \"policyRequirements\": [\n \"REQUIRED\",\n \"MIN_LENGTH\",\n \"VALID_TYPE\",\n \"VALID_USERNAME\",\n \"CANNOT_CONTAIN_CHARACTERS\",\n \"MAX_LENGTH\"\n ],\n \"fallbackPolicies\": null,\n \"name\": \"userName\",\n \"policies\": [\n {\n \"policyRequirements\": [\n \"REQUIRED\"\n ],\n \"policyId\": \"required\"\n },\n {\n \"policyRequirements\": [\n \"REQUIRED\"\n ],\n \"policyId\": \"not-empty\"\n },\n {\n \"policyRequirements\": [\n \"MIN_LENGTH\"\n ],\n \"policyId\": \"minimum-length\",\n \"params\": {\n \"minLength\": 1\n }\n },\n {\n \"policyRequirements\": [\n \"VALID_TYPE\"\n ],\n \"policyId\": \"valid-type\",\n \"params\": {\n \"types\": [\n \"string\"\n ]\n }\n },\n {\n \"policyId\": \"valid-username\",\n \"policyRequirements\": [\n \"VALID_USERNAME\"\n ]\n },\n {\n \"params\": {\n \"forbiddenChars\": [\n \"/\"\n ]\n },\n \"policyId\": \"cannot-contain-characters\",\n \"policyRequirements\": [\n \"CANNOT_CONTAIN_CHARACTERS\"\n ]\n },\n {\n \"params\": {\n \"minLength\": 1\n },\n \"policyId\": \"minimum-length\",\n \"policyRequirements\": [\n \"MIN_LENGTH\"\n ]\n },\n {\n \"params\": {\n \"maxLength\": 255\n },\n \"policyId\": \"maximum-length\",\n \"policyRequirements\": [\n \"MAX_LENGTH\"\n ]\n }\n ],\n \"conditionalPolicies\": null\n }\n },\n {\n \"name\": \"failedPolicies\",\n \"value\": []\n },\n {\n \"name\": \"validateOnly\",\n \"value\": false\n },\n {\n \"name\": \"prompt\",\n \"value\": \"Username\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{varUserName}}\"\n },\n {\n \"name\": \"IDToken1validateOnly\",\n \"value\": false\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"StringAttributeInputCallback\",\n \"output\": [\n {\n \"name\": \"name\",\n \"value\": \"givenName\"\n },\n {\n \"name\": \"prompt\",\n \"value\": \"First Name\"\n },\n {\n \"name\": \"required\",\n \"value\": true\n },\n {\n \"name\": \"policies\",\n \"value\": {\n \"policyRequirements\": [\n \"REQUIRED\",\n \"VALID_TYPE\"\n ],\n \"fallbackPolicies\": null,\n \"name\": \"givenName\",\n \"policies\": [\n {\n \"policyRequirements\": [\n \"REQUIRED\"\n ],\n \"policyId\": \"required\"\n },\n {\n \"policyRequirements\": [\n \"VALID_TYPE\"\n ],\n \"policyId\": \"valid-type\",\n \"params\": {\n \"types\": [\n \"string\"\n ]\n }\n }\n ],\n \"conditionalPolicies\": null\n }\n },\n {\n \"name\": \"failedPolicies\",\n \"value\": []\n },\n {\n \"name\": \"validateOnly\",\n \"value\": false\n },\n {\n \"name\": \"value\",\n \"value\": \"\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{varFirstName}}\"\n },\n {\n \"name\": \"IDToken2validateOnly\",\n \"value\": false\n }\n ],\n \"_id\": 1\n },\n {\n \"type\": \"StringAttributeInputCallback\",\n \"output\": [\n {\n \"name\": \"name\",\n \"value\": \"sn\"\n },\n {\n \"name\": \"prompt\",\n \"value\": \"Last Name\"\n },\n {\n \"name\": \"required\",\n \"value\": true\n },\n {\n \"name\": \"policies\",\n \"value\": {\n \"policyRequirements\": [\n \"REQUIRED\",\n \"VALID_TYPE\"\n ],\n \"fallbackPolicies\": null,\n \"name\": \"sn\",\n \"policies\": [\n {\n \"policyRequirements\": [\n \"REQUIRED\"\n ],\n \"policyId\": \"required\"\n },\n {\n \"policyRequirements\": [\n \"VALID_TYPE\"\n ],\n \"policyId\": \"valid-type\",\n \"params\": {\n \"types\": [\n \"string\"\n ]\n }\n }\n ],\n \"conditionalPolicies\": null\n }\n },\n {\n \"name\": \"failedPolicies\",\n \"value\": []\n },\n {\n \"name\": \"validateOnly\",\n \"value\": false\n },\n {\n \"name\": \"value\",\n \"value\": \"\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken3\",\n \"value\": \"{{varLastName}}\"\n },\n {\n \"name\": \"IDToken3validateOnly\",\n \"value\": false\n }\n ],\n \"_id\": 2\n },\n {\n \"type\": \"StringAttributeInputCallback\",\n \"output\": [\n {\n \"name\": \"name\",\n \"value\": \"mail\"\n },\n {\n \"name\": \"prompt\",\n \"value\": \"Email Address\"\n },\n {\n \"name\": \"required\",\n \"value\": true\n },\n {\n \"name\": \"policies\",\n \"value\": {\n \"policyRequirements\": [\n \"REQUIRED\",\n \"VALID_TYPE\",\n \"VALID_EMAIL_ADDRESS_FORMAT\"\n ],\n \"fallbackPolicies\": null,\n \"name\": \"mail\",\n \"policies\": [\n {\n \"policyRequirements\": [\n \"REQUIRED\"\n ],\n \"policyId\": \"required\"\n },\n {\n \"policyRequirements\": [\n \"VALID_TYPE\"\n ],\n \"policyId\": \"valid-type\",\n \"params\": {\n \"types\": [\n \"string\"\n ]\n }\n },\n {\n \"policyId\": \"valid-email-address-format\",\n \"policyRequirements\": [\n \"VALID_EMAIL_ADDRESS_FORMAT\"\n ]\n }\n ],\n \"conditionalPolicies\": null\n }\n },\n {\n \"name\": \"failedPolicies\",\n \"value\": []\n },\n {\n \"name\": \"validateOnly\",\n \"value\": false\n },\n {\n \"name\": \"value\",\n \"value\": \"\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken4\",\n \"value\": \"{{postmanDemoEmail}}\"\n },\n {\n \"name\": \"IDToken4validateOnly\",\n \"value\": false\n }\n ],\n \"_id\": 3\n },\n {\n \"type\": \"BooleanAttributeInputCallback\",\n \"output\": [\n {\n \"name\": \"name\",\n \"value\": \"preferences/marketing\"\n },\n {\n \"name\": \"prompt\",\n \"value\": \"Send me special offers and services\"\n },\n {\n \"name\": \"required\",\n \"value\": true\n },\n {\n \"name\": \"policies\",\n \"value\": {}\n },\n {\n \"name\": \"failedPolicies\",\n \"value\": []\n },\n {\n \"name\": \"validateOnly\",\n \"value\": false\n },\n {\n \"name\": \"value\",\n \"value\": false\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken5\",\n \"value\": {{$randomBoolean}}\n },\n {\n \"name\": \"IDToken5validateOnly\",\n \"value\": false\n }\n ],\n \"_id\": 4\n },\n {\n \"type\": \"BooleanAttributeInputCallback\",\n \"output\": [\n {\n \"name\": \"name\",\n \"value\": \"preferences/updates\"\n },\n {\n \"name\": \"prompt\",\n \"value\": \"Send me news and updates\"\n },\n {\n \"name\": \"required\",\n \"value\": true\n },\n {\n \"name\": \"policies\",\n \"value\": {}\n },\n {\n \"name\": \"failedPolicies\",\n \"value\": []\n },\n {\n \"name\": \"validateOnly\",\n \"value\": false\n },\n {\n \"name\": \"value\",\n \"value\": false\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken6\",\n \"value\": {{$randomBoolean}}\n },\n {\n \"name\": \"IDToken6validateOnly\",\n \"value\": false\n }\n ],\n \"_id\": 5\n },\n {\n \"type\": \"ValidatedCreatePasswordCallback\",\n \"output\": [\n {\n \"name\": \"echoOn\",\n \"value\": false\n },\n {\n \"name\": \"policies\",\n \"value\": {\n \"policyRequirements\": [\n \"VALID_TYPE\"\n ],\n \"fallbackPolicies\": null,\n \"name\": \"password\",\n \"policies\": [\n {\n \"policyRequirements\": [\n \"VALID_TYPE\"\n ],\n \"policyId\": \"valid-type\",\n \"params\": {\n \"types\": [\n \"string\"\n ]\n }\n }\n ],\n \"conditionalPolicies\": null\n }\n },\n {\n \"name\": \"failedPolicies\",\n \"value\": []\n },\n {\n \"name\": \"validateOnly\",\n \"value\": false\n },\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken7\",\n \"value\": \"{{$randomPassword}}{{$randomHexColor}}\"\n },\n {\n \"name\": \"IDToken7validateOnly\",\n \"value\": false\n }\n ],\n \"_id\": 6\n },\n {\n \"type\": \"KbaCreateCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Select a security question\"\n },\n {\n \"name\": \"predefinedQuestions\",\n \"value\": [\n \"What's your favorite color?\"\n ]\n },\n {\n \"name\": \"allowUserDefinedQuestions\",\n \"value\": true\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken8question\",\n \"value\": \"What's your favorite color?\"\n },\n {\n \"name\": \"IDToken8answer\",\n \"value\": \"{{$randomColor}}\"\n }\n ],\n \"_id\": 7\n },\n {\n \"type\": \"TermsAndConditionsCallback\",\n \"output\": [\n {\n \"name\": \"version\",\n \"value\": \"0.0\"\n },\n {\n \"name\": \"terms\",\n \"value\": \"Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.\"\n },\n {\n \"name\": \"createDate\",\n \"value\": \"2019-10-28T04:20:11.320Z\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken9\",\n \"value\": true\n }\n ],\n \"_id\": 8\n }\n ],\n \"header\": \"Sign Up\",\n \"description\": \"Signing up is fast and easy.
Already have an account? Sign In\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue=Registration", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "Registration", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] }, "description": "Respond to the callbacks of the *Registration* journey.\n\nThe builtin *Registration* journey also authenticates the newly registered user and issues a session token." }, "response": [ { "name": "Success - authentication complete", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"ChoiceCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Succeed?\"\n },\n {\n \"name\": \"choices\",\n \"value\": [\n \"Yes\",\n \"No\"\n ]\n },\n {\n \"name\": \"defaultChoice\",\n \"value\": 0\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": 0\n }\n ]\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "https://.forgeblocks.com/am/json/realms/root/realms/alpha/authenticate?authIndexType=service&authIndexValue=Login", "protocol": "https", "host": [ "", "forgeblocks", "com" ], "path": [ "am", "json", "realms", "root", "realms", "alpha", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "Login", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Set-Cookie", "value": "iPlanetDirectoryPro=N60dPVcmOADQN170-8799pcqVVI.*AAJTSQACMDEAAlNLABw5QThIM0ZJd3RKcmNyWWYxSzlPaGhzcllsUXM9AAR0eXBlAANDVFMAAlMxAAA.*; Path=/; Domain=example.com; HttpOnly" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "167" }, { "key": "Date", "value": "Wed, 12 Aug 2020 14:10:41 GMT" } ], "cookie": [], "body": "{\n \"tokenId\": \"N60dPV99pcqVVI.*AAJTSQACMDEAAANDVFMAAlMxAAA.*\",\n \"successUrl\": \"/openam/console\",\n \"realm\": \"/\"\n}" } ] } ], "description": "Let non-authenticated users register to your site on their own. You can add additional security features like email verification, knowledge-based authentication (KBA) security questions, Google reCAPTCHA, and custom plugins to add to your User Self-Registration process. ", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Forgotten Username", "item": [ { "name": "Step 1: Request \"ForgottenUsername\" Journey Callback", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", "}", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId or authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId', 'authId');", "});", "", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue=ForgottenUsername", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "ForgottenUsername", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] }, "description": "The first step is to make a POST call to the `/json/authenticate` endpoint, without providing any credentials, or cookies.\n\nThe Advanced Identity Cloud provides a *Forgotten Username* journey out-of-the-box, which is specified in this request.\n\nEach request that is part of the forgotten username journey uses the same `authId` value to track progress. Ensure the `authId` JWT is sent in each subsequent request, until a session token is issued." }, "response": [ { "name": "Success. Callback generated by Username and Password collectors, together in a page node.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "2153" }, { "key": "Date", "value": "Wed, 12 Aug 2020 12:01:51 GMT" } ], "cookie": [], "body": "{\n \"authId\": \"eyJ0eXAizI1NiJ9...eyJTkNVS-36NdGPz0ldtTxs\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"\"\n }\n ],\n \"_id\": 1\n }\n ]\n}" } ] }, { "name": "Step 2: Handle \"ForgottenUsername\" Journey Callback", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have another callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", "}", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", " ", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId or authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId', 'authId');", "});", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"StringAttributeInputCallback\",\n \"output\": [\n {\n \"name\": \"name\",\n \"value\": \"mail\"\n },\n {\n \"name\": \"prompt\",\n \"value\": \"Email Address\"\n },\n {\n \"name\": \"required\",\n \"value\": true\n },\n {\n \"name\": \"policies\",\n \"value\": {}\n },\n {\n \"name\": \"failedPolicies\",\n \"value\": []\n },\n {\n \"name\": \"validateOnly\",\n \"value\": false\n },\n {\n \"name\": \"value\",\n \"value\": \"\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoEmail}}\"\n },\n {\n \"name\": \"IDToken1validateOnly\",\n \"value\": false\n }\n ],\n \"_id\": 0\n }\n ],\n \"header\": \"Forgotten Username\",\n \"description\": \"Enter your email address or Sign in\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue=ForgottenUsername", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "ForgottenUsername", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] }, "description": "Respond to the callbacks of the *Forgotten Username* journey, by providing the email address of the relevant user.\n\nThe builtin `ForgottenUsername` journey uses the Suspended Authentication feature, and sends the relevant user an email containing a \"magic link\".\n\nCopy the unique ID from the URL of that magic link, and use it in the next step to obtain the forgotten username." }, "response": [ { "name": "Success - authentication complete", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"ChoiceCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Succeed?\"\n },\n {\n \"name\": \"choices\",\n \"value\": [\n \"Yes\",\n \"No\"\n ]\n },\n {\n \"name\": \"defaultChoice\",\n \"value\": 0\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": 0\n }\n ]\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Set-Cookie", "value": "iPlanetDirectoryPro=N60dPVcmOADQN170-8799pcqVVI.*AAJTSQACMDEAAlNLABw5QThIM0ZJd3RKcmNyWWYxSzlPaGhzcllsUXM9AAR0eXBlAANDVFMAAlMxAAA.*; Path=/; Domain=example.com; HttpOnly" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "167" }, { "key": "Date", "value": "Wed, 12 Aug 2020 14:10:41 GMT" } ], "cookie": [], "body": "{\n \"tokenId\": \"N60dPV99pcqVVI.*AAJTSQACMDEAAANDVFMAAlMxAAA.*\",\n \"successUrl\": \"/openam/console\",\n \"realm\": \"/\"\n}" } ] }, { "name": "Step 3: Resume Suspended Journey using Suspended ID from Email", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Tests", "", "pm.test(\"Status code is 200 OK or 401 Unauthorized\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,401]);", "});", "", "if(pm.response.code === 200){", "", " pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse).to.have.property('authId');", " pm.expect(JSONResponse).to.have.property('callbacks');", " });", "};", "", "if(pm.response.code === 401){", " pm.test(\"Suspended ID expired or invalid\", function () {", " pm.expect(JSONResponse.message).to.eql(\"Unable to resume session. It may have expired.\");", " });", "}" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?suspendedId=suspended_id_from_email", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "suspendedId", "value": "suspended_id_from_email", "description": "Replace `suspended_id_from_email` with the unique code from the link in the email that was sent to the user, ifthey were found in the Identity Store." } ] }, "description": "Replace `suspended_id_from_email` with the unique code from the email that was sent to the user. \n\nThe *Forgotten Username* journey will continue, and the username provided." }, "response": [ { "name": "Success. Callback generated by Username and Password collectors, together in a page node.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "2153" }, { "key": "Date", "value": "Wed, 12 Aug 2020 12:01:51 GMT" } ], "cookie": [], "body": "{\n \"authId\": \"eyJ0eXAizI1NiJ9...eyJTkNVS-36NdGPz0ldtTxs\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"\"\n }\n ],\n \"_id\": 1\n }\n ]\n}" } ] } ], "description": "Lets users retrieve their forgotten usernames. If security questions are enabled, users must also correctly answer their pre-configured security questions before retrieving their usernames. ", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Reset Password", "item": [ { "name": "Step 1: Request \"ResetPassword\" Journey Callback", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", "}", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId or authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId', 'authId');", "});", "", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue=ResetPassword", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "ResetPassword", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] }, "description": "The first step is to make a POST call to the `/json/authenticate` endpoint, without providing any credentials, or cookies.\n\nThe Advanced Identity Cloud provides a *Reset Password* journey out-of-the-box, which is specified in this request.\n\nEach request that is part of the reset password journey uses the same `authId` value to track progress. Ensure the `authId` JWT is sent in each subsequent request, until a session token is issued." }, "response": [ { "name": "Success. Callback generated by Username and Password collectors, together in a page node.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "2153" }, { "key": "Date", "value": "Wed, 12 Aug 2020 12:01:51 GMT" } ], "cookie": [], "body": "{\n \"authId\": \"eyJ0eXAizI1NiJ9...eyJTkNVS-36NdGPz0ldtTxs\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"\"\n }\n ],\n \"_id\": 1\n }\n ]\n}" } ] }, { "name": "Step 2: Handle \"ResetPassword\" Journey Callback", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have another callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", "}", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Remove `authId` variable", " pm.environment.unset(\"authId\");", " ", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId or authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId', 'authId');", "});", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "followRedirects": false, "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"StringAttributeInputCallback\",\n \"output\": [\n {\n \"name\": \"name\",\n \"value\": \"mail\"\n },\n {\n \"name\": \"prompt\",\n \"value\": \"Email Address\"\n },\n {\n \"name\": \"required\",\n \"value\": true\n },\n {\n \"name\": \"policies\",\n \"value\": {}\n },\n {\n \"name\": \"failedPolicies\",\n \"value\": []\n },\n {\n \"name\": \"validateOnly\",\n \"value\": false\n },\n {\n \"name\": \"value\",\n \"value\": \"\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{demoEmailAddress}}\"\n },\n {\n \"name\": \"IDToken1validateOnly\",\n \"value\": false\n }\n ],\n \"_id\": 0\n }\n ],\n \"header\": \"Sign Up\",\n \"description\": \"Signing up is fast and easy.
Already have an account? Sign In\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue=ResetPassword", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "ResetPassword", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] }, "description": "To respond to a callback, send back the whole JSON object with the missing `input` values filled.\n\nThis request shows how to respond to a `TextInputCallback`." }, "response": [ { "name": "Success - authentication complete", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"ChoiceCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Succeed?\"\n },\n {\n \"name\": \"choices\",\n \"value\": [\n \"Yes\",\n \"No\"\n ]\n },\n {\n \"name\": \"defaultChoice\",\n \"value\": 0\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": 0\n }\n ]\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Set-Cookie", "value": "iPlanetDirectoryPro=N60dPVcmOADQN170-8799pcqVVI.*AAJTSQACMDEAAlNLABw5QThIM0ZJd3RKcmNyWWYxSzlPaGhzcllsUXM9AAR0eXBlAANDVFMAAlMxAAA.*; Path=/; Domain=example.com; HttpOnly" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "167" }, { "key": "Date", "value": "Wed, 12 Aug 2020 14:10:41 GMT" } ], "cookie": [], "body": "{\n \"tokenId\": \"N60dPV99pcqVVI.*AAJTSQACMDEAAANDVFMAAlMxAAA.*\",\n \"successUrl\": \"/openam/console\",\n \"realm\": \"/\"\n}" } ] }, { "name": "Step 3: Resume Suspended Journey using Suspended ID from Email", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Tests", "", "pm.test(\"Status code is 200 OK or 401 Unauthorized\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,401]);", "});", "", "if(pm.response.code === 200){", "", " pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse).to.have.property('authId');", " pm.expect(JSONResponse).to.have.property('callbacks');", " });", "};", "", "if(pm.response.code === 401){", " pm.test(\"Suspended ID expired or invalid\", function () {", " pm.expect(JSONResponse.message).to.eql(\"Unable to resume session. It may have expired.\");", " });", "}", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?suspendedId=suspended_id_from_email", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "suspendedId", "value": "suspended_id_from_email", "description": "Replace `suspended_id_from_email` with the unique code from the email that was sent to the user, if found in the Identity Store." } ] }, "description": "Replace `suspended_id_from_email` with the unique code from the email that was sent to the user. \n\nThe *Reset Password* journey will continue, and allow the user to specify a new password, by completing callbacks as usual." }, "response": [ { "name": "Success. Callback generated by Username and Password collectors, together in a page node.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "url": { "raw": "https://.forgeblocks.com/am/json/realms/root/realms/alpha/authenticate?authIndexType=service&authIndexValue=Login", "protocol": "https", "host": [ "", "forgeblocks", "com" ], "path": [ "am", "json", "realms", "root", "realms", "alpha", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "Login", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "2153" }, { "key": "Date", "value": "Wed, 12 Aug 2020 12:01:51 GMT" } ], "cookie": [], "body": "{\n \"authId\": \"eyJ0eXAizI1NiJ9...eyJTkNVS-36NdGPz0ldtTxs\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"\"\n }\n ],\n \"_id\": 1\n }\n ]\n}" } ] } ], "description": "Lets registered users already in your system reset their passwords. The default password policy is set in the underlying directory server and requires a minimum password length of eight characters by default. If security questions are enabled, users must also correctly answer their pre-configured security questions before resetting their passwords.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] } ], "description": "Advanced Identity Cloud provides user self-service features that lets your customers self-register to your web site, securely reset forgotten passwords, and retrieve their usernames.\n\nThese user self-service capabilities greatly reduce help desk costs and offers a rich online experience that strengthens customer loyalty. ", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Intelligent Access", "item": [ { "name": "Step 1: Request Callbacks", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", " ", " // Determine next request based on detected callbacks", " frUtils.detectCallbacks(responseBody);", "}", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", " ", " // Skip to session info request", " postman.setNextRequest(\"Step 3: [User] Get Session Info\");", "}", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId or authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId', 'authId');", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] }, "description": "The first step is to make a POST call to the `/json/authenticate` endpoint, without providing any credentials, or cookies.\n\nDepending on how complex the authentication journey is, AM may return several callbacks sequentially. Each must be completed and returned to AM until authentication is successful.\n\nEach request that is part of the authentication journey uses the same `authId` value to track progress. Ensure the `authId` JWT is sent in each subsequent request, until a session token is issued.\n\nFor the next step, choose the appropriate request to complete the callback that was returned." }, "response": [ { "name": "Success. Callback generated by Username and Password collectors, together in a page node.", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "2153" }, { "key": "Date", "value": "Wed, 12 Aug 2020 12:01:51 GMT" } ], "cookie": [], "body": "{\n \"authId\": \"eyJ0eXAizI1NiJ9...eyJTkNVS-36NdGPz0ldtTxs\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"\"\n }\n ],\n \"_id\": 1\n }\n ]\n}" } ] }, { "name": "Step 2a: Handle Username / Password Callback", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", " ", " // Determine next request based on detected callbacks", " frUtils.detectCallbacks(responseBody);", "}", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", " ", " // Skip to session info request", " postman.setNextRequest(\"Step 3: [User] Get Session Info\");", "}", "", "// Get custom cookie name\",", "var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());", "pm.collectionVariables.set(\"cookieName\", customCookieName);", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId or authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId', 'authId');", "});", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] }, "description": "To respond to a callback, send back the whole JSON object with the missing `input` values filled.\n\nThis request shows how to respond to the `NameCallback` and `PasswordCallback` callbacks." }, "response": [ { "name": "Success - authentication complete", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Set-Cookie", "value": "iPlanetDirectoryPro=0_OKRrdKWp4qNlomyaBn3lRl23U.*AAJTSQACMDEAAlNLABxiNmZiTnVSV05IbUFNbWprV3ZndUlNdlVYNDg9AAR0eXBlAANDVFMAAlMxAAA.*; Path=/; Domain=example.com; HttpOnly" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "167" }, { "key": "Date", "value": "Wed, 12 Aug 2020 14:08:53 GMT" } ], "cookie": [], "body": "{\n \"tokenId\": \"N60dPV99pcqVVI.*AAJTSQACMDEAAANDVFMAAlMxAAA.*\",\n \"successUrl\": \"/openam/console\",\n \"realm\": \"/\"\n}" } ] }, { "name": "Step 2b: Handle Validated Username / Password Callback", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", " ", " // Determine next request based on detected callbacks", " frUtils.detectCallbacks(responseBody);", "}", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", " ", " // Skip to session info request", " postman.setNextRequest(\"Step 3: [User] Get Session Info\");", "}", "", "// Get custom cookie name\",", "var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());", "pm.collectionVariables.set(\"cookieName\", customCookieName);", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId or authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId', 'authId');", "});", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"ValidatedCreateUsernameCallback\",\n \"output\": [\n {\n \"name\": \"policies\",\n \"value\": {}\n },\n {\n \"name\": \"failedPolicies\",\n \"value\": []\n },\n {\n \"name\": \"validateOnly\",\n \"value\": false\n },\n {\n \"name\": \"prompt\",\n \"value\": \"Username\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n },\n {\n \"name\": \"IDToken1validateOnly\",\n \"value\": false\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"ValidatedCreatePasswordCallback\",\n \"output\": [\n {\n \"name\": \"echoOn\",\n \"value\": false\n },\n {\n \"name\": \"policies\",\n \"value\": {}\n },\n {\n \"name\": \"failedPolicies\",\n \"value\": []\n },\n {\n \"name\": \"validateOnly\",\n \"value\": false\n },\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n },\n {\n \"name\": \"IDToken2validateOnly\",\n \"value\": false\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] }, "description": "To respond to a callback, send back the whole JSON object with the missing `input` values filled.\n\nThis request shows how to respond to the `ValidatedCreateUsernameCallback` and `ValidatedCreatePasswordCallback` callbacks." }, "response": [ { "name": "Success - authentication complete", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Set-Cookie", "value": "iPlanetDirectoryPro=0_OKRrdKWp4qNlomyaBn3lRl23U.*AAJTSQACMDEAAlNLABxiNmZiTnVSV05IbUFNbWprV3ZndUlNdlVYNDg9AAR0eXBlAANDVFMAAlMxAAA.*; Path=/; Domain=example.com; HttpOnly" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "167" }, { "key": "Date", "value": "Wed, 12 Aug 2020 14:08:53 GMT" } ], "cookie": [], "body": "{\n \"tokenId\": \"N60dPV99pcqVVI.*AAJTSQACMDEAAANDVFMAAlMxAAA.*\",\n \"successUrl\": \"/openam/console\",\n \"realm\": \"/\"\n}" } ] }, { "name": "Step 2c: Handle Choice Callback", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", " ", " // Determine next request based on detected callbacks", " frUtils.detectCallbacks(responseBody);", "}", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", " ", " // Skip to session info request", " postman.setNextRequest(\"Step 3: [User] Get Session Info\");", "}", "", "// Get custom cookie name\",", "var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());", "pm.collectionVariables.set(\"cookieName\", customCookieName);", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId or authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId', 'authId');", "});", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"ChoiceCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Succeed?\"\n },\n {\n \"name\": \"choices\",\n \"value\": [\n \"Yes\",\n \"No\"\n ]\n },\n {\n \"name\": \"defaultChoice\",\n \"value\": 0\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": 0\n }\n ]\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] }, "description": "To respond to a callback, send back the whole JSON object with the missing `input` values filled.\n\nThis request shows how to respond to the `ChoiceCallback` callback." }, "response": [ { "name": "Success - authentication complete", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"ChoiceCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Succeed?\"\n },\n {\n \"name\": \"choices\",\n \"value\": [\n \"Yes\",\n \"No\"\n ]\n },\n {\n \"name\": \"defaultChoice\",\n \"value\": 0\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": 0\n }\n ]\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Set-Cookie", "value": "iPlanetDirectoryPro=N60dPVcmOADQN170-8799pcqVVI.*AAJTSQACMDEAAlNLABw5QThIM0ZJd3RKcmNyWWYxSzlPaGhzcllsUXM9AAR0eXBlAANDVFMAAlMxAAA.*; Path=/; Domain=example.com; HttpOnly" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "167" }, { "key": "Date", "value": "Wed, 12 Aug 2020 14:10:41 GMT" } ], "cookie": [], "body": "{\n \"tokenId\": \"N60dPV99pcqVVI.*AAJTSQACMDEAAANDVFMAAlMxAAA.*\",\n \"successUrl\": \"/openam/console\",\n \"realm\": \"/\"\n}" } ] }, { "name": "Step 2d: Handle Text Input Callback", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", " ", " // Determine next request based on detected callbacks", " frUtils.detectCallbacks(responseBody);", "}", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", " ", " // Skip to session info request", " postman.setNextRequest(\"Step 3: [User] Get Session Info\");", "}", "", "// Get custom cookie name\",", "var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());", "pm.collectionVariables.set(\"cookieName\", customCookieName);", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId or authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId', 'authId');", "});", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"TextInputCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Enter a word:\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{$randomLoremWord}}\"\n }\n ]\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] }, "description": "To respond to a callback, send back the whole JSON object with the missing `input` values filled.\n\nThis request shows how to respond to a `TextInputCallback`." }, "response": [ { "name": "Success - authentication complete", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"ChoiceCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Succeed?\"\n },\n {\n \"name\": \"choices\",\n \"value\": [\n \"Yes\",\n \"No\"\n ]\n },\n {\n \"name\": \"defaultChoice\",\n \"value\": 0\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": 0\n }\n ]\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Set-Cookie", "value": "iPlanetDirectoryPro=N60dPVcmOADQN170-8799pcqVVI.*AAJTSQACMDEAAlNLABw5QThIM0ZJd3RKcmNyWWYxSzlPaGhzcllsUXM9AAR0eXBlAANDVFMAAlMxAAA.*; Path=/; Domain=example.com; HttpOnly" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "167" }, { "key": "Date", "value": "Wed, 12 Aug 2020 14:10:41 GMT" } ], "cookie": [], "body": "{\n \"tokenId\": \"N60dPV99pcqVVI.*AAJTSQACMDEAAANDVFMAAlMxAAA.*\",\n \"successUrl\": \"/openam/console\",\n \"realm\": \"/\"\n}" } ] }, { "name": "Step 2e: Handle Device Profile Callback", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", " ", " // Determine next request based on detected callbacks", " frUtils.detectCallbacks(responseBody);", "}", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", " ", " // Skip to session info request", " postman.setNextRequest(\"Step 3: [User] Get Session Info\");", "}", "", "// Get custom cookie name\",", "var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());", "pm.collectionVariables.set(\"cookieName\", customCookieName);", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId or authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId', 'authId');", "});", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"DeviceProfileCallback\",\n \"output\": [\n {\n \"name\": \"metadata\",\n \"value\": true\n },\n {\n \"name\": \"location\",\n \"value\": true\n },\n {\n \"name\": \"message\",\n \"value\": \"Collecting.....\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{\\r\\n \\\"identifier\\\":\\\"aec3fe784...o3Xjiizyb9=\\\",\\r\\n \\\"alias\\\":\\\"Example Pixel 3 XL\\\",\\r\\n \\\"metadata\\\":{\\r\\n \\\"platform\\\":{\\r\\n \\\"platform\\\":\\\"Android\\\",\\r\\n \\\"version\\\":28,\\r\\n \\\"device\\\":\\\"generic_x86_arm\\\",\\r\\n \\\"deviceName\\\":\\\"AOSP on IA Emulator\\\",\\r\\n \\\"model\\\":\\\"AOSP on IA Emulator\\\",\\r\\n \\\"brand\\\":\\\"google\\\",\\r\\n \\\"locale\\\":\\\"en_US\\\",\\r\\n \\\"timeZone\\\":\\\"America\\/Vancouver\\\",\\r\\n \\\"jailBreakScore\\\":1\\r\\n },\\r\\n \\\"hardware\\\":{\\r\\n \\\"hardware\\\":\\\"ranchu\\\",\\r\\n \\\"manufacturer\\\":\\\"Google\\\",\\r\\n \\\"storage\\\":774,\\r\\n \\\"memory\\\":1494,\\r\\n \\\"cpu\\\":4,\\r\\n \\\"display\\\":{\\r\\n \\\"width\\\":1440,\\r\\n \\\"height\\\":2621,\\r\\n \\\"orientation\\\":1\\r\\n },\\r\\n \\\"camera\\\":{\\r\\n \\\"numberOfCameras\\\":2\\r\\n }\\r\\n },\\r\\n \\\"browser\\\":{\\r\\n \\\"agent\\\":\\\"Dalvik\\/2.1.0 (Linux; U; Android 9; AOSP on IA Emulator Build\\/PSR1.180720.117)\\\"\\r\\n },\\r\\n \\\"bluetooth\\\":{\\r\\n \\\"supported\\\":false\\r\\n },\\r\\n \\\"network\\\":{\\r\\n \\\"connected\\\":true\\r\\n },\\r\\n \\\"telephony\\\":{\\r\\n \\\"networkCountryIso\\\":\\\"us\\\",\\r\\n \\\"carrierName\\\":\\\"Android\\\"\\r\\n }\\r\\n },\\r\\n \\\"location\\\":{\\r\\n \\\"latitude\\\":{{$randomLatitude}},\\r\\n \\\"Longitude\\\":{{$randomLongitude}}\\r\\n }\\r\\n}\"\n }\n ]\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] }, "description": "To respond to a callback, send back the whole JSON object with the missing `input` values filled.\n\nThis request shows how to respond to a `DeviceProfileCallback`.\n\nThe example data in the request body represents a Google Android emulator device." }, "response": [ { "name": "Success - authentication complete", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"ChoiceCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Succeed?\"\n },\n {\n \"name\": \"choices\",\n \"value\": [\n \"Yes\",\n \"No\"\n ]\n },\n {\n \"name\": \"defaultChoice\",\n \"value\": 0\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": 0\n }\n ]\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Set-Cookie", "value": "iPlanetDirectoryPro=N60dPVcmOADQN170-8799pcqVVI.*AAJTSQACMDEAAlNLABw5QThIM0ZJd3RKcmNyWWYxSzlPaGhzcllsUXM9AAR0eXBlAANDVFMAAlMxAAA.*; Path=/; Domain=example.com; HttpOnly" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "167" }, { "key": "Date", "value": "Wed, 12 Aug 2020 14:10:41 GMT" } ], "cookie": [], "body": "{\n \"tokenId\": \"N60dPV99pcqVVI.*AAJTSQACMDEAAANDVFMAAlMxAAA.*\",\n \"successUrl\": \"/openam/console\",\n \"realm\": \"/\"\n}" } ] }, { "name": "Step 2f: Handle Progressive Profile Callback", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", " ", " // Determine next request based on detected callbacks", " frUtils.detectCallbacks(responseBody);", "}", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", " ", " // Skip to session info request", " postman.setNextRequest(\"Step 3: [User] Get Session Info\");", "}", "", "// Get custom cookie name\",", "var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());", "pm.collectionVariables.set(\"cookieName\", customCookieName);", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId or authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId', 'authId');", "});", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"BooleanAttributeInputCallback\",\n \"output\": [\n {\n \"name\": \"name\",\n \"value\": \"preferences/updates\"\n },\n {\n \"name\": \"prompt\",\n \"value\": \"Send me news and updates\"\n },\n {\n \"name\": \"required\",\n \"value\": false\n },\n {\n \"name\": \"policies\",\n \"value\": {}\n },\n {\n \"name\": \"failedPolicies\",\n \"value\": []\n },\n {\n \"name\": \"validateOnly\",\n \"value\": false\n },\n {\n \"name\": \"value\",\n \"value\": false\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": false\n },\n {\n \"name\": \"IDToken1validateOnly\",\n \"value\": false\n }\n ],\n \"_id\": 2\n },\n {\n \"type\": \"BooleanAttributeInputCallback\",\n \"output\": [\n {\n \"name\": \"name\",\n \"value\": \"preferences/marketing\"\n },\n {\n \"name\": \"prompt\",\n \"value\": \"Send me special offers and services\"\n },\n {\n \"name\": \"required\",\n \"value\": false\n },\n {\n \"name\": \"policies\",\n \"value\": {}\n },\n {\n \"name\": \"failedPolicies\",\n \"value\": []\n },\n {\n \"name\": \"validateOnly\",\n \"value\": false\n },\n {\n \"name\": \"value\",\n \"value\": false\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": false\n },\n {\n \"name\": \"IDToken2validateOnly\",\n \"value\": false\n }\n ],\n \"_id\": 3\n }\n ],\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] }, "description": "To respond to a callback, send back the whole JSON object with the missing `input` values filled.\n\nThis request shows how to respond to `BooleanAttributeInputCallback` callbacks used by the *Progressive Profiling* nodes." }, "response": [ { "name": "Success - authentication complete", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"ChoiceCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Succeed?\"\n },\n {\n \"name\": \"choices\",\n \"value\": [\n \"Yes\",\n \"No\"\n ]\n },\n {\n \"name\": \"defaultChoice\",\n \"value\": 0\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": 0\n }\n ]\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "{{loginJourney}}", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Set-Cookie", "value": "iPlanetDirectoryPro=N60dPVcmOADQN170-8799pcqVVI.*AAJTSQACMDEAAlNLABw5QThIM0ZJd3RKcmNyWWYxSzlPaGhzcllsUXM9AAR0eXBlAANDVFMAAlMxAAA.*; Path=/; Domain=example.com; HttpOnly" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "167" }, { "key": "Date", "value": "Wed, 12 Aug 2020 14:10:41 GMT" } ], "cookie": [], "body": "{\n \"tokenId\": \"N60dPV99pcqVVI.*AAJTSQACMDEAAANDVFMAAlMxAAA.*\",\n \"successUrl\": \"/openam/console\",\n \"realm\": \"/\"\n}" } ] }, { "name": "Step 3: [User] Get Session Info", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "description": "Specifies the session token to query. To obtain information about a different token, specify it in the `tokenId` parameter of the POST body." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/sessions` endpoint to use.", "type": "text", "disabled": true } ], "url": { "raw": "{{amUrl}}/json{{realm}}/sessions?_action=getSessionInfo", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "sessions" ], "query": [ { "key": "_action", "value": "getSessionInfo", "description": "Specifies a request to get information about a session, such as idle times." } ] }, "description": "Once the user has completed all the required callbacks, they are issued their session token. You can use the token to obtain information about the session.\n\nTo obtain information about a session, perform an HTTP POST to the `/json/sessions/` endpoint, using the `getSessionInfo` action. \n\nThe endpoint returns information about the provided session token by default. \n\n> Tip: \n>\n> To get information about a different session token, include it in the POST body, as the value of the `tokenId` parameter." }, "response": [ { "name": "Success", "originalRequest": { "method": "POST", "header": [ { "key": "iPlanetDirectoryPro", "value": "{{demoSSOToken}}", "description": "Specifies the session token to query. To obtain information about a different token, specify it in the `tokenId` parameter of the POST body." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/sessions` endpoint to use.", "type": "text" } ], "url": { "raw": "{{amUrl}}/json{{realm}}/sessions?_action=getSessionInfo", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "sessions" ], "query": [ { "key": "_action", "value": "getSessionInfo", "description": "Specifies a request to get information about a session, such as idle times." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Content-API-Version", "value": "resource=2.2" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Content-Type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "302" }, { "key": "Date", "value": "Wed, 12 Aug 2020 14:23:25 GMT" } ], "cookie": [], "body": "{\n \"username\": \"demo\",\n \"universalId\": \"id=demo,ou=user,dc=openam,dc=forgerock,dc=org\",\n \"realm\": \"/\",\n \"latestAccessTime\": \"2020-08-12T14:23:23Z\",\n \"maxIdleExpirationTime\": \"2020-08-12T14:53:23Z\",\n \"maxSessionExpirationTime\": \"2020-08-12T16:23:22Z\",\n \"properties\": {\n \"AMCtxId\": \"e2fe9cef-dce1-41e4-ab15-0c85a88bf8cd-66167\"\n }\n}" } ] }, { "name": "Step 4: [User] Logout", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains expected JSON.\", function () {", " pm.expect(pm.response.to.have.jsonBody(\"result\",\"Successfully logged out\"));", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "description": "Specifies the session token to log out. To terminate a different session, specify its session token in the `tokenId` parameter of the POST body." }, { "key": "Accept-API-Version", "value": "resource=3.1, protocol=1.0", "description": "Specifies the version of the /json/sessions endpoint to use." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/sessions/?_action=logout", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "sessions", "" ], "query": [ { "key": "_action", "value": "logout", "description": "Specifies a request to log out, or invalidate, a session." } ] }, "description": "To invalidate, or log out a session, perform an HTTP POST to the `/json/sessions/` endpoint using the `logout` action. \n\nThe endpoint invalidates the session identified by the provided session token.\n\n> Tip:\n>\n> To invalidate a different session token, include it in the POST body as the value of the `tokenId` parameter." }, "response": [ { "name": "Success", "originalRequest": { "method": "POST", "header": [ { "key": "iplanetDirectoryPro", "value": "{{demoSSOToken}}", "description": "Specifies the session token to log out. To obtain information about a different token, specify it in the `tokenId` parameter of the POST body." }, { "key": "Accept-API-Version", "value": "resource=3.1, protocol=1.0", "description": "Specifies the version of the /json/sessions endpoint to use." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/sessions/?_action=logout", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "sessions", "" ], "query": [ { "key": "_action", "value": "logout", "description": "Specifies a request to log out, or invalidate, a session." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Content-API-Version", "value": "resource=3.2" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Set-Cookie", "value": "iPlanetDirectoryPro=\"\"; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path=/; Domain=example.com; HttpOnly" }, { "key": "Set-Cookie", "value": "amlbcookie=LOGOUT; Expires=Thu, 01 Jan 1970 00:00:10 GMT; Path=/; Domain=example.com" }, { "key": "Content-Type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "36" }, { "key": "Date", "value": "Wed, 12 Aug 2020 14:23:45 GMT" } ], "cookie": [], "body": "{\n \"result\": \"Successfully logged out\"\n}" } ] } ], "description": "The `/json/authenticate` endpoint supports callback mechanisms to perform complex authentication journeys. Whenever AM needs to return or request information, it will return a JSON object with the authentication step, the authentication identifier, and the related callbacks.\n\nThe following types of callbacks are available:\n\n- Read-only callbacks. AM uses read-only callbacks to provide information to the user, such as text messages or the amount of time that the user needs to wait before continuing their authentication journey.\n- Interactive callbacks. AM uses interactive callbacks ask the user for information. For example, to request their user name and password, or to request that the user chooses between different options.\n- Backchannel callbacks. AM uses backchannel callbacks when it needs to access additional information from the user's request. For example, when it requires a particular header or a certificate.\n \n\nRead-only and interactive callbacks have an array of output elements suitable for displaying to the end user. The JSON returned in interactive callbacks also contains an array of input elements, which must be completed and returned to AM." }, { "name": "Identity Profiles", "item": [ { "name": "Authenticate as \"Postman Demo User\"", "item": [ { "name": "Step 1: Start Login Journey", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", "}", "", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('authId');", "});", "", "", "" ], "type": "text/javascript", "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "This collection documents version 2.1 of the authentication resource." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] }, "description": "To get started, log in to the authorization server using the credentials of the administator to receive an administrative SSO token needed for the following prerequisites. \n" }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "This collection documents version 2.1 of the authentication resource." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "private" }, { "key": "content-api-version", "value": "resource=2.1" }, { "key": "expires", "value": "0" }, { "key": "pragma", "value": "no-cache" }, { "key": "set-cookie", "value": "amlbcookie=01; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "content-type", "value": "application/json" }, { "key": "Content-Length", "value": "2574" }, { "key": "date", "value": "Wed, 21 May 2025 16:42:26 GMT" }, { "key": "x-forgerock-transactionid", "value": "e3721723-80d1-42c0-ba73-a8e972d9a103" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"authId\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3aGl0ZWxpc3Qtc3RhdGUiOiJlMjVmZWM2Ni05MGYwLTQ2NmEtYmM5Mi0zMjgxNzFkZjhhY2EiLCJhdXRoSW5kZXhWYWx1ZSI6IkxvZ2luIiwib3RrIjoiMmlrN2c2M203b203Yzlncm42NnNyc2hmdjEiLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2FscGhhIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNREUuKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU214aWJVMXBUMmxLUWsxVVNUUlJNRXBFVEZWb1ZFMXFWVEpKYVhkcFdWZDRia2xxYjJsYVIyeDVTVzR3TGk1dVN6UjRkbW8zTUZKVlJEZGxWbUYyYTNaSlQyOVJMa1puVW1KVkxXSnpNV3g2Y25sWmQyOXZUWEJDY1Vrek4wOXBORzlqU1ZNM2IyRTFkbkZUV1RCME9GcFZjWEl4VUV4Q1drbGZjRzVaTlVoVWNERnhORGM1UlRSTlpXbERZWFZqZWxWM1pYaHNTMVp1WjNZM05sVkxUMFpEY210aVJtbDZkekV0WmxkQlgxaE1UWEUyTm5sMk5GUllWMlJ0ZW1WMk1HcFVZbEJyTlRSWmQxZHVORk5mTW0xaU4ybDVWakp4TW1weGRVeFFNM0Z2ZGpKelVFVTVTVmxXU205elp5MUtNbkJmVlZVMGFYVmtZVWR5TFZaYWFYUjRUMlpaY2xoTFNUUXhZMkpOZDBOWlNuUTVjakJyVGtGaU5uSnFXWFJhTVcxTU9XWkdZbk5QVEdkVmRGOXlVelpXWjFjNGEyMDNaa1Z0VWtkRGMzQnljUzFMUW1SSlZrZFVZM05RZFhscFYyTnpRVFJXZDB4TlVHUXRTMFpmUkU5aWIzSlJaMDh5YWw5WldraG5OMFZoUm1adWJFdFJkVGxOY1dWSVoySmtXWGxtVmswM1FWRklSMFpNT1hGSU5Hc3djbU5RTTNvM0xUbFdPRGxaTkhGd09FSmlNelJrWDJGWFJsZFlURzlyWW5GcVF6WnFURGRmY0hRemJrdEJXVFJXWjBwWU5XUnpPVEYxUkdNelVrc3lSVFUzU1VoemFVRndObUpNVFhCVVZFRjFUbEpoVUU4NFlrZHlNVVprVFdoamJESkNZMVpqV2xvdFJqWm5XbGxJY1ZkSFNsbGhibGR6TmpGU1lWVlNSMk51Ums4MGIySXpXRGRLYjFsSlRHRldaMGRaUjNOTVRXbENlbXBuZWpkc2QyWlJVbVJ5VUdGT1Zta3hZMkpuY2pkM1NtMTFaVTQxY1VGTVZsazVUbWRpVHpJM1ozbGhZVFZYWld4T1ZscFpabEV6TldVNVdGOTNZMGc1YWpCZlQxbG9VR1kxTTA5RmF6Rm1aazQ1TkVZd2NuQnBWVkpqVWtSMk9WQkhNakZUV21wQlVHRXdjRWRoWnpGU1ltd3lRelEyVGpsMlRDMVRhRzlqWDNWbFUxaGxZWEJPYUZVNExWQjRNbWh5VWpjMVpqbEpXbUpyVTB0UlZ6bHVPVGRsTlRCQk5XSnFRbUZ0UVdKblowbFJkR2t4TkY5ZmJETmhMVTVYVXpKMldHOVBlVTF5VjAxdlYySkdkRVY1T1RKTmJYWXhRbEV0VjNKVlpIZFpNRTFaU1RJeFNGWXlTblZJWlVsMFh6ZDZTMnh2YzAxZlltVXRRVzFmZW5rd1NXMXlNQzU1ZVZCVFluZFJRVWhSV0ZSbVN5MWxhWEZ0TTFSUi5LLTJScUhuTFpKbHRXX2xSRFRaNHU5cUEyYzdBRk4tSjh3YkttS19Ud0o4IiwiZXhwIjoxNzQ3ODQ2MDQ2LCJpYXQiOjE3NDc4NDU3NDZ9.QbQuh-lA5dJpHxijlVmxAY2S64po-pHQtWcChP9hVOA\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"\"\n }\n ],\n \"_id\": 1\n }\n ],\n \"header\": \"Sign In\",\n \"description\": \"New here? Create an account
Forgot username? Forgot password?\"\n}" } ] }, { "name": "Step 2: Authenticate as Postman demo user", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", "}", "", "// Get custom cookie name\",", "var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());", "pm.collectionVariables.set(\"cookieName\", customCookieName);", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId');", "});", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "disabled": true }, { "key": "authIndexValue", "value": "PasswordGrant", "disabled": true } ] }, "description": "To respond to a callback, send back the whole JSON object with the missing `input` values filled.\n\nThis request shows how to respond to the NameCallback and PasswordCallback callbacks.\n\nOverride the values in this response to the callbacks by using the `amDemoUsername` and `amDemoPassword` Postman variables." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.0, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"Chis-postmanDemoUser\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"Ch4ng3it!\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "https://.forgeblocks.com/am/json/realms/root/realms/alpha/authenticate?authIndexType=service&authIndexValue=Login", "protocol": "https", "host": [ "", "forgeblocks", "com" ], "path": [ "am", "json", "realms", "root", "realms", "alpha", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service", "description": "Allows the request to configure the service (for example, an authentication tree) to use for this request." }, { "key": "authIndexValue", "value": "Login", "description": "Specifies the name of the service to use for this request.\nOverride this value using the `amAuthenticationTree` Postman variable." } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "private" }, { "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }, { "key": "Set-Cookie", "value": "iPlanetDirectoryPro=0_OKRrdKWp4qNlomyaBn3lRl23U.*AAJTSQACMDEAAlNLABxiNmZiTnVSV05IbUFNbWprV3ZndUlNdlVYNDg9AAR0eXBlAANDVFMAAlMxAAA.*; Path=/; Domain=example.com; HttpOnly" }, { "key": "Set-Cookie", "value": "amlbcookie=01; Path=/; Domain=example.com; HttpOnly" }, { "key": "Content-API-Version", "value": "resource=2.1" }, { "key": "Expires", "value": "0" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Content-Type", "value": "application/json" }, { "key": "Content-Length", "value": "167" }, { "key": "Date", "value": "Wed, 12 Aug 2020 14:08:53 GMT" } ], "cookie": [], "body": "{\n \"tokenId\": \"N60dPV99pcqVVI.*AAJTSQACMDEAAANDVFMAAlMxAAA.*\",\n \"successUrl\": \"/openam/console\",\n \"realm\": \"/\"\n}" } ] }, { "name": "Step 3: [User] Read session info and store ID", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request return session info Token?", "if(JSONResponse.username && JSONResponse.username != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoUserId\", JSONResponse.username);", "", "}", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=4.0", "description": "(Required) " }, { "key": "Content-Type", "value": "application/json" }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "{{amUrl}}/json{{realm}}/sessions?_prettyPrint=true&_action=getsessioninfo", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "sessions" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_action", "value": "getsessioninfo" } ] }, "description": "It reads and returns the information about the requested session." }, "response": [ { "name": "Success", "originalRequest": { "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " } ], "body": { "mode": "raw", "raw": "{\n \"tokenId\": \"\"\n}" }, "url": { "raw": "{{amUrl}}/json{{realm}}/sessions#4.0_action_getsessioninfo?&_prettyPrint=true&_action=", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "sessions" ], "hash": "4.0_action_getsessioninfo?&_prettyPrint=true&_action=" } }, "status": "OK", "code": 200, "_postman_previewlanguage": "text", "header": [ { "key": "Content-Type", "value": "*/*" } ], "cookie": [], "body": "" } ] } ] }, { "name": "Authorized OAuth 2.0 Clients", "item": [ { "name": "Step 1: [User] Query Authorized OAuth 2.0 Clients", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request contain results?", "if(JSONResponse.resultCount && JSONResponse.resultCount > 0)", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"oauth2App\", JSONResponse.result[0]._id);", "}", "else", "{", " pm.globals.set(\"oauth2App\", \"none_found\"); ", "}", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains resultCount\", function () {", " pm.expect(JSONResponse.resultCount).to.be.a(\"number\");", "});" ], "type": "text/javascript" } } ], "request": { "method": "GET", "header": [ { "key": "Accept-API-Version", "value": "resource=1.1", "description": "(Required) " }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "url": { "raw": "{{amUrl}}/json{{realm}}/users/:demoUserId/oauth2/applications?_prettyPrint=true&_queryFilter=true", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":demoUserId", "oauth2", "applications" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_queryFilter", "value": "true", "description": "(Required) " } ], "variable": [ { "key": "demoUserId", "value": "{{demoUserId}}" } ] }, "description": "Get a list of the applications that have been granted OAuth 2.0 access. Only `_queryFilter=true` is supported." }, "response": [] }, { "name": "Step 2: [User] Delete Authorized OAuth 2.0 Client", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 200 or 404\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,404]);", "});", "", "if(pm.response.code === 200){", "", " const JSONResponse = pm.response.json();", "", " pm.test(\"Deleted expected OAuth 2.0 app\", function () {", " pm.expect(JSONResponse._id).to.eql(pm.globals.get(\"oauth2App\"));", " });", "", "};" ], "type": "text/javascript" } } ], "request": { "method": "DELETE", "header": [ { "key": "Accept-API-Version", "value": "resource=1.1", "description": "(Required) " }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user_ID/oauth2/applications/:oauth2App_ID?_prettyPrint=true#1.1_delete", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user_ID", "oauth2", "applications", ":oauth2App_ID" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." } ], "hash": "1.1_delete", "variable": [ { "key": "user_ID", "value": "{{demoUserId}}" }, { "key": "oauth2App_ID", "value": "{{oauth2App}}" } ] }, "description": "Delete the tokens for the specified client ID." }, "response": [ { "name": "Success", "originalRequest": { "method": "DELETE", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " } ], "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user/oauth2/applications/{{clientId}}#1.1_delete?&_prettyPrint=true", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user", "oauth2", "applications", "{{clientId}}" ], "hash": "1.1_delete?&_prettyPrint=true", "variable": [ { "key": "user" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "text", "header": [ { "key": "Content-Type", "value": "*/*" } ], "cookie": [], "body": "" } ] } ], "description": "Many of the OAuth 2.0/OpenID Connect flows require the user to explicitly agree to provide the client with access to their resources.\n\nManage the users' OAuth 2.0 clients using these endpoints.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Devices", "item": [ { "name": "Trusted Device Profiles", "item": [ { "name": "Step 1: [User] Query Trusted Device Profiles", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request contain results?", "if(JSONResponse.resultCount && JSONResponse.resultCount > 0)", "{", " // Set `deviceProfileId` variable", " pm.globals.set(\"deviceProfileId\", JSONResponse.result[0]._id);", "}", "else", "{", " pm.globals.set(\"deviceProfileId\", \"none_found\"); ", "}", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains resultCount\", function () {", " pm.expect(JSONResponse.resultCount).to.be.a(\"number\");", "});", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "GET", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user/devices/profile?_queryFilter=true", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user", "devices", "profile" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable.", "disabled": true }, { "key": "_queryFilter", "value": "true", "description": "(Required) " } ], "variable": [ { "key": "user", "value": "{{demoUserId}}" } ] }, "description": "Query the user devices" }, "response": [] }, { "name": "Step 2: [User] Update Trusted Device Profile", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 200 or 404\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,404]);", "});", "", "if(pm.response.code === 200){", "", " const JSONResponse = pm.response.json();", "", " pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse).to.have.property('alias');", " pm.expect(JSONResponse).to.have.property('_id');", " })", "", "};" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "PUT", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " }, { "key": "If-Match", "value": "*", "description": "(Required) " }, { "key": "Content-Type", "value": "application/json" }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "raw", "raw": "{\n \"alias\": \"{{$randomUserName}}'s Device\"\n}" }, "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user/devices/profile/:deviceProfileId?_prettyPrint=true#1.0_update", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user", "devices", "profile", ":deviceProfileId" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." } ], "hash": "1.0_update", "variable": [ { "key": "user", "value": "{{demoUserId}}" }, { "key": "deviceProfileId", "value": "{{deviceProfileId}}" } ] }, "description": "Update an existing user device alias" }, "response": [] }, { "name": "Step 3: [fr:am:*] Delete Trusted Device Profile", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 200 or 404\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,404]);", "});", "", "if(pm.response.code === 200){", "", " const JSONResponse = pm.response.json();", "", " pm.test(\"Deleted expected device profile\", function () {", " pm.expect(JSONResponse._id).to.eql(pm.globals.get(\"deviceProfileId\"));", " });", "", "};" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "DELETE", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " }, { "key": "If-Match", "value": "", "description": "(Required) " }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user/devices/profile/:deviceProfileId?_prettyPrint=true#1.0_delete", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user", "devices", "profile", ":deviceProfileId" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." } ], "hash": "1.0_delete", "variable": [ { "key": "user", "value": "{{demoUserId}}" }, { "key": "deviceProfileId", "value": "{{deviceProfileId}}" } ] }, "description": "Delete user device" }, "response": [] } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "OATH", "item": [ { "name": "Step 1: [User] Query OATH devices", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request contain results?", "if(JSONResponse.resultCount && JSONResponse.resultCount > 0)", "{", " // Set `oathDeviceId` variable", " pm.globals.set(\"oathDeviceId\", JSONResponse.result[0]._id);", "}", "else", "{", " pm.globals.set(\"oathDeviceId\", \"none_found\"); ", "}", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains resultCount\", function () {", " pm.expect(JSONResponse.resultCount).to.be.a(\"number\");", "});", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "GET", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user/devices/2fa/oath?_prettyPrint=true&_queryFilter=true#1.0_query_filter", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user", "devices", "2fa", "oath" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_queryFilter", "value": "true", "description": "(Required) " } ], "hash": "1.0_query_filter", "variable": [ { "key": "user", "value": "{{demoUserId}}", "description": "(Required) The identifier for the user for which the request is regarding." } ] }, "description": "Query the user's device profile" }, "response": [] }, { "name": "Step 2: [User] Read OATH device \"Skip\" status", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Tests", "", "pm.test(\"Status code is 200 OK\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Skip status is either true or false\", function () {", " pm.expect(JSONResponse.result).to.be.a(\"boolean\");", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " }, { "key": "Content-Type", "value": "application/json" }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user/devices/2fa/oath?_prettyPrint=true&_action=check", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user", "devices", "2fa", "oath" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_action", "value": "check", "description": "(Required) " } ], "variable": [ { "key": "user", "value": "{{demoUserId}}", "description": "(Required) The identifier for the user for which the request is regarding." } ] }, "description": "Checks if the user's Authenticator OATH module is 'skippable' and returns the result as a boolean" }, "response": [] }, { "name": "Step 3: [fr:am:*] Update OATH device \"Skip\" status", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "pm.test(\"Status code is 200 OK\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{\n \"value\": true\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user/devices/2fa/oath?_action=skip", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user", "devices", "2fa", "oath" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_action", "value": "skip", "description": "(Required) " } ], "variable": [ { "key": "user", "value": "{{demoUserId}}", "description": "(Required) The identifier for the user for which the request is regarding." } ] }, "description": "Sets the user's ability to skip an Authenticator OATH module" }, "response": [] }, { "name": "Step 4: [fr:am:*] Delete OATH device", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 200 OK, 401 Unauthorized, or 403 Forbidden\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,401,403]);", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{}" }, "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user/devices/2fa/oath?_action=reset", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user", "devices", "2fa", "oath" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_action", "value": "reset", "description": "(Required) " } ], "variable": [ { "key": "user", "value": "{{demoUserId}}", "description": "(Required) The identifier for the user for which the request is regarding." } ] }, "description": "Sets the user's 'skippable' selection of Authenticator OATH module to default (NOT_SET) and deletes their profiles attribute" }, "response": [] } ] }, { "name": "Push", "item": [ { "name": "Step 1: [User] Query Push devices", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request contain results?", "if(JSONResponse.resultCount && JSONResponse.resultCount > 0)", "{", " // Set `pushDeviceId` variable", " pm.globals.set(\"pushDeviceId\", JSONResponse.result[0]._id);", "}", "else", "{", " pm.globals.set(\"pushDeviceId\", \"none_found\"); ", "}", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains resultCount\", function () {", " pm.expect(JSONResponse.resultCount).to.be.a(\"number\");", "});", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "GET", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user/devices/2fa/push?_prettyPrint=true&_queryFilter=true#1.0_query_filter", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user", "devices", "2fa", "push" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_queryFilter", "value": "true", "description": "(Required) " } ], "hash": "1.0_query_filter", "variable": [ { "key": "user", "value": "{{demoUserId}}", "description": "(Required) The identifier for the user for which the request is regarding." } ] }, "description": "Query the user's device profile" }, "response": [] }, { "name": "Step 2: [User] Read Push device \"Skip\" status", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Tests", "", "pm.test(\"Status code is 200 OK\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Skip status is either true or false\", function () {", " pm.expect(JSONResponse.result).to.be.a(\"boolean\");", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " }, { "key": "Content-Type", "value": "application/json" }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user/devices/2fa/push?_prettyPrint=true&_action=check", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user", "devices", "2fa", "push" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_action", "value": "check", "description": "(Required) " } ], "variable": [ { "key": "user", "value": "{{demoUserId}}", "description": "(Required) The identifier for the user for which the request is regarding." } ] }, "description": "Checks if the user's Authenticator Push module is 'skippable' and returns the result as a boolean" }, "response": [] }, { "name": "Step 3: [fr:am:*] Update Push device \"Skip\" status", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "pm.test(\"Status code is 200 OK or 404 Not Found\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,404]);", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " }, { "key": "Content-Type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{\n \"value\": false\n}" }, "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user/devices/2fa/push?_prettyPrint=true&_action=skip", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user", "devices", "2fa", "push" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_action", "value": "skip", "description": "(Required) " } ], "variable": [ { "key": "user", "value": "{{demoUserId}}", "description": "(Required) The identifier for the user for which the request is regarding." } ] }, "description": "Sets the user's ability to skip an Authenticator Push module" }, "response": [] }, { "name": "Step 4: [fr:am:*] Delete Push device", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 200 OK, 401 Unauthorized, or 403 Forbidden\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,401,403]);", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " }, { "key": "Content-Type", "value": "application/json" }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text", "disabled": true } ], "body": { "mode": "raw", "raw": "{}" }, "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user/devices/2fa/push?_prettyPrint=true&_action=reset", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user", "devices", "2fa", "push" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_action", "value": "reset" } ], "variable": [ { "key": "user", "value": "{{demoUserId}}", "description": "(Required) The identifier for the user for which the request is regarding." } ] }, "description": "Sets the user's 'skippable' selection of Authenticator Push module to default (NOT_SET) and deletes their profile's attribute" }, "response": [] } ] }, { "name": "WebAuthn", "item": [ { "name": "Step 1: [User] Query WebAuthn devices", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request contain results?", "if(JSONResponse.resultCount && JSONResponse.resultCount > 0)", "{", " // Set `webAuthnDeviceId` variable", " pm.globals.set(\"webAuthnDeviceId\", JSONResponse.result[0]._id);", "}", "else", "{", " pm.globals.set(\"webAuthnDeviceId\", \"none_found\"); ", "}", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains resultCount\", function () {", " pm.expect(JSONResponse.resultCount).to.be.a(\"number\");", "});", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "GET", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user/devices/2fa/webauthn?_prettyPrint=true&_queryFilter=true", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user", "devices", "2fa", "webauthn" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_queryFilter", "value": "true", "description": "(Required) " } ], "variable": [ { "key": "user", "value": "{{demoUserId}}", "description": "(Required) The identifier for the user for which the request is regarding." } ] }, "description": "Query the user's WebAuthn devices" }, "response": [] }, { "name": "Step 2: [fr:am:*] Update WebAuthn device name", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 200 OK or 404 Not Found\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,404]);", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "PUT", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " }, { "key": "Content-Type", "value": "application/json" }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text", "disabled": true }, { "key": "If-Match", "value": "*", "type": "text" } ], "body": { "mode": "raw", "raw": "{\n \"deviceName\": \"{{$randomUserName}}'s WebAuthn Device\"\n}" }, "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user/devices/2fa/webauthn/:webAuthnDeviceId?_prettyPrint=true", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user", "devices", "2fa", "webauthn", ":webAuthnDeviceId" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." } ], "variable": [ { "key": "user", "value": "{{demoUserId}}", "description": "(Required) The identifier for the user for which the request is regarding." }, { "key": "webAuthnDeviceId", "value": "{{webAuthnDeviceId}}" } ] }, "description": "Update an existing WebAuthn user device" }, "response": [] }, { "name": "Step 3: [fr:am:*] Delete WebAuthn device", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 200 OK, 401 Unauthorized, 403 Forbidden, or 404 Not Found\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,401,403,404]);", "});" ], "type": "text/javascript" } } ], "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "DELETE", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "url": { "raw": "{{amUrl}}/json{{realm}}/users/:user/devices/2fa/webauthn/:webAuthnDeviceId?_prettyPrint=true", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "users", ":user", "devices", "2fa", "webauthn", ":webAuthnDeviceId" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." } ], "variable": [ { "key": "user", "value": "{{demoUserId}}", "description": "(Required) The identifier for the user for which the request is regarding." }, { "key": "webAuthnDeviceId", "value": "{{webAuthnDeviceId}}" } ] }, "description": "Delete WebAuthn user device" }, "response": [] } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] } ], "description": "Multi-factor authentication requires your users to register a device, which is used as an additional factor.\n\nQuery and manage those devices with these endpoints.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] } ], "description": "Users in the Advanced Identity Cloud have a record in the system containing various pieces of information relevant to them.\n\nWe call these records \"profiles\", and they can represent information such as the devices they use to authenticate, or the OAuth 2.0 clients they have given consent to use their data.", "auth": { "type": "noauth" }, "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "OAuth 2.0 Flows", "item": [ { "name": "Authorization Code Grant", "item": [ { "name": "Step 1: Start Login Journey", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", "}", "", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('authId');", "});", "", "", "" ], "type": "text/javascript", "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "This collection documents version 2.1 of the authentication resource." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] }, "description": "To get started, log in to the authorization server using the credentials of the administator to receive an administrative SSO token needed for the following prerequisites. \n" }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "This collection documents version 2.1 of the authentication resource." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "private" }, { "key": "content-api-version", "value": "resource=2.1" }, { "key": "expires", "value": "0" }, { "key": "pragma", "value": "no-cache" }, { "key": "set-cookie", "value": "amlbcookie=01; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "content-type", "value": "application/json" }, { "key": "Content-Length", "value": "2574" }, { "key": "date", "value": "Wed, 21 May 2025 16:42:26 GMT" }, { "key": "x-forgerock-transactionid", "value": "e3721723-80d1-42c0-ba73-a8e972d9a103" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"authId\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3aGl0ZWxpc3Qtc3RhdGUiOiJlMjVmZWM2Ni05MGYwLTQ2NmEtYmM5Mi0zMjgxNzFkZjhhY2EiLCJhdXRoSW5kZXhWYWx1ZSI6IkxvZ2luIiwib3RrIjoiMmlrN2c2M203b203Yzlncm42NnNyc2hmdjEiLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2FscGhhIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNREUuKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU214aWJVMXBUMmxLUWsxVVNUUlJNRXBFVEZWb1ZFMXFWVEpKYVhkcFdWZDRia2xxYjJsYVIyeDVTVzR3TGk1dVN6UjRkbW8zTUZKVlJEZGxWbUYyYTNaSlQyOVJMa1puVW1KVkxXSnpNV3g2Y25sWmQyOXZUWEJDY1Vrek4wOXBORzlqU1ZNM2IyRTFkbkZUV1RCME9GcFZjWEl4VUV4Q1drbGZjRzVaTlVoVWNERnhORGM1UlRSTlpXbERZWFZqZWxWM1pYaHNTMVp1WjNZM05sVkxUMFpEY210aVJtbDZkekV0WmxkQlgxaE1UWEUyTm5sMk5GUllWMlJ0ZW1WMk1HcFVZbEJyTlRSWmQxZHVORk5mTW0xaU4ybDVWakp4TW1weGRVeFFNM0Z2ZGpKelVFVTVTVmxXU205elp5MUtNbkJmVlZVMGFYVmtZVWR5TFZaYWFYUjRUMlpaY2xoTFNUUXhZMkpOZDBOWlNuUTVjakJyVGtGaU5uSnFXWFJhTVcxTU9XWkdZbk5QVEdkVmRGOXlVelpXWjFjNGEyMDNaa1Z0VWtkRGMzQnljUzFMUW1SSlZrZFVZM05RZFhscFYyTnpRVFJXZDB4TlVHUXRTMFpmUkU5aWIzSlJaMDh5YWw5WldraG5OMFZoUm1adWJFdFJkVGxOY1dWSVoySmtXWGxtVmswM1FWRklSMFpNT1hGSU5Hc3djbU5RTTNvM0xUbFdPRGxaTkhGd09FSmlNelJrWDJGWFJsZFlURzlyWW5GcVF6WnFURGRmY0hRemJrdEJXVFJXWjBwWU5XUnpPVEYxUkdNelVrc3lSVFUzU1VoemFVRndObUpNVFhCVVZFRjFUbEpoVUU4NFlrZHlNVVprVFdoamJESkNZMVpqV2xvdFJqWm5XbGxJY1ZkSFNsbGhibGR6TmpGU1lWVlNSMk51Ums4MGIySXpXRGRLYjFsSlRHRldaMGRaUjNOTVRXbENlbXBuZWpkc2QyWlJVbVJ5VUdGT1Zta3hZMkpuY2pkM1NtMTFaVTQxY1VGTVZsazVUbWRpVHpJM1ozbGhZVFZYWld4T1ZscFpabEV6TldVNVdGOTNZMGc1YWpCZlQxbG9VR1kxTTA5RmF6Rm1aazQ1TkVZd2NuQnBWVkpqVWtSMk9WQkhNakZUV21wQlVHRXdjRWRoWnpGU1ltd3lRelEyVGpsMlRDMVRhRzlqWDNWbFUxaGxZWEJPYUZVNExWQjRNbWh5VWpjMVpqbEpXbUpyVTB0UlZ6bHVPVGRsTlRCQk5XSnFRbUZ0UVdKblowbFJkR2t4TkY5ZmJETmhMVTVYVXpKMldHOVBlVTF5VjAxdlYySkdkRVY1T1RKTmJYWXhRbEV0VjNKVlpIZFpNRTFaU1RJeFNGWXlTblZJWlVsMFh6ZDZTMnh2YzAxZlltVXRRVzFmZW5rd1NXMXlNQzU1ZVZCVFluZFJRVWhSV0ZSbVN5MWxhWEZ0TTFSUi5LLTJScUhuTFpKbHRXX2xSRFRaNHU5cUEyYzdBRk4tSjh3YkttS19Ud0o4IiwiZXhwIjoxNzQ3ODQ2MDQ2LCJpYXQiOjE3NDc4NDU3NDZ9.QbQuh-lA5dJpHxijlVmxAY2S64po-pHQtWcChP9hVOA\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"\"\n }\n ],\n \"_id\": 1\n }\n ],\n \"header\": \"Sign In\",\n \"description\": \"New here? Create an account
Forgot username? Forgot password?\"\n}" } ] }, { "name": "Step 2: Authenticate as Postman demo user", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", "}", "", "// Get custom cookie name\",", "var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());", "pm.collectionVariables.set(\"cookieName\", customCookieName);", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId');", "});", "", "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ] }, "description": "To respond to a callback, send back the whole JSON object with the missing `input` values filled.\n\nThis request shows how to respond to the NameCallback and PasswordCallback callbacks.\n\nOverride the values in this response to the callbacks by using the `amDemoUsername` and `amDemoPassword` Postman variables." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ] } }, "_postman_previewlanguage": "Text", "header": [], "cookie": [], "body": "" } ] }, { "name": "Step 3: [User] Get Authorization Code", "event": [ { "listen": "test", "script": { "exec": [ "const querystring = require('querystring');", "location = pm.response.headers.get('location');", "params = {};", "", "if (location) {", " parts = location.split('?');", " if (1 in parts) {", " params = querystring.parse(parts[1]);", " }", "}", "", "if (params.code)", "{", " pm.globals.set(\"authorization_code\", params.code);", "}", "", "// Tests", "", "pm.test(\"Status code is 302\", () => {", " pm.expect(pm.response.code).to.eql(302);", "});", "", "pm.test(\"Response contains a location header\", () => {", " pm.expect(location).to.be.a(\"string\");", "});", "", "pm.test(\"Location header contains `code` argument\", () => {", " pm.expect(params.code).to.be.a(\"string\");", "});" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "followRedirects": false, "disableCookies": true, "protocolVersion": "http1", "followOriginalHttpMethod": false, "followAuthorizationHeader": false, "removeRefererHeaderOnRedirect": false }, "request": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "scope", "value": "write ", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" }, { "key": "response_type", "value": "code", "description": "Response types the client will support and use.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "decision", "value": "allow", "description": "Decision that grants access to the authentication code. When using a browser, the user would consent that the client can access their information. This flow can be used machine-to-machine, by assuming consent, for example between two services provided by the same organization.", "type": "text" }, { "key": "csrf", "value": "{{demoSSOToken}}", "description": "SSO token of the demo user, to protect against cross-site request forgery.", "type": "text" }, { "key": "state", "value": "abc123", "type": "text" }, { "key": "service", "value": "{{loginJourney}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/authorize", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "authorize" ] }, "description": "Get the authorization code by making a call to the authorization server's authorization endpoint, specifying the SSO token of the user.\n" }, "response": [ { "name": "Example (see headers)", "originalRequest": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "scope", "value": "write ", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" }, { "key": "response_type", "value": "code", "description": "Response types the client will support and use.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "decision", "value": "allow", "description": "The complete URI to which client redirects the user if the request is successful.", "type": "text" }, { "key": "csrf", "value": "{{demoSSOToken}}", "description": "SSO token of the demo user, to protect against cross-site request forgery.", "type": "text" }, { "key": "state", "value": "abc123", "type": "text" }, { "key": "service", "value": "{{loginJourney}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/authorize", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "authorize" ] } }, "status": "Found", "code": 302, "_postman_previewlanguage": "plain", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "no-store" }, { "key": "location", "value": "https://httpbin.org/anything?code=RnB8YM5jPKw3K49SaEUsPnLPeE4&iss=https%3A%2F%2Fopenam-docs-rapid.forgeblocks.com%3A443%2Fam%2Foauth2%2Frealms%2Froot%2Frealms%2Falpha&state=abc123&client_id=postmanConfidentialClient" }, { "key": "pragma", "value": "no-cache" }, { "key": "set-cookie", "value": "OAUTH_REQUEST_ATTRIBUTES=DELETED; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "Content-Length", "value": "0" }, { "key": "date", "value": "Wed, 21 May 2025 18:16:15 GMT" }, { "key": "x-forgerock-transactionid", "value": "7fbbf871-7113-4685-9f39-7570bd292677" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "" } ] }, { "name": "Step 4: [User] Exchange the Authorization Code for an Access Token", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {} } }, { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "if(JSONResponse.access_token && JSONResponse.access_token != \"\")", "{", " pm.globals.set(\"access_token\", JSONResponse.access_token);", "}", "", "if(JSONResponse.refresh_token && JSONResponse.refresh_token != \"\")", "{", " pm.globals.set(\"refresh_token\", JSONResponse.refresh_token);", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(JSONResponse.access_token).to.be.a(\"string\");", "});", "", "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "authorization_code", "description": "The grant type required for the Authorization Code grant.", "type": "text" }, { "key": "code", "value": "{{authorization_code}}", "description": "The authentication code.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Authenticate with the authorization server using the details of the confidential client and the authorization code recieved in the previous call.\n" }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "authorization_code", "description": "The grant type required for the Authorization Code grant.", "type": "text" }, { "key": "code", "value": "{{authorization_code}}", "description": "The authentication code.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "no-store" }, { "key": "pragma", "value": "no-cache" }, { "key": "content-type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "2026" }, { "key": "date", "value": "Wed, 21 May 2025 18:22:19 GMT" }, { "key": "x-forgerock-transactionid", "value": "16179230-318a-4350-b665-c77ff66bc1f7" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"access_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNzk2NGMzMWMtODVlNC00NmIwLWE0NTMtOGM1OTNiMjU4OGIyLTM3NjI0Iiwic3VibmFtZSI6IjZkMDUzN2IzLWU1MjMtNDgwZC05ZDBhLTg0ZDI1YWM3YTJlNSIsImlzcyI6Imh0dHBzOi8vb3BlbmFtLWRvY3MtcmFwaWQuZm9yZ2VibG9ja3MuY29tOjQ0My9hbS9vYXV0aDIvcmVhbG1zL3Jvb3QvcmVhbG1zL2FscGhhIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoid1drV1JiZTdndkhXNmhwU0ljQS15M3BGbmNBIiwiY2xpZW50X2lkIjoicG9zdG1hbkNvbmZpZGVudGlhbENsaWVudCIsImF1ZCI6InBvc3RtYW5Db25maWRlbnRpYWxDbGllbnQiLCJuYmYiOjE3NDc4NTE3MzksImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJzY29wZSI6WyJ3cml0ZSJdLCJhdXRoX3RpbWUiOjE3NDc4NTE3MjYsInJlYWxtIjoiL2FscGhhIiwiZXhwIjoxNzQ3ODU1MzM5LCJpYXQiOjE3NDc4NTE3MzksImV4cGlyZXNfaW4iOjM2MDAsImp0aSI6Ikd2dUFQaFllTTJQelp3U29Xd2xwLXlDMmVDdyJ9.WLHu4_49W4pBdVh2BqoMF9DgoaHVK-do05XBv655Q-I\",\n \"refresh_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNzk2NGMzMWMtODVlNC00NmIwLWE0NTMtOGM1OTNiMjU4OGIyLTM3NjI1Iiwic3VibmFtZSI6IjZkMDUzN2IzLWU1MjMtNDgwZC05ZDBhLTg0ZDI1YWM3YTJlNSIsImlzcyI6Imh0dHBzOi8vb3BlbmFtLWRvY3MtcmFwaWQuZm9yZ2VibG9ja3MuY29tOjQ0My9hbS9vYXV0aDIvcmVhbG1zL3Jvb3QvcmVhbG1zL2FscGhhIiwidG9rZW5OYW1lIjoicmVmcmVzaF90b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJhdXRoR3JhbnRJZCI6IndXa1dSYmU3Z3ZIVzZocFNJY0EteTNwRm5jQSIsImNsaWVudF9pZCI6InBvc3RtYW5Db25maWRlbnRpYWxDbGllbnQiLCJhdWQiOiJwb3N0bWFuQ29uZmlkZW50aWFsQ2xpZW50IiwiYWNyIjoiMCIsIm5iZiI6MTc0Nzg1MTczOSwiZ3JhbnRfdHlwZSI6ImF1dGhvcml6YXRpb25fY29kZSIsInNjb3BlIjpbIndyaXRlIl0sImF1dGhfdGltZSI6MTc0Nzg1MTcyNiwicmVhbG0iOiIvYWxwaGEiLCJleHAiOjE3NDg0NTY1MzksImlhdCI6MTc0Nzg1MTczOSwiZXhwaXJlc19pbiI6NjA0ODAwLCJqdGkiOiJZbWRNQ2s5TkpUUXF2TFdhTW9xMVBLS09xN1EifQ.d448UX6M1nVhNY7zg0fCz5nPj6Qkgawphi9Z3mQu7LU\",\n \"scope\": \"write\",\n \"token_type\": \"Bearer\",\n \"expires_in\": 3599\n}" } ] }, { "name": "Step 5: Introspect the Access Token", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "const JSONResponse = pm.response.json();", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains correct `client_id`.\", function () {", " pm.expect(JSONResponse.client_id).to.eql(pm.collectionVariables.get(\"postmanConfidentialClientId\"));", "});", "", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text", "disabled": true } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{access_token}}", "description": "Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] }, "description": "Retrieve metadata about the active access token, such as, approved scopes, the user that authorized the token, and the expiry time." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text", "disabled": true } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{access_token}}", "description": "Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "content-type", "value": "application/json;charset=UTF-8" }, { "key": "date", "value": "Wed, 21 May 2025 18:23:06 GMT" }, { "key": "x-forgerock-transactionid", "value": "51221345-856e-4996-94f5-1a1d7106672b" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" }, { "key": "Transfer-Encoding", "value": "chunked" } ], "cookie": [], "body": "{\n \"active\": true,\n \"scope\": \"write\",\n \"realm\": \"/alpha\",\n \"client_id\": \"postmanConfidentialClient\",\n \"user_id\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"username\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"token_type\": \"Bearer\",\n \"exp\": 1747855339,\n \"sub\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"iss\": \"https://openam-docs-rapid.forgeblocks.com:443/am/oauth2/realms/root/realms/alpha\",\n \"subname\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"auth_level\": 0,\n \"authGrantId\": \"wWkWRbe7gvHW6hpSIcA-y3pFncA\",\n \"auditTrackingId\": \"7964c31c-85e4-46b0-a453-8c593b2588b2-37624\",\n \"expires_in\": 3552\n}" } ] } ], "description": "The Authorization Code grant is a two-step interactive process used when a client, for example, a Java application running on a server, requires access to protected resources.\n\nThe Authorization Code grant is the most secure of all the OAuth 2.0 grants for the following reasons:\n\n\tIt is a two-step process: the user must authenticate and authorize the client to see the resources and the authorization server must validate the code again before issuing the access token.\n\t\n\tThe authorization server delivers the access token directly to the client, usually over HTTPS. The client secret is never exposed publicly, which protects confidential clients.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Authorization Code Grant with PKCE", "item": [ { "name": "Step 1: Start Login Journey", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", "}", "", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('authId');", "});", "", "", "" ], "type": "text/javascript", "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "This collection documents version 2.1 of the authentication resource." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] }, "description": "To get started, log in to the authorization server using the credentials of the administator to receive an administrative SSO token needed for the following prerequisites. \n" }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "This collection documents version 2.1 of the authentication resource." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "private" }, { "key": "content-api-version", "value": "resource=2.1" }, { "key": "expires", "value": "0" }, { "key": "pragma", "value": "no-cache" }, { "key": "set-cookie", "value": "amlbcookie=01; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "content-type", "value": "application/json" }, { "key": "Content-Length", "value": "2574" }, { "key": "date", "value": "Wed, 21 May 2025 16:42:26 GMT" }, { "key": "x-forgerock-transactionid", "value": "e3721723-80d1-42c0-ba73-a8e972d9a103" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"authId\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3aGl0ZWxpc3Qtc3RhdGUiOiJlMjVmZWM2Ni05MGYwLTQ2NmEtYmM5Mi0zMjgxNzFkZjhhY2EiLCJhdXRoSW5kZXhWYWx1ZSI6IkxvZ2luIiwib3RrIjoiMmlrN2c2M203b203Yzlncm42NnNyc2hmdjEiLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2FscGhhIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNREUuKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU214aWJVMXBUMmxLUWsxVVNUUlJNRXBFVEZWb1ZFMXFWVEpKYVhkcFdWZDRia2xxYjJsYVIyeDVTVzR3TGk1dVN6UjRkbW8zTUZKVlJEZGxWbUYyYTNaSlQyOVJMa1puVW1KVkxXSnpNV3g2Y25sWmQyOXZUWEJDY1Vrek4wOXBORzlqU1ZNM2IyRTFkbkZUV1RCME9GcFZjWEl4VUV4Q1drbGZjRzVaTlVoVWNERnhORGM1UlRSTlpXbERZWFZqZWxWM1pYaHNTMVp1WjNZM05sVkxUMFpEY210aVJtbDZkekV0WmxkQlgxaE1UWEUyTm5sMk5GUllWMlJ0ZW1WMk1HcFVZbEJyTlRSWmQxZHVORk5mTW0xaU4ybDVWakp4TW1weGRVeFFNM0Z2ZGpKelVFVTVTVmxXU205elp5MUtNbkJmVlZVMGFYVmtZVWR5TFZaYWFYUjRUMlpaY2xoTFNUUXhZMkpOZDBOWlNuUTVjakJyVGtGaU5uSnFXWFJhTVcxTU9XWkdZbk5QVEdkVmRGOXlVelpXWjFjNGEyMDNaa1Z0VWtkRGMzQnljUzFMUW1SSlZrZFVZM05RZFhscFYyTnpRVFJXZDB4TlVHUXRTMFpmUkU5aWIzSlJaMDh5YWw5WldraG5OMFZoUm1adWJFdFJkVGxOY1dWSVoySmtXWGxtVmswM1FWRklSMFpNT1hGSU5Hc3djbU5RTTNvM0xUbFdPRGxaTkhGd09FSmlNelJrWDJGWFJsZFlURzlyWW5GcVF6WnFURGRmY0hRemJrdEJXVFJXWjBwWU5XUnpPVEYxUkdNelVrc3lSVFUzU1VoemFVRndObUpNVFhCVVZFRjFUbEpoVUU4NFlrZHlNVVprVFdoamJESkNZMVpqV2xvdFJqWm5XbGxJY1ZkSFNsbGhibGR6TmpGU1lWVlNSMk51Ums4MGIySXpXRGRLYjFsSlRHRldaMGRaUjNOTVRXbENlbXBuZWpkc2QyWlJVbVJ5VUdGT1Zta3hZMkpuY2pkM1NtMTFaVTQxY1VGTVZsazVUbWRpVHpJM1ozbGhZVFZYWld4T1ZscFpabEV6TldVNVdGOTNZMGc1YWpCZlQxbG9VR1kxTTA5RmF6Rm1aazQ1TkVZd2NuQnBWVkpqVWtSMk9WQkhNakZUV21wQlVHRXdjRWRoWnpGU1ltd3lRelEyVGpsMlRDMVRhRzlqWDNWbFUxaGxZWEJPYUZVNExWQjRNbWh5VWpjMVpqbEpXbUpyVTB0UlZ6bHVPVGRsTlRCQk5XSnFRbUZ0UVdKblowbFJkR2t4TkY5ZmJETmhMVTVYVXpKMldHOVBlVTF5VjAxdlYySkdkRVY1T1RKTmJYWXhRbEV0VjNKVlpIZFpNRTFaU1RJeFNGWXlTblZJWlVsMFh6ZDZTMnh2YzAxZlltVXRRVzFmZW5rd1NXMXlNQzU1ZVZCVFluZFJRVWhSV0ZSbVN5MWxhWEZ0TTFSUi5LLTJScUhuTFpKbHRXX2xSRFRaNHU5cUEyYzdBRk4tSjh3YkttS19Ud0o4IiwiZXhwIjoxNzQ3ODQ2MDQ2LCJpYXQiOjE3NDc4NDU3NDZ9.QbQuh-lA5dJpHxijlVmxAY2S64po-pHQtWcChP9hVOA\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"\"\n }\n ],\n \"_id\": 1\n }\n ],\n \"header\": \"Sign In\",\n \"description\": \"New here? Create an account
Forgot username? Forgot password?\"\n}" } ] }, { "name": "Step 2: Authenticate as Postman demo user", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", "}", "", "// Get custom cookie name\",", "var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());", "pm.collectionVariables.set(\"cookieName\", customCookieName);", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId');", "});", "", "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ] }, "description": "To respond to a callback, send back the whole JSON object with the missing `input` values filled.\n\nThis request shows how to respond to the NameCallback and PasswordCallback callbacks.\n\nOverride the values in this response to the callbacks by using the `amDemoUsername` and `amDemoPassword` Postman variables." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "private" }, { "key": "set-cookie", "value": "8a92ca506c38f08=HVnPV8DGgpgdHwNbSLOPbjPNPzw.*AAJTSQACMDIAAlNLABxyOXFidTlIV0IyelJCbnc2YnFTVHg1Sng3ZGs9AAR0eXBlAANDVFMAAlMxAAIwMQ..*; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "set-cookie", "value": "amlbcookie=01; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "content-api-version", "value": "resource=2.1" }, { "key": "expires", "value": "0" }, { "key": "pragma", "value": "no-cache" }, { "key": "content-type", "value": "application/json" }, { "key": "Content-Length", "value": "183" }, { "key": "date", "value": "Wed, 21 May 2025 18:25:01 GMT" }, { "key": "x-forgerock-transactionid", "value": "3abf6264-9bc5-4ef6-8cc5-25be9c6420e0" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"tokenId\": \"HVnPV8DGgpgdHwNbSLOPbjPNPzw.*AAJTSQACMDIAAlNLABxyOXFidTlIV0IyelJCbnc2YnFTVHg1Sng3ZGs9AAR0eXBlAANDVFMAAlMxAAIwMQ..*\",\n \"successUrl\": \"/enduser/?realm=/alpha\",\n \"realm\": \"/alpha\"\n}" } ] }, { "name": "Step 3: [User] Get Authorization Code", "event": [ { "listen": "test", "script": { "exec": [ "const querystring = require('querystring');", "location = pm.response.headers.get('location');", "params = {};", "", "if (location) {", " parts = location.split('?');", " if (1 in parts) {", " params = querystring.parse(parts[1]);", " }", "}", "", "if (params.code)", "{", " pm.globals.set(\"authorization_code\", params.code);", "}", "", "// Tests", "", "pm.test(\"Status code is 302\", () => {", " pm.expect(pm.response.code).to.eql(302);", "});", "", "pm.test(\"Response contains a location header\", () => {", " pm.expect(location).to.be.a(\"string\");", "});", "", "pm.test(\"Location header contains `code` argument\", () => {", " pm.expect(params.code).to.be.a(\"string\");", "});" ], "type": "text/javascript", "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ "function base64URLEncode(words) {", " return CryptoJS.enc.Base64.stringify(words)", " .replace(/\\+/g, '-')", " .replace(/\\//g, '_')", " .replace(/=/g, '');", "}", "const code_verifier = base64URLEncode(CryptoJS.lib.WordArray.random(50));", "const code_challenge = base64URLEncode(CryptoJS.SHA256(code_verifier));", "", "pm.globals.set(\"code_challenge\", code_challenge);", "pm.globals.set(\"code_verifier\", code_verifier);" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true, "followRedirects": false }, "request": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "scope", "value": "share", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" }, { "key": "response_type", "value": "code", "description": "Response types the client will support and use.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "csrf", "value": "{{demoSSOToken}}", "description": "SSO token of a user, to protect against cross-site request forgery.", "type": "text" }, { "key": "decision", "value": "allow", "description": "Decision that grants access to the authentication code. When using a browser, the user would consent that the client can access their information. This flow can be used machine-to-machine, by assuming consent, for example between two services provided by the same organization.", "type": "text" }, { "key": "code_challenge", "value": "{{code_challenge}}", "description": "The generated code challenge. See the \"Pre-request SCript\" tab for details.", "type": "text" }, { "key": "code_challenge_method", "value": "S256", "description": "The method used to generate the code challenge.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/authorize", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "authorize" ] }, "description": "Get the authorization code by making a call to the authorization server's authorization endpoint, specifying the SSO token of the user." }, "response": [ { "name": "Example (see headers)", "originalRequest": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "scope", "value": "share", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" }, { "key": "response_type", "value": "code", "description": "Response types the client will support and use.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "csrf", "value": "{{demoSSOToken}}", "description": "SSO token of a user, to protect against cross-site request forgery.", "type": "text" }, { "key": "decision", "value": "allow", "description": "Decision that grants access to the authentication code. When using a browser, the user would consent that the client can access their information. This flow can be used machine-to-machine, by assuming consent, for example between two services provided by the same organization.", "type": "text" }, { "key": "code_challenge", "value": "{{code_challenge}}", "description": "The generated code challenge. See the \"Pre-request SCript\" tab for details.", "type": "text" }, { "key": "code_challenge_method", "value": "S256", "description": "The method used to generate the code challenge.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/authorize", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "authorize" ] } }, "status": "Found", "code": 302, "_postman_previewlanguage": "plain", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "no-store" }, { "key": "location", "value": "https://httpbin.org/anything?code=u3h8YKSzNb7siYnCli3qKcNrZBc&iss=https%3A%2F%2Fopenam-docs-rapid.forgeblocks.com%3A443%2Fam%2Foauth2%2Frealms%2Froot%2Frealms%2Falpha&client_id=postmanConfidentialClient" }, { "key": "pragma", "value": "no-cache" }, { "key": "set-cookie", "value": "OAUTH_REQUEST_ATTRIBUTES=DELETED; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "Content-Length", "value": "0" }, { "key": "date", "value": "Wed, 21 May 2025 18:26:31 GMT" }, { "key": "x-forgerock-transactionid", "value": "24749c2f-5079-43db-baa0-1af96323e5ba" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "" } ] }, { "name": "Step 4: [User] Exchange the Authorization Code for an Access Token", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {} } }, { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "if(JSONResponse.access_token && JSONResponse.access_token != \"\")", "{", " pm.globals.set(\"access_token\", JSONResponse.access_token);", "}", "", "if(JSONResponse.refresh_token && JSONResponse.refresh_token != \"\")", "{", " pm.globals.set(\"refresh_token\", JSONResponse.refresh_token);", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(JSONResponse.access_token).to.be.a(\"string\");", "});", "", "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "authorization_code", "description": "The grant type required for the Authorization Code with PKCE grant.", "type": "text" }, { "key": "code", "value": "{{authorization_code}}", "description": "The authentication code from the previous step.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client.", "type": "text" }, { "key": "code_verifier", "value": "{{code_verifier}}", "description": "The generated code verifier. See the \"Pre-request Script\" tab of \"Step 2\" for details.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Authenticate with the authorization server using the details of the confidential client and the authorization code recieved in the previous call.\n" }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "authorization_code", "description": "The grant type required for the Authorization Code with PKCE grant.", "type": "text" }, { "key": "code", "value": "{{authorization_code}}", "description": "The authentication code from the previous step.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client.", "type": "text" }, { "key": "code_verifier", "value": "{{code_verifier}}", "description": "The generated code verifier. See the \"Pre-request Script\" tab of \"Step 2\" for details.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "no-store" }, { "key": "pragma", "value": "no-cache" }, { "key": "content-type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "2026" }, { "key": "date", "value": "Wed, 21 May 2025 18:27:16 GMT" }, { "key": "x-forgerock-transactionid", "value": "ba62bbcc-7331-402c-b4e1-e92b207efc11" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"access_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNzk2NGMzMWMtODVlNC00NmIwLWE0NTMtOGM1OTNiMjU4OGIyLTM4NjU4Iiwic3VibmFtZSI6IjZkMDUzN2IzLWU1MjMtNDgwZC05ZDBhLTg0ZDI1YWM3YTJlNSIsImlzcyI6Imh0dHBzOi8vb3BlbmFtLWRvY3MtcmFwaWQuZm9yZ2VibG9ja3MuY29tOjQ0My9hbS9vYXV0aDIvcmVhbG1zL3Jvb3QvcmVhbG1zL2FscGhhIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiN241cklVZlF0Q2dyZmZCa3dLdnM4bi1kSGRnIiwiY2xpZW50X2lkIjoicG9zdG1hbkNvbmZpZGVudGlhbENsaWVudCIsImF1ZCI6InBvc3RtYW5Db25maWRlbnRpYWxDbGllbnQiLCJuYmYiOjE3NDc4NTIwMzYsImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJzY29wZSI6WyJzaGFyZSJdLCJhdXRoX3RpbWUiOjE3NDc4NTE5MDEsInJlYWxtIjoiL2FscGhhIiwiZXhwIjoxNzQ3ODU1NjM2LCJpYXQiOjE3NDc4NTIwMzYsImV4cGlyZXNfaW4iOjM2MDAsImp0aSI6ImZ1U21KTTh5MUpZeWdJX1N3bTliZGt4ZEVhYyJ9.6dnFwksChg57KM5s5h-0H_0aN1QLro7dLSukpPrKEys\",\n \"refresh_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNzk2NGMzMWMtODVlNC00NmIwLWE0NTMtOGM1OTNiMjU4OGIyLTM4NjU5Iiwic3VibmFtZSI6IjZkMDUzN2IzLWU1MjMtNDgwZC05ZDBhLTg0ZDI1YWM3YTJlNSIsImlzcyI6Imh0dHBzOi8vb3BlbmFtLWRvY3MtcmFwaWQuZm9yZ2VibG9ja3MuY29tOjQ0My9hbS9vYXV0aDIvcmVhbG1zL3Jvb3QvcmVhbG1zL2FscGhhIiwidG9rZW5OYW1lIjoicmVmcmVzaF90b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJhdXRoR3JhbnRJZCI6IjduNXJJVWZRdENncmZmQmt3S3ZzOG4tZEhkZyIsImNsaWVudF9pZCI6InBvc3RtYW5Db25maWRlbnRpYWxDbGllbnQiLCJhdWQiOiJwb3N0bWFuQ29uZmlkZW50aWFsQ2xpZW50IiwiYWNyIjoiMCIsIm5iZiI6MTc0Nzg1MjAzNiwiZ3JhbnRfdHlwZSI6ImF1dGhvcml6YXRpb25fY29kZSIsInNjb3BlIjpbInNoYXJlIl0sImF1dGhfdGltZSI6MTc0Nzg1MTkwMSwicmVhbG0iOiIvYWxwaGEiLCJleHAiOjE3NDg0NTY4MzYsImlhdCI6MTc0Nzg1MjAzNiwiZXhwaXJlc19pbiI6NjA0ODAwLCJqdGkiOiJhTEUyRXI5ejROX3MzLXNnSlhRSk1xRzhRWFUifQ.GQG1bZT5vKNBz_XpqEABNhhP9ec2n6rAOaghFySAMf0\",\n \"scope\": \"share\",\n \"token_type\": \"Bearer\",\n \"expires_in\": 3599\n}" } ] }, { "name": "Step 5: Introspect the Access Token", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "const JSONResponse = pm.response.json();", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains correct `client_id`.\", function () {", " pm.expect(JSONResponse.client_id).to.eql(pm.collectionVariables.get(\"postmanConfidentialClientId\"));", "});", "", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{access_token}}", "description": "Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] }, "description": "Retrieve metadata about the active access token, such as, approved scopes, the user that authorized the token, and the expiry time." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{access_token}}", "description": "Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "content-type", "value": "application/json;charset=UTF-8" }, { "key": "date", "value": "Wed, 21 May 2025 18:28:15 GMT" }, { "key": "x-forgerock-transactionid", "value": "c6c15099-62a1-4eb9-9cdb-33017c0e6676" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" }, { "key": "Transfer-Encoding", "value": "chunked" } ], "cookie": [], "body": "{\n \"active\": true,\n \"scope\": \"share\",\n \"realm\": \"/alpha\",\n \"client_id\": \"postmanConfidentialClient\",\n \"user_id\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"username\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"token_type\": \"Bearer\",\n \"exp\": 1747855636,\n \"sub\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"iss\": \"https://openam-docs-rapid.forgeblocks.com:443/am/oauth2/realms/root/realms/alpha\",\n \"subname\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"auth_level\": 0,\n \"authGrantId\": \"7n5rIUfQtCgrffBkwKvs8n-dHdg\",\n \"auditTrackingId\": \"7964c31c-85e4-46b0-a453-8c593b2588b2-38658\",\n \"expires_in\": 3540\n}" } ] } ], "description": "The Authorization Code Grant, when combined with the PKCE standard (RFC 7636), is used when a client, usually a mobile or a JavaScript application, requires access to protected resources.\n\nThe flow is similar to the regular Authorization Code Grant type, but the client must generate a code that will be part of the communication between the client and the authorization server. This code mitigates against interception attacks performed by malicious users.\n\nSince communication between the client and the authorization server is not secure, clients are usually public so their secrets do not get compromised. Also, browser-based clients making OAuth 2.0 requests to different domains must implement Cross-Origin Resource Sharing (CORS) calls to access OAuth 2.0 resources in different domains.\n", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Implicit Grant", "item": [ { "name": "Step 1: Start Login Journey", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", "}", "", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('authId');", "});", "", "", "" ], "type": "text/javascript", "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "This collection documents version 2.1 of the authentication resource." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] }, "description": "To get started, log in to the authorization server using the credentials of the administator to receive an administrative SSO token needed for the following prerequisites. \n" }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "This collection documents version 2.1 of the authentication resource." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "private" }, { "key": "content-api-version", "value": "resource=2.1" }, { "key": "expires", "value": "0" }, { "key": "pragma", "value": "no-cache" }, { "key": "set-cookie", "value": "amlbcookie=01; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "content-type", "value": "application/json" }, { "key": "Content-Length", "value": "2574" }, { "key": "date", "value": "Wed, 21 May 2025 16:42:26 GMT" }, { "key": "x-forgerock-transactionid", "value": "e3721723-80d1-42c0-ba73-a8e972d9a103" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"authId\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3aGl0ZWxpc3Qtc3RhdGUiOiJlMjVmZWM2Ni05MGYwLTQ2NmEtYmM5Mi0zMjgxNzFkZjhhY2EiLCJhdXRoSW5kZXhWYWx1ZSI6IkxvZ2luIiwib3RrIjoiMmlrN2c2M203b203Yzlncm42NnNyc2hmdjEiLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2FscGhhIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNREUuKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU214aWJVMXBUMmxLUWsxVVNUUlJNRXBFVEZWb1ZFMXFWVEpKYVhkcFdWZDRia2xxYjJsYVIyeDVTVzR3TGk1dVN6UjRkbW8zTUZKVlJEZGxWbUYyYTNaSlQyOVJMa1puVW1KVkxXSnpNV3g2Y25sWmQyOXZUWEJDY1Vrek4wOXBORzlqU1ZNM2IyRTFkbkZUV1RCME9GcFZjWEl4VUV4Q1drbGZjRzVaTlVoVWNERnhORGM1UlRSTlpXbERZWFZqZWxWM1pYaHNTMVp1WjNZM05sVkxUMFpEY210aVJtbDZkekV0WmxkQlgxaE1UWEUyTm5sMk5GUllWMlJ0ZW1WMk1HcFVZbEJyTlRSWmQxZHVORk5mTW0xaU4ybDVWakp4TW1weGRVeFFNM0Z2ZGpKelVFVTVTVmxXU205elp5MUtNbkJmVlZVMGFYVmtZVWR5TFZaYWFYUjRUMlpaY2xoTFNUUXhZMkpOZDBOWlNuUTVjakJyVGtGaU5uSnFXWFJhTVcxTU9XWkdZbk5QVEdkVmRGOXlVelpXWjFjNGEyMDNaa1Z0VWtkRGMzQnljUzFMUW1SSlZrZFVZM05RZFhscFYyTnpRVFJXZDB4TlVHUXRTMFpmUkU5aWIzSlJaMDh5YWw5WldraG5OMFZoUm1adWJFdFJkVGxOY1dWSVoySmtXWGxtVmswM1FWRklSMFpNT1hGSU5Hc3djbU5RTTNvM0xUbFdPRGxaTkhGd09FSmlNelJrWDJGWFJsZFlURzlyWW5GcVF6WnFURGRmY0hRemJrdEJXVFJXWjBwWU5XUnpPVEYxUkdNelVrc3lSVFUzU1VoemFVRndObUpNVFhCVVZFRjFUbEpoVUU4NFlrZHlNVVprVFdoamJESkNZMVpqV2xvdFJqWm5XbGxJY1ZkSFNsbGhibGR6TmpGU1lWVlNSMk51Ums4MGIySXpXRGRLYjFsSlRHRldaMGRaUjNOTVRXbENlbXBuZWpkc2QyWlJVbVJ5VUdGT1Zta3hZMkpuY2pkM1NtMTFaVTQxY1VGTVZsazVUbWRpVHpJM1ozbGhZVFZYWld4T1ZscFpabEV6TldVNVdGOTNZMGc1YWpCZlQxbG9VR1kxTTA5RmF6Rm1aazQ1TkVZd2NuQnBWVkpqVWtSMk9WQkhNakZUV21wQlVHRXdjRWRoWnpGU1ltd3lRelEyVGpsMlRDMVRhRzlqWDNWbFUxaGxZWEJPYUZVNExWQjRNbWh5VWpjMVpqbEpXbUpyVTB0UlZ6bHVPVGRsTlRCQk5XSnFRbUZ0UVdKblowbFJkR2t4TkY5ZmJETmhMVTVYVXpKMldHOVBlVTF5VjAxdlYySkdkRVY1T1RKTmJYWXhRbEV0VjNKVlpIZFpNRTFaU1RJeFNGWXlTblZJWlVsMFh6ZDZTMnh2YzAxZlltVXRRVzFmZW5rd1NXMXlNQzU1ZVZCVFluZFJRVWhSV0ZSbVN5MWxhWEZ0TTFSUi5LLTJScUhuTFpKbHRXX2xSRFRaNHU5cUEyYzdBRk4tSjh3YkttS19Ud0o4IiwiZXhwIjoxNzQ3ODQ2MDQ2LCJpYXQiOjE3NDc4NDU3NDZ9.QbQuh-lA5dJpHxijlVmxAY2S64po-pHQtWcChP9hVOA\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"\"\n }\n ],\n \"_id\": 1\n }\n ],\n \"header\": \"Sign In\",\n \"description\": \"New here? Create an account
Forgot username? Forgot password?\"\n}" } ] }, { "name": "Step 2: Authenticate as Postman demo user", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", "}", "", "// Get custom cookie name\",", "var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());", "pm.collectionVariables.set(\"cookieName\", customCookieName);", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId');", "});", "", "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ] }, "description": "To respond to a callback, send back the whole JSON object with the missing `input` values filled.\n\nThis request shows how to respond to the NameCallback and PasswordCallback callbacks.\n\nOverride the values in this response to the callbacks by using the `amDemoUsername` and `amDemoPassword` Postman variables." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "private" }, { "key": "set-cookie", "value": "8a92ca506c38f08=DR3r-dQrPKQSi9_gMZCEU5rGeeY.*AAJTSQACMDIAAlNLABxMR2JzVVhoY1hXYUpmQlQvZkhHUStoZVEyREU9AAR0eXBlAANDVFMAAlMxAAIwMQ..*; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "set-cookie", "value": "amlbcookie=01; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "content-api-version", "value": "resource=2.1" }, { "key": "expires", "value": "0" }, { "key": "pragma", "value": "no-cache" }, { "key": "content-type", "value": "application/json" }, { "key": "Content-Length", "value": "183" }, { "key": "date", "value": "Wed, 21 May 2025 18:29:35 GMT" }, { "key": "x-forgerock-transactionid", "value": "444d5dfe-c229-4e16-bfc0-f5bf3b03c9e8" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"tokenId\": \"DR3r-dQrPKQSi9_gMZCEU5rGeeY.*AAJTSQACMDIAAlNLABxMR2JzVVhoY1hXYUpmQlQvZkhHUStoZVEyREU9AAR0eXBlAANDVFMAAlMxAAIwMQ..*\",\n \"successUrl\": \"/enduser/?realm=/alpha\",\n \"realm\": \"/alpha\"\n}" } ] }, { "name": "Step 3: [User] Get Access Token", "event": [ { "listen": "test", "script": { "exec": [ "function QueryStringToJSON(qs) { ", " var keyvaluepairs = qs.slice(qs.indexOf(\"#\")+1).split('&');", " ", " var result = {};", " keyvaluepairs.forEach(function(keyvaluepair) {", " keyvaluepair = keyvaluepair.split('=');", " result[keyvaluepair[0]] = decodeURIComponent(keyvaluepair[1] || '');", " });", " return JSON.parse(JSON.stringify(result));", "}", "", "if(pm.response.code == 302)", "{", " let redirectLocation = QueryStringToJSON(pm.response.headers.get(\"Location\"));", " pm.globals.set(\"implicitGrantAccessToken\", redirectLocation.access_token);", "}", "else", "{", " pm.globals.set(\"implicitGrantAccessToken\", \"ERROR: 302 not returned!\");", "}", "", "// TESTS", "", "pm.test(\"Follow redirects is NOT enabled in Postman (Status code is 302)\", () => {", " // If response was 302, ensure Postman is following redirects. ", " pm.response.to.have.status(302);", "});", "", "pm.test(\"Response `Location` header contained `access_token` parameter\", () => {", " let redirectLocation = QueryStringToJSON(pm.response.headers.get(\"Location\"));", " pm.expect(redirectLocation.access_token).to.be.a(\"string\");", "});", "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "followRedirects": false, "disableCookies": true }, "request": { "auth": { "type": "basic", "basic": [ { "key": "password", "value": "{{postmanClientSecret}}", "type": "string" }, { "key": "username", "value": "{{postmanPublicClientId}}", "type": "string" } ] }, "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "type": "text" }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_id", "value": "{{postmanPublicClientId}}", "description": "The ID of the Public OAuth Client.", "type": "text" }, { "key": "response_type", "value": "token", "description": "Response types the client will support and use.", "type": "text" }, { "key": "scope", "value": "write", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" }, { "key": "decision", "value": "allow", "description": "Decision that grants access to the authentication code. When using a browser, the user would consent that the client can access their information. This flow can be used machine-to-machine, by assuming consent, for example between two services provided by the same organization.", "type": "text" }, { "key": "csrf", "value": "{{demoSSOToken}}", "description": "SSO token of a user, to protect against cross-site request forgery.", "type": "text" }, { "key": "state", "value": "abc123", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/authorize", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "authorize" ] } }, "response": [ { "name": "Example (see headers)", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "type": "text" }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_id", "value": "{{postmanPublicClientId}}", "description": "The ID of the Public OAuth Client.", "type": "text" }, { "key": "response_type", "value": "token", "description": "Response types the client will support and use.", "type": "text" }, { "key": "scope", "value": "write", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" }, { "key": "decision", "value": "allow", "description": "Decision that grants access to the authentication code. When using a browser, the user would consent that the client can access their information. This flow can be used machine-to-machine, by assuming consent, for example between two services provided by the same organization.", "type": "text" }, { "key": "csrf", "value": "{{demoSSOToken}}", "description": "SSO token of a user, to protect against cross-site request forgery.", "type": "text" }, { "key": "state", "value": "abc123", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/authorize", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "authorize" ] } }, "status": "Found", "code": 302, "_postman_previewlanguage": "plain", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "no-store" }, { "key": "location", "value": "https://httpbin.org/anything#access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNzk2NGMzMWMtODVlNC00NmIwLWE0NTMtOGM1OTNiMjU4OGIyLTM5NDI3Iiwic3VibmFtZSI6IjZkMDUzN2IzLWU1MjMtNDgwZC05ZDBhLTg0ZDI1YWM3YTJlNSIsImlzcyI6Imh0dHBzOi8vb3BlbmFtLWRvY3MtcmFwaWQuZm9yZ2VibG9ja3MuY29tOjQ0My9hbS9vYXV0aDIvcmVhbG1zL3Jvb3QvcmVhbG1zL2FscGhhIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiRVpPbnFxLWZMUXJWOFptdmlyX3pCNkdCeVFvIiwiY2xpZW50X2lkIjoicG9zdG1hblB1YmxpY0NsaWVudCIsImF1ZCI6InBvc3RtYW5QdWJsaWNDbGllbnQiLCJuYmYiOjE3NDc4NTIyMTQsImdyYW50X3R5cGUiOiJ0b2tlbiIsInNjb3BlIjpbIndyaXRlIl0sImF1dGhfdGltZSI6MTc0Nzg1MjE3NSwicmVhbG0iOiIvYWxwaGEiLCJleHAiOjE3NDc4NTU4MTQsImlhdCI6MTc0Nzg1MjIxNCwiZXhwaXJlc19pbiI6MzYwMCwianRpIjoiMnZpZGJwcHJ5YzNqLWlFOVBUYmEyYzc4WDljIn0.BlOYpkVzY5p1-Oqe0KhB1SYDQZpiUTXulNAK5sridTc&iss=https://openam-docs-rapid.forgeblocks.com:443/am/oauth2/realms/root/realms/alpha&state=abc123&token_type=Bearer&expires_in=3599&client_id=postmanPublicClient" }, { "key": "pragma", "value": "no-cache" }, { "key": "set-cookie", "value": "OAUTH_REQUEST_ATTRIBUTES=DELETED; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "Content-Length", "value": "0" }, { "key": "date", "value": "Wed, 21 May 2025 18:30:14 GMT" }, { "key": "x-forgerock-transactionid", "value": "dd3cf75b-ab51-49ac-8d92-deee30868a0a" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "" } ] }, { "name": "Step 4: Introspect the Access Token", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "const JSONResponse = pm.response.json();", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains correct `client_id`.\", function () {", " pm.expect(JSONResponse.client_id).to.eql(pm.collectionVariables.get(\"postmanPublicClientId\"));", "});", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{implicitGrantAccessToken}}", "description": "Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the public OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] }, "description": "Retrieve metadata about the active access token, such as, approved scopes, the user that authorized the token, and the expiry time." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{implicitGrantAccessToken}}", "description": "Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the public OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "content-type", "value": "application/json;charset=UTF-8" }, { "key": "date", "value": "Wed, 21 May 2025 18:31:23 GMT" }, { "key": "x-forgerock-transactionid", "value": "706ee1d5-5923-4478-8fe2-9d24c1ed322f" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" }, { "key": "Transfer-Encoding", "value": "chunked" } ], "cookie": [], "body": "{\n \"active\": true,\n \"scope\": \"write\",\n \"realm\": \"/alpha\",\n \"client_id\": \"postmanPublicClient\",\n \"user_id\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"username\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"token_type\": \"Bearer\",\n \"exp\": 1747855814,\n \"sub\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"iss\": \"https://openam-docs-rapid.forgeblocks.com:443/am/oauth2/realms/root/realms/alpha\",\n \"subname\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"auth_level\": 0,\n \"authGrantId\": \"EZOnqq-fLQrV8Zmvir_zB6GByQo\",\n \"auditTrackingId\": \"7964c31c-85e4-46b0-a453-8c593b2588b2-39427\",\n \"expires_in\": 3530\n}" } ] } ], "description": "The Implicit grant is designed for public clients that run inside the resource owner's user-agent, for example, JavaScript applications.\n\nSince applications running in the user-agent are considered less trusted than applications running in servers, the authorization server will never issue refresh tokens in this flow. There is a security impact of cross-site scripting (XSS) attacks that could leak the access token to other systems, and implement Cross-Origin Resource Sharing (CORS) to make OAuth 2.0 requests to different domains.\n\nDue to the security implications of this flow, it is recommended to use the Authorization Code grant with PKCE flow whenever possible.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Resource Owner Password Credentials Grant", "item": [ { "name": "Step 1: Get Access Token as a Demo User", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "if(JSONResponse.access_token && JSONResponse.access_token != \"\")", "{", " pm.globals.set(\"access_token\", JSONResponse.access_token);", "}", "", "if(JSONResponse.refresh_token && JSONResponse.refresh_token != \"\")", "{", " pm.globals.set(\"refresh_token\", JSONResponse.refresh_token);", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(JSONResponse.access_token).to.be.a(\"string\");", "});", "" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "password", "description": "The grant type required for the Resource Owner Password Credentials Grant.", "type": "text" }, { "key": "username", "value": "{{postmanDemoUsername}}", "description": "Username for a demo user.", "type": "text" }, { "key": "password", "value": "{{postmanDemoPassword}}", "description": "Password for a demo user.", "type": "text" }, { "key": "scope", "value": "write", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Sends the confidential client credentials to the authorization server to get authenticated, and request an access token." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "password", "description": "The grant type required for the Resource Owner Password Credentials Grant.", "type": "text" }, { "key": "username", "value": "{{postmanDemoUsername}}", "description": "Username for a demo user.", "type": "text" }, { "key": "password", "value": "{{postmanDemoPassword}}", "description": "Password for a demo user.", "type": "text" }, { "key": "scope", "value": "write", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client. See the ForgeRock documentation for stronger methods of client authentication.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "no-store" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Content-Type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "1570" }, { "key": "Date", "value": "Thu, 13 Aug 2020 12:16:52 GMT" } ], "cookie": [], "body": "{\n \"access_token\": \"eyJ0eXAiJ9.eyJzdWIiOiJkZPXXcM\",\n \"refresh_token\": \"eyJ0eXAiOiJKV1QiLC.eyl0VHJXpdhFiWDw\",\n \"scope\": \"write\",\n \"token_type\": \"Bearer\",\n \"expires_in\": 3599\n}" } ] }, { "name": "Step 2: Introspect the Access Token ", "event": [ { "listen": "test", "script": { "exec": [ "", "// Tests", "", "const JSONResponse = pm.response.json();", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains correct `client_id`.\", function () {", " pm.expect(JSONResponse.client_id).to.eql(pm.collectionVariables.get(\"postmanConfidentialClientId\"));", "});", "", "", "" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{access_token}}", "description": "Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] }, "description": "Retrieve metadata about the active access token, such as, approved scopes, the user that authorized the token, and the expiry time." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{access_token}}", "description": "Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Content-Type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "351" }, { "key": "Date", "value": "Thu, 13 Aug 2020 12:17:03 GMT" } ], "cookie": [], "body": "{\n \"active\": true,\n \"scope\": \"write\",\n \"realm\": \"/\",\n \"client_id\": \"forgerockDemoConfidentialClient\",\n \"user_id\": \"demo\",\n \"token_type\": \"Bearer\",\n \"exp\": 1597324612,\n \"sub\": \"demo\",\n \"iss\": \"http://openam.example.com:8080/openam/oauth2\",\n \"auth_level\": 0,\n \"authGrantId\": \"HAQs5GyHyZvbj_bOkdX9Ul03lh0\",\n \"auditTrackingId\": \"037f02f9-d821-4f72-8563-c5050c40fdc3-52010\",\n \"expires_in\": 3600\n}" } ] } ], "description": "The Resource Owner Password Credentials (ROPC) grant flow allows the client to use the resource owner's user name and password to get an access token.\n\nSince the resource owner shares their credentials with the client, this flow is deemed the most insecure of the OAuth 2.0 flows. The resource owner's credentials can potentially be leaked or abused by the client application, and the resource owner has no control over the authorization process.\n\nYou should implement the ROPC grant flow only if the resource owner has a trust relationship with the client (such as the device operating system, or a highly privileged application).", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Client Credentials Grant", "item": [ { "name": "Step 1: Get Access Token as a Confidential Client", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "if(JSONResponse.access_token && JSONResponse.access_token != \"\")", "{", " pm.globals.set(\"access_token\", JSONResponse.access_token);", "}", "", "if(JSONResponse.refresh_token && JSONResponse.refresh_token != \"\")", "{", " pm.globals.set(\"refresh_token\", JSONResponse.refresh_token);", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(JSONResponse.access_token).to.be.a(\"string\");", "});", "" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "client_credentials", "description": "The grant type required for the Client Credentials grant.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client. See the ForgeRock documentation for stronger methods of client authentication.", "type": "text" }, { "key": "scope", "value": "print", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Sends the confidential client credentials to the authorization server to get authenticated, and request an access token." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "name": "Content-Type", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "client_credentials", "description": "The grant type required for the Client Credentials grant.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client. See the ForgeRock documentation for stronger methods of client authentication.", "type": "text" }, { "key": "scope", "value": "print", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "no-store" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Content-Type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "840" }, { "key": "Date", "value": "Thu, 13 Aug 2020 12:17:13 GMT" } ], "cookie": [], "body": "{\n \"access_token\": \"eyJ0eXAiJ9.eyJzdWIiOiJkZPXXcM\",\n \"scope\": \"print\",\n \"token_type\": \"Bearer\",\n \"expires_in\": 3599\n}" } ] }, { "name": "Step 2: Introspect the Access Token ", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "const JSONResponse = pm.response.json();", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains correct `client_id`.\", function () {", " pm.expect(JSONResponse.client_id).to.eql(pm.collectionVariables.get(\"postmanConfidentialClientId\"));", "});", "", "", "" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{access_token}}", "description": "Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] }, "description": "Retrieve metadata about the active access token, such as, approved scopes, the user that authorized the token, and the expiry time." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{access_token}}", "description": "Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Content-Type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "390" }, { "key": "Date", "value": "Thu, 13 Aug 2020 12:17:22 GMT" } ], "cookie": [], "body": "{\n \"active\": true,\n \"scope\": \"print\",\n \"realm\": \"/\",\n \"client_id\": \"forgerockDemoConfidentialClient\",\n \"user_id\": \"forgerockDemoConfidentialClient\",\n \"token_type\": \"Bearer\",\n \"exp\": 1597324633,\n \"sub\": \"forgerockDemoConfidentialClient\",\n \"iss\": \"http://openam.example.com:8080/openam/oauth2\",\n \"authGrantId\": \"5tq7oSZ62txPaK80X3Mdex4zzew\",\n \"auditTrackingId\": \"037f02f9-d821-4f72-8563-c5050c40fdc3-52181\",\n \"expires_in\": 3600\n}" } ] } ], "description": "The Client Credentials grant is used when a client is also the resource owner and is accessing its own data instead of acting in behalf of a user. For example, an application that needs access to a protected resource to retrieve its own data to perform a task, or update its configuration, would use the Client Credentials grant to acquire an access token.\n\nThe Client Credentials Grant flow supports confidential clients only.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Device Flow", "item": [ { "name": "Step 1: Start Login Journey", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", "}", "", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('authId');", "});", "", "", "" ], "type": "text/javascript", "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "This collection documents version 2.1 of the authentication resource." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] }, "description": "To get started, log in to the authorization server using the credentials of the administator to receive an administrative SSO token needed for the following prerequisites. \n" }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "This collection documents version 2.1 of the authentication resource." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "private" }, { "key": "content-api-version", "value": "resource=2.1" }, { "key": "expires", "value": "0" }, { "key": "pragma", "value": "no-cache" }, { "key": "set-cookie", "value": "amlbcookie=01; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "content-type", "value": "application/json" }, { "key": "Content-Length", "value": "2574" }, { "key": "date", "value": "Wed, 21 May 2025 16:42:26 GMT" }, { "key": "x-forgerock-transactionid", "value": "e3721723-80d1-42c0-ba73-a8e972d9a103" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"authId\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3aGl0ZWxpc3Qtc3RhdGUiOiJlMjVmZWM2Ni05MGYwLTQ2NmEtYmM5Mi0zMjgxNzFkZjhhY2EiLCJhdXRoSW5kZXhWYWx1ZSI6IkxvZ2luIiwib3RrIjoiMmlrN2c2M203b203Yzlncm42NnNyc2hmdjEiLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2FscGhhIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNREUuKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU214aWJVMXBUMmxLUWsxVVNUUlJNRXBFVEZWb1ZFMXFWVEpKYVhkcFdWZDRia2xxYjJsYVIyeDVTVzR3TGk1dVN6UjRkbW8zTUZKVlJEZGxWbUYyYTNaSlQyOVJMa1puVW1KVkxXSnpNV3g2Y25sWmQyOXZUWEJDY1Vrek4wOXBORzlqU1ZNM2IyRTFkbkZUV1RCME9GcFZjWEl4VUV4Q1drbGZjRzVaTlVoVWNERnhORGM1UlRSTlpXbERZWFZqZWxWM1pYaHNTMVp1WjNZM05sVkxUMFpEY210aVJtbDZkekV0WmxkQlgxaE1UWEUyTm5sMk5GUllWMlJ0ZW1WMk1HcFVZbEJyTlRSWmQxZHVORk5mTW0xaU4ybDVWakp4TW1weGRVeFFNM0Z2ZGpKelVFVTVTVmxXU205elp5MUtNbkJmVlZVMGFYVmtZVWR5TFZaYWFYUjRUMlpaY2xoTFNUUXhZMkpOZDBOWlNuUTVjakJyVGtGaU5uSnFXWFJhTVcxTU9XWkdZbk5QVEdkVmRGOXlVelpXWjFjNGEyMDNaa1Z0VWtkRGMzQnljUzFMUW1SSlZrZFVZM05RZFhscFYyTnpRVFJXZDB4TlVHUXRTMFpmUkU5aWIzSlJaMDh5YWw5WldraG5OMFZoUm1adWJFdFJkVGxOY1dWSVoySmtXWGxtVmswM1FWRklSMFpNT1hGSU5Hc3djbU5RTTNvM0xUbFdPRGxaTkhGd09FSmlNelJrWDJGWFJsZFlURzlyWW5GcVF6WnFURGRmY0hRemJrdEJXVFJXWjBwWU5XUnpPVEYxUkdNelVrc3lSVFUzU1VoemFVRndObUpNVFhCVVZFRjFUbEpoVUU4NFlrZHlNVVprVFdoamJESkNZMVpqV2xvdFJqWm5XbGxJY1ZkSFNsbGhibGR6TmpGU1lWVlNSMk51Ums4MGIySXpXRGRLYjFsSlRHRldaMGRaUjNOTVRXbENlbXBuZWpkc2QyWlJVbVJ5VUdGT1Zta3hZMkpuY2pkM1NtMTFaVTQxY1VGTVZsazVUbWRpVHpJM1ozbGhZVFZYWld4T1ZscFpabEV6TldVNVdGOTNZMGc1YWpCZlQxbG9VR1kxTTA5RmF6Rm1aazQ1TkVZd2NuQnBWVkpqVWtSMk9WQkhNakZUV21wQlVHRXdjRWRoWnpGU1ltd3lRelEyVGpsMlRDMVRhRzlqWDNWbFUxaGxZWEJPYUZVNExWQjRNbWh5VWpjMVpqbEpXbUpyVTB0UlZ6bHVPVGRsTlRCQk5XSnFRbUZ0UVdKblowbFJkR2t4TkY5ZmJETmhMVTVYVXpKMldHOVBlVTF5VjAxdlYySkdkRVY1T1RKTmJYWXhRbEV0VjNKVlpIZFpNRTFaU1RJeFNGWXlTblZJWlVsMFh6ZDZTMnh2YzAxZlltVXRRVzFmZW5rd1NXMXlNQzU1ZVZCVFluZFJRVWhSV0ZSbVN5MWxhWEZ0TTFSUi5LLTJScUhuTFpKbHRXX2xSRFRaNHU5cUEyYzdBRk4tSjh3YkttS19Ud0o4IiwiZXhwIjoxNzQ3ODQ2MDQ2LCJpYXQiOjE3NDc4NDU3NDZ9.QbQuh-lA5dJpHxijlVmxAY2S64po-pHQtWcChP9hVOA\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"\"\n }\n ],\n \"_id\": 1\n }\n ],\n \"header\": \"Sign In\",\n \"description\": \"New here? Create an account
Forgot username? Forgot password?\"\n}" } ] }, { "name": "Step 2: Authenticate as Postman demo user", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", "}", "", "// Get custom cookie name\",", "var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());", "pm.collectionVariables.set(\"cookieName\", customCookieName);", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId');", "});", "", "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ] }, "description": "To respond to a callback, send back the whole JSON object with the missing `input` values filled.\n\nThis request shows how to respond to the NameCallback and PasswordCallback callbacks.\n\nOverride the values in this response to the callbacks by using the `amDemoUsername` and `amDemoPassword` Postman variables." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "private" }, { "key": "set-cookie", "value": "8a92ca506c38f08=P4vm2KLSHNbhTmnnDpZMaXDf93Q.*AAJTSQACMDIAAlNLABxNYkwxSUU3bTFlQzFjOHNrc25zSmgyOHBxRjA9AAR0eXBlAANDVFMAAlMxAAIwMQ..*; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "set-cookie", "value": "amlbcookie=01; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "content-api-version", "value": "resource=2.1" }, { "key": "expires", "value": "0" }, { "key": "pragma", "value": "no-cache" }, { "key": "content-type", "value": "application/json" }, { "key": "Content-Length", "value": "183" }, { "key": "date", "value": "Wed, 21 May 2025 18:32:10 GMT" }, { "key": "x-forgerock-transactionid", "value": "3601a980-056d-475b-a9d1-523426cf4bff" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"tokenId\": \"P4vm2KLSHNbhTmnnDpZMaXDf93Q.*AAJTSQACMDIAAlNLABxNYkwxSUU3bTFlQzFjOHNrc25zSmgyOHBxRjA9AAR0eXBlAANDVFMAAlMxAAIwMQ..*\",\n \"successUrl\": \"/enduser/?realm=/alpha\",\n \"realm\": \"/alpha\"\n}" } ] }, { "name": "Step 3: [User] Get User Code and Device Code", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "if(pm.response.code == 200)", "{", " if(JSONResponse.user_code && JSONResponse.user_code != \"\") {", " pm.globals.set(\"user_code\", JSONResponse.user_code);", " }", "", " if(JSONResponse.device_code && JSONResponse.device_code != \"\") {", " pm.globals.set(\"device_code\", JSONResponse.device_code);", " }", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains `user_code`.\", function () {", " pm.expect(JSONResponse.user_code).to.be.a(\"string\");", "});", "", "pm.test(\"Response contains `device_code`.\", function () {", " pm.expect(JSONResponse.device_code).to.be.a(\"string\");", "});", "", "", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "response_type", "value": "device_code", "description": "Response types this client will support and use.", "type": "text" }, { "key": "client_id", "value": "{{postmanPublicClientId}}", "description": "The ID of the public OAuth Client.", "type": "text" }, { "key": "scope", "value": "write", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/device/code", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "device", "code" ] }, "description": "Receive a user code and a device code, which can be used to provide consent.\n\n" }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "response_type", "value": "device_code", "description": "Response types this client will support and use.", "type": "text" }, { "key": "client_id", "value": "{{postmanPublicClientId}}", "description": "The ID of the public OAuth Client.", "type": "text" }, { "key": "scope", "value": "write", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/device/code", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "device", "code" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "content-type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "920" }, { "key": "date", "value": "Wed, 21 May 2025 18:32:37 GMT" }, { "key": "x-forgerock-transactionid", "value": "a3f04694-bfc2-454c-9188-1953a99eaa64" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"user_code\": \"LxmdsAtj\",\n \"device_code\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJodHRwczovL29wZW5hbS1kb2NzLXJhcGlkLmZvcmdlYmxvY2tzLmNvbTo0NDMvYW0vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hbHBoYSIsIm5iZiI6MTc0Nzg1MjM1NywidXNlcl9jb2RlIjoiTHhtZHNBdGoiLCJpc3MiOiJodHRwczovL29wZW5hbS1kb2NzLXJhcGlkLmZvcmdlYmxvY2tzLmNvbTo0NDMvYW0vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hbHBoYSIsImV4cCI6MTc0Nzg1MjY1NywiaWF0IjoxNzQ3ODUyMzU3LCJqdGkiOiJjOWI4ZjM2Mi03ZGRhLTQ5N2YtYWVhMC0zZWUzMTg3MjYxYTAifQ.RTVs3t3iykJezXT8kdpQajMrRN849cANDD6yOmmpyXw\",\n \"interval\": 5,\n \"verification_uri_complete\": \"https://openam-example.forgeblocks.com:443/am/oauth2/realms/root/realms/alpha/device/user?user_code=LxmdsAtj\",\n \"verification_uri\": \"https://openam-example.forgeblocks.com:443/am/oauth2/realms/root/realms/alpha/device/user\",\n \"expires_in\": 300,\n \"verification_url\": \"https://openam-example.forgeblocks.com:443/am/oauth2/realms/root/realms/alpha/device/user\"\n}" } ] }, { "name": "Step 4: Grant Consent Using the User Code", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains 'done: true'.\",() => {", " pm.expect(pm.response.text()).to.include(\"done: true\");", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "description": "SSO token to protect against cross-site request forgery.", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "decision", "value": "allow", "description": "Decision that grants access to the scopes in the request (to the client).", "type": "text" }, { "key": "csrf", "value": "{{demoSSOToken}}", "description": "SSO token to protect against cross-site request forgery.", "type": "text" }, { "key": "user_code", "value": "{{user_code}}", "description": "The user code for the device.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/device/user", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "device", "user" ] }, "description": "Grants consent using the user code recieved in the previous call to allow the client device to access resources." }, "response": [ { "name": "Example (page contains \"done: true\")", "originalRequest": { "method": "POST", "header": [ { "key": "Cookie", "value": "{{demoSSOToken}}", "description": "SSO token to protect against cross-site request forgery.", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "decision", "value": "allow", "description": "Decision that grants access to the scopes in the request (to the client).", "type": "text" }, { "key": "csrf", "value": "{{demoSSOToken}}", "description": "SSO token to protect against cross-site request forgery.", "type": "text" }, { "key": "user_code", "value": "{{user_code}}", "description": "The user code for the device.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/device/user", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "device", "user" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "html", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Content-Type", "value": "text/html;charset=UTF-8" }, { "key": "Content-Length", "value": "969" }, { "key": "Date", "value": "Thu, 13 Aug 2020 12:17:57 GMT" } ], "cookie": [], "body": "\n\n\n \n \n \n \n \n OAuth2 Authorization Server\n \n \n
Loading...
\n
\n \n \n \n" } ] }, { "name": "Step 5: [User] Poll for Authorization", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "if(JSONResponse.access_token && JSONResponse.access_token != \"\")", "{", " pm.globals.set(\"access_token\", JSONResponse.access_token);", "}", "", "if(JSONResponse.refresh_token && JSONResponse.refresh_token != \"\")", "{", " pm.globals.set(\"refresh_token\", JSONResponse.refresh_token);", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Status code is not 400 - Polling too Quickly\", () => {", " // The polling interval has not elapsed since the last request. ", " pm.expect(pm.response.code).to.not.eql(400);", "});", "", "pm.test(\"Status code is not 401 - Token not valid\", () => {", " // The request contains a token no longer valid. ", " pm.expect(pm.response.code).to.not.eql(401);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(JSONResponse.access_token).to.be.a(\"string\");", "});", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_id", "value": "{{postmanPublicClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "grant_type", "value": "http://oauth.net/grant_type/device/1.0", "description": "Grant types needed for the Device Flow grant. ", "type": "text" }, { "key": "code", "value": "{{device_code}}", "description": "The device code for the device.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Poll the authorization server for an access token, to find out whether the resource owner has already given consent or not." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_id", "value": "{{postmanPublicClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "grant_type", "value": "http://oauth.net/grant_type/device/1.0", "description": "Grant types needed for the Device Flow grant. ", "type": "text" }, { "key": "code", "value": "{{device_code}}", "description": "The device code for the device.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "no-store" }, { "key": "pragma", "value": "no-cache" }, { "key": "content-type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "2034" }, { "key": "date", "value": "Wed, 21 May 2025 18:35:59 GMT" }, { "key": "x-forgerock-transactionid", "value": "ecbbfab3-cf3e-4966-9246-34c8d8a2364e" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"access_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNzk2NGMzMWMtODVlNC00NmIwLWE0NTMtOGM1OTNiMjU4OGIyLTQwNjQ0Iiwic3VibmFtZSI6IjZkMDUzN2IzLWU1MjMtNDgwZC05ZDBhLTg0ZDI1YWM3YTJlNSIsImlzcyI6Imh0dHBzOi8vb3BlbmFtLWRvY3MtcmFwaWQuZm9yZ2VibG9ja3MuY29tOjQ0My9hbS9vYXV0aDIvcmVhbG1zL3Jvb3QvcmVhbG1zL2FscGhhIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiVUd2WGtNV1dtenJVYWtTRjY4VkF1bHVrMnhvIiwiY2xpZW50X2lkIjoicG9zdG1hblB1YmxpY0NsaWVudCIsImF1ZCI6InBvc3RtYW5QdWJsaWNDbGllbnQiLCJuYmYiOjE3NDc4NTI1NTksImdyYW50X3R5cGUiOiJodHRwOi8vb2F1dGgubmV0L2dyYW50X3R5cGUvZGV2aWNlLzEuMCIsInNjb3BlIjpbIndyaXRlIl0sImF1dGhfdGltZSI6MTc0Nzg1MjMzMCwicmVhbG0iOiIvYWxwaGEiLCJleHAiOjE3NDc4NTYxNTksImlhdCI6MTc0Nzg1MjU1OSwiZXhwaXJlc19pbiI6MzYwMCwianRpIjoiNzVVYTZ1cWViRnRRdjhBN1lLN0NodE9kd2dvIn0.-hCf0caJ7YkMXl9Nc-8YBDfEZtAzIXwET6BIj67Dc0Y\",\n \"refresh_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNzk2NGMzMWMtODVlNC00NmIwLWE0NTMtOGM1OTNiMjU4OGIyLTQwNjQ1Iiwic3VibmFtZSI6IjZkMDUzN2IzLWU1MjMtNDgwZC05ZDBhLTg0ZDI1YWM3YTJlNSIsImlzcyI6Imh0dHBzOi8vb3BlbmFtLWRvY3MtcmFwaWQuZm9yZ2VibG9ja3MuY29tOjQ0My9hbS9vYXV0aDIvcmVhbG1zL3Jvb3QvcmVhbG1zL2FscGhhIiwidG9rZW5OYW1lIjoicmVmcmVzaF90b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJhdXRoR3JhbnRJZCI6IlVHdlhrTVdXbXpyVWFrU0Y2OFZBdWx1azJ4byIsImNsaWVudF9pZCI6InBvc3RtYW5QdWJsaWNDbGllbnQiLCJhdWQiOiJwb3N0bWFuUHVibGljQ2xpZW50IiwibmJmIjoxNzQ3ODUyNTU5LCJncmFudF90eXBlIjoiaHR0cDovL29hdXRoLm5ldC9ncmFudF90eXBlL2RldmljZS8xLjAiLCJzY29wZSI6WyJ3cml0ZSJdLCJhdXRoX3RpbWUiOjE3NDc4NTIzMzAsInJlYWxtIjoiL2FscGhhIiwiZXhwIjoxNzQ4NDU3MzU5LCJpYXQiOjE3NDc4NTI1NTksImV4cGlyZXNfaW4iOjYwNDgwMCwianRpIjoibXpvSkNXWWcxVEFmUndnTGROcWotZVprMEZzIn0.h8R6dYV7f6nzCo2j-IkjpMA0z5jQatEXrQtDFwM7-9o\",\n \"scope\": \"write\",\n \"token_type\": \"Bearer\",\n \"expires_in\": 3599\n}" } ] }, { "name": "Step 6: Introspect the Access Token", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "const JSONResponse = pm.response.json();", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains correct `client_id`.\", function () {", " pm.expect(JSONResponse.client_id).to.eql(pm.collectionVariables.get(\"postmanPublicClientId\"));", "});", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{access_token}}", "description": "Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the public OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] }, "description": "Retrieve metadata about the active access token, such as, approved scopes, the user that authorized the token, and the expiry time." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{access_token}}", "description": "Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the public OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "content-type", "value": "application/json;charset=UTF-8" }, { "key": "date", "value": "Wed, 21 May 2025 18:36:41 GMT" }, { "key": "x-forgerock-transactionid", "value": "544ee29a-5957-44dd-8efe-c13c01ed35e6" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" }, { "key": "Transfer-Encoding", "value": "chunked" } ], "cookie": [], "body": "{\n \"active\": true,\n \"scope\": \"write\",\n \"realm\": \"/alpha\",\n \"client_id\": \"postmanPublicClient\",\n \"user_id\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"username\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"token_type\": \"Bearer\",\n \"exp\": 1747856159,\n \"sub\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"iss\": \"https://openam-docs-rapid.forgeblocks.com:443/am/oauth2/realms/root/realms/alpha\",\n \"subname\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"auth_level\": 0,\n \"authGrantId\": \"UGvXkMWWmzrUakSF68VAuluk2xo\",\n \"auditTrackingId\": \"7964c31c-85e4-46b0-a453-8c593b2588b2-40644\",\n \"expires_in\": 3557\n}" } ] } ], "description": "The Device Flow is designed for client devices that have limited user interfaces, such as a set-top box, streaming radio, or a server process running on a headless operating system.\n\nRather than logging in by using the client device itself, you can authorize the client to access protected resources on your behalf by logging in with a different user agent, such as an Internet browser or smartphone, and entering a code displayed on the client device.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Device Flow with PKCE", "item": [ { "name": "Step 1: Start Login Journey", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", "}", "", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('authId');", "});", "", "", "" ], "type": "text/javascript", "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "This collection documents version 2.1 of the authentication resource." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] }, "description": "To get started, log in to the authorization server using the credentials of the administator to receive an administrative SSO token needed for the following prerequisites. \n" }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "This collection documents version 2.1 of the authentication resource." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "private" }, { "key": "content-api-version", "value": "resource=2.1" }, { "key": "expires", "value": "0" }, { "key": "pragma", "value": "no-cache" }, { "key": "set-cookie", "value": "amlbcookie=01; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "content-type", "value": "application/json" }, { "key": "Content-Length", "value": "2574" }, { "key": "date", "value": "Wed, 21 May 2025 16:42:26 GMT" }, { "key": "x-forgerock-transactionid", "value": "e3721723-80d1-42c0-ba73-a8e972d9a103" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"authId\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3aGl0ZWxpc3Qtc3RhdGUiOiJlMjVmZWM2Ni05MGYwLTQ2NmEtYmM5Mi0zMjgxNzFkZjhhY2EiLCJhdXRoSW5kZXhWYWx1ZSI6IkxvZ2luIiwib3RrIjoiMmlrN2c2M203b203Yzlncm42NnNyc2hmdjEiLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2FscGhhIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNREUuKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU214aWJVMXBUMmxLUWsxVVNUUlJNRXBFVEZWb1ZFMXFWVEpKYVhkcFdWZDRia2xxYjJsYVIyeDVTVzR3TGk1dVN6UjRkbW8zTUZKVlJEZGxWbUYyYTNaSlQyOVJMa1puVW1KVkxXSnpNV3g2Y25sWmQyOXZUWEJDY1Vrek4wOXBORzlqU1ZNM2IyRTFkbkZUV1RCME9GcFZjWEl4VUV4Q1drbGZjRzVaTlVoVWNERnhORGM1UlRSTlpXbERZWFZqZWxWM1pYaHNTMVp1WjNZM05sVkxUMFpEY210aVJtbDZkekV0WmxkQlgxaE1UWEUyTm5sMk5GUllWMlJ0ZW1WMk1HcFVZbEJyTlRSWmQxZHVORk5mTW0xaU4ybDVWakp4TW1weGRVeFFNM0Z2ZGpKelVFVTVTVmxXU205elp5MUtNbkJmVlZVMGFYVmtZVWR5TFZaYWFYUjRUMlpaY2xoTFNUUXhZMkpOZDBOWlNuUTVjakJyVGtGaU5uSnFXWFJhTVcxTU9XWkdZbk5QVEdkVmRGOXlVelpXWjFjNGEyMDNaa1Z0VWtkRGMzQnljUzFMUW1SSlZrZFVZM05RZFhscFYyTnpRVFJXZDB4TlVHUXRTMFpmUkU5aWIzSlJaMDh5YWw5WldraG5OMFZoUm1adWJFdFJkVGxOY1dWSVoySmtXWGxtVmswM1FWRklSMFpNT1hGSU5Hc3djbU5RTTNvM0xUbFdPRGxaTkhGd09FSmlNelJrWDJGWFJsZFlURzlyWW5GcVF6WnFURGRmY0hRemJrdEJXVFJXWjBwWU5XUnpPVEYxUkdNelVrc3lSVFUzU1VoemFVRndObUpNVFhCVVZFRjFUbEpoVUU4NFlrZHlNVVprVFdoamJESkNZMVpqV2xvdFJqWm5XbGxJY1ZkSFNsbGhibGR6TmpGU1lWVlNSMk51Ums4MGIySXpXRGRLYjFsSlRHRldaMGRaUjNOTVRXbENlbXBuZWpkc2QyWlJVbVJ5VUdGT1Zta3hZMkpuY2pkM1NtMTFaVTQxY1VGTVZsazVUbWRpVHpJM1ozbGhZVFZYWld4T1ZscFpabEV6TldVNVdGOTNZMGc1YWpCZlQxbG9VR1kxTTA5RmF6Rm1aazQ1TkVZd2NuQnBWVkpqVWtSMk9WQkhNakZUV21wQlVHRXdjRWRoWnpGU1ltd3lRelEyVGpsMlRDMVRhRzlqWDNWbFUxaGxZWEJPYUZVNExWQjRNbWh5VWpjMVpqbEpXbUpyVTB0UlZ6bHVPVGRsTlRCQk5XSnFRbUZ0UVdKblowbFJkR2t4TkY5ZmJETmhMVTVYVXpKMldHOVBlVTF5VjAxdlYySkdkRVY1T1RKTmJYWXhRbEV0VjNKVlpIZFpNRTFaU1RJeFNGWXlTblZJWlVsMFh6ZDZTMnh2YzAxZlltVXRRVzFmZW5rd1NXMXlNQzU1ZVZCVFluZFJRVWhSV0ZSbVN5MWxhWEZ0TTFSUi5LLTJScUhuTFpKbHRXX2xSRFRaNHU5cUEyYzdBRk4tSjh3YkttS19Ud0o4IiwiZXhwIjoxNzQ3ODQ2MDQ2LCJpYXQiOjE3NDc4NDU3NDZ9.QbQuh-lA5dJpHxijlVmxAY2S64po-pHQtWcChP9hVOA\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"\"\n }\n ],\n \"_id\": 1\n }\n ],\n \"header\": \"Sign In\",\n \"description\": \"New here? Create an account
Forgot username? Forgot password?\"\n}" } ] }, { "name": "Step 2: Authenticate as Postman demo user", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", "}", "", "// Get custom cookie name\",", "var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());", "pm.collectionVariables.set(\"cookieName\", customCookieName);", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId');", "});", "", "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ] }, "description": "To respond to a callback, send back the whole JSON object with the missing `input` values filled.\n\nThis request shows how to respond to the NameCallback and PasswordCallback callbacks.\n\nOverride the values in this response to the callbacks by using the `amDemoUsername` and `amDemoPassword` Postman variables." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "private" }, { "key": "set-cookie", "value": "8a92ca506c38f08=P4vm2KLSHNbhTmnnDpZMaXDf93Q.*AAJTSQACMDIAAlNLABxNYkwxSUU3bTFlQzFjOHNrc25zSmgyOHBxRjA9AAR0eXBlAANDVFMAAlMxAAIwMQ..*; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "set-cookie", "value": "amlbcookie=01; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "content-api-version", "value": "resource=2.1" }, { "key": "expires", "value": "0" }, { "key": "pragma", "value": "no-cache" }, { "key": "content-type", "value": "application/json" }, { "key": "Content-Length", "value": "183" }, { "key": "date", "value": "Wed, 21 May 2025 18:32:10 GMT" }, { "key": "x-forgerock-transactionid", "value": "3601a980-056d-475b-a9d1-523426cf4bff" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"tokenId\": \"P4vm2KLSHNbhTmnnDpZMaXDf93Q.*AAJTSQACMDIAAlNLABxNYkwxSUU3bTFlQzFjOHNrc25zSmgyOHBxRjA9AAR0eXBlAANDVFMAAlMxAAIwMQ..*\",\n \"successUrl\": \"/enduser/?realm=/alpha\",\n \"realm\": \"/alpha\"\n}" } ] }, { "name": "Step 3: [User] Get User Code and Device Code", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "if(pm.response.code == 200)", "{", " if(JSONResponse.user_code && JSONResponse.user_code != \"\") {", " pm.globals.set(\"user_code\", JSONResponse.user_code);", " }", "", " if(JSONResponse.device_code && JSONResponse.device_code != \"\") {", " pm.globals.set(\"device_code\", JSONResponse.device_code);", " }", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains `user_code`.\", function () {", " pm.expect(JSONResponse.user_code).to.be.a(\"string\");", "});", "", "pm.test(\"Response contains `device_code`.\", function () {", " pm.expect(JSONResponse.device_code).to.be.a(\"string\");", "});" ], "type": "text/javascript" } }, { "listen": "prerequest", "script": { "exec": [ "function base64URLEncode(words) {", " return CryptoJS.enc.Base64.stringify(words)", " .replace(/\\+/g, '-')", " .replace(/\\//g, '_')", " .replace(/=/g, '');", "}", "const code_verifier = base64URLEncode(CryptoJS.lib.WordArray.random(50));", "const code_challenge = base64URLEncode(CryptoJS.SHA256(code_verifier));", "", "pm.globals.set(\"code_challenge\", code_challenge);", "pm.globals.set(\"code_verifier\", code_verifier);" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "response_type", "value": "device_code", "description": "Response types this client will support and use.", "type": "text" }, { "key": "client_id", "value": "{{postmanPublicClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "scope", "value": "manage", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" }, { "key": "code_challenge_method", "value": "S256", "description": "The method used to generate the code challenge.", "type": "text" }, { "key": "code_challenge", "value": "{{code_challenge}}", "description": "The generated code challenge.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/device/code", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "device", "code" ] }, "description": "Receive a user code and a device code, which can be used to provide consent.\n\n\n\n" }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "response_type", "value": "device_code", "description": "Response types this client will support and use.", "type": "text" }, { "key": "client_id", "value": "{{postmanPublicClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "scope", "value": "manage", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" }, { "key": "code_challenge_method", "value": "S256", "description": "The method used to generate the code challenge.", "type": "text" }, { "key": "code_challenge", "value": "{{code_challenge}}", "description": "The generated code challenge.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/device/code", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "device", "code" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "content-type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "920" }, { "key": "date", "value": "Wed, 21 May 2025 18:39:04 GMT" }, { "key": "x-forgerock-transactionid", "value": "57d2cef3-6d98-4875-aa00-be6f43365168" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"user_code\": \"RH7njiEy\",\n \"device_code\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJodHRwczovL29wZW5hbS1kb2NzLXJhcGlkLmZvcmdlYmxvY2tzLmNvbTo0NDMvYW0vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hbHBoYSIsIm5iZiI6MTc0Nzg1Mjc0NCwidXNlcl9jb2RlIjoiUkg3bmppRXkiLCJpc3MiOiJodHRwczovL29wZW5hbS1kb2NzLXJhcGlkLmZvcmdlYmxvY2tzLmNvbTo0NDMvYW0vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hbHBoYSIsImV4cCI6MTc0Nzg1MzA0NCwiaWF0IjoxNzQ3ODUyNzQ0LCJqdGkiOiI2MzQ2MDJiMS01ZjllLTRjZjktYjMwYi0wY2UzNGU5NGZiNzgifQ.m9v5GZ5PVmZoPuNlqTdt5Za_fDwl3nLhS7phW4APnzA\",\n \"interval\": 5,\n \"verification_uri_complete\": \"https://openam-docs-rapid.forgeblocks.com:443/am/oauth2/realms/root/realms/alpha/device/user?user_code=RH7njiEy\",\n \"verification_uri\": \"https://openam-docs-rapid.forgeblocks.com:443/am/oauth2/realms/root/realms/alpha/device/user\",\n \"expires_in\": 300,\n \"verification_url\": \"https://openam-docs-rapid.forgeblocks.com:443/am/oauth2/realms/root/realms/alpha/device/user\"\n}" } ] }, { "name": "Step 4: [User] Grant Consent Using the User Code", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains 'done: true'.\",() => {", " pm.expect(pm.response.text()).to.include(\"done: true\");", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "description": "SSO token to protect against cross-site request forgery.", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "decision", "value": "allow", "description": "Decision that grants access to the scopes in the request (to the client).", "type": "text" }, { "key": "csrf", "value": "{{demoSSOToken}}", "description": "SSO token to protect against cross-site request forgery.", "type": "text" }, { "key": "user_code", "value": "{{user_code}}", "description": "The user code for the device.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/device/user", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "device", "user" ] }, "description": "Grants consent using the user code recieved in the previous call to allow the client device to access resources." }, "response": [ { "name": "Example (page contains \"done: true\")", "originalRequest": { "method": "POST", "header": [ { "key": "Cookie", "value": "{{demoSSOToken}}", "description": "SSO token to protect against cross-site request forgery.", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "decision", "value": "allow", "description": "Decision that grants access to the scopes in the request (to the client).", "type": "text" }, { "key": "csrf", "value": "{{demoSSOToken}}", "description": "SSO token to protect against cross-site request forgery.", "type": "text" }, { "key": "user_code", "value": "{{user_code}}", "description": "The user code for the device.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/device/user", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "device", "user" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "html", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Content-Type", "value": "text/html;charset=UTF-8" }, { "key": "Content-Length", "value": "969" }, { "key": "Date", "value": "Thu, 13 Aug 2020 12:19:21 GMT" } ], "cookie": [], "body": "\n\n\n \n \n \n \n \n OAuth2 Authorization Server\n \n \n
Loading...
\n
\n \n \n \n" } ] }, { "name": "Step 5: [User] Poll for Authorization", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "if(JSONResponse.access_token && JSONResponse.access_token != \"\")", "{", " pm.globals.set(\"access_token\", JSONResponse.access_token);", "}", "", "if(JSONResponse.refresh_token && JSONResponse.refresh_token != \"\")", "{", " pm.globals.set(\"refresh_token\", JSONResponse.refresh_token);", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Status code is not 400 - Polling too Quickly\", () => {", " // The polling interval has not elapsed since the last request. ", " pm.expect(pm.response.code).to.not.eql(400);", "});", "", "pm.test(\"Status code is not 401 - Token not valid\", () => {", " // The request contains a token no longer valid. ", " pm.expect(pm.response.code).to.not.eql(401);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(JSONResponse.access_token).to.be.a(\"string\");", "});", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_id", "value": "{{postmanPublicClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "grant_type", "value": "http://oauth.net/grant_type/device/1.0", "description": "Grant types this client will support and use.", "type": "text" }, { "key": "code", "value": "{{device_code}}", "description": "The device code for the device.", "type": "text" }, { "key": "code_verifier", "value": "{{code_verifier}}", "description": "The generated code verifier. See the Pre-request script in the previous step.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Poll the authorization server for an access token, to find out whether the resource owner has already given consent or not." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_id", "value": "{{postmanPublicClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "grant_type", "value": "http://oauth.net/grant_type/device/1.0", "description": "Grant types this client will support and use.", "type": "text" }, { "key": "code", "value": "{{device_code}}", "description": "The device code for the device.", "type": "text" }, { "key": "code_verifier", "value": "{{code_verifier}}", "description": "The generated code verifier. See the Pre-request script in the previous step.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "no-store" }, { "key": "pragma", "value": "no-cache" }, { "key": "content-type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "2041" }, { "key": "date", "value": "Thu, 22 May 2025 11:30:43 GMT" }, { "key": "x-forgerock-transactionid", "value": "9430e8ab-bdcc-4a29-b096-ba0a249e7e2e" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"access_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNzk2NGMzMWMtODVlNC00NmIwLWE0NTMtOGM1OTNiMjU4OGIyLTI0ODU4NiIsInN1Ym5hbWUiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJpc3MiOiJodHRwczovL29wZW5hbS1kb2NzLXJhcGlkLmZvcmdlYmxvY2tzLmNvbTo0NDMvYW0vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hbHBoYSIsInRva2VuTmFtZSI6ImFjY2Vzc190b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJhdXRoR3JhbnRJZCI6IjhGWHpPS0kxeWk2Zzkya3l2aFlIYVRtLXV1RSIsImNsaWVudF9pZCI6InBvc3RtYW5QdWJsaWNDbGllbnQiLCJhdWQiOiJwb3N0bWFuUHVibGljQ2xpZW50IiwibmJmIjoxNzQ3OTEzNDQzLCJncmFudF90eXBlIjoiaHR0cDovL29hdXRoLm5ldC9ncmFudF90eXBlL2RldmljZS8xLjAiLCJzY29wZSI6WyJtYW5hZ2UiXSwiYXV0aF90aW1lIjoxNzQ3OTEzMzI4LCJyZWFsbSI6Ii9hbHBoYSIsImV4cCI6MTc0NzkxNzA0MywiaWF0IjoxNzQ3OTEzNDQzLCJleHBpcmVzX2luIjozNjAwLCJqdGkiOiJYcV81MDk2b3lKMkg1cGdxcndWMkpHbURPLUkifQ.yF44lMalyy7T1CcdB60GbOxVuhRQd__sEwVcfyuzOmI\",\n \"refresh_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNzk2NGMzMWMtODVlNC00NmIwLWE0NTMtOGM1OTNiMjU4OGIyLTI0ODU4NyIsInN1Ym5hbWUiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJpc3MiOiJodHRwczovL29wZW5hbS1kb2NzLXJhcGlkLmZvcmdlYmxvY2tzLmNvbTo0NDMvYW0vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hbHBoYSIsInRva2VuTmFtZSI6InJlZnJlc2hfdG9rZW4iLCJ0b2tlbl90eXBlIjoiQmVhcmVyIiwiYXV0aEdyYW50SWQiOiI4Rlh6T0tJMXlpNmc5Mmt5dmhZSGFUbS11dUUiLCJjbGllbnRfaWQiOiJwb3N0bWFuUHVibGljQ2xpZW50IiwiYXVkIjoicG9zdG1hblB1YmxpY0NsaWVudCIsIm5iZiI6MTc0NzkxMzQ0MywiZ3JhbnRfdHlwZSI6Imh0dHA6Ly9vYXV0aC5uZXQvZ3JhbnRfdHlwZS9kZXZpY2UvMS4wIiwic2NvcGUiOlsibWFuYWdlIl0sImF1dGhfdGltZSI6MTc0NzkxMzMyOCwicmVhbG0iOiIvYWxwaGEiLCJleHAiOjE3NDg1MTgyNDMsImlhdCI6MTc0NzkxMzQ0MywiZXhwaXJlc19pbiI6NjA0ODAwLCJqdGkiOiI0MURvQVpKTkJIM3FFZTRkcEJOM3RMd1Y0TWMifQ.YxQcw4Z2Tdt9kKFeKByagdfVhH_GBrWKFCni8UPCBhQ\",\n \"scope\": \"manage\",\n \"token_type\": \"Bearer\",\n \"expires_in\": 3599\n}" }, { "name": "Example (polling too quickly)", "originalRequest": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_id", "value": "{{postmanPublicClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "grant_type", "value": "http://oauth.net/grant_type/device/1.0", "description": "Grant types this client will support and use.", "type": "text" }, { "key": "code", "value": "{{device_code}}", "description": "The device code for the device.", "type": "text" }, { "key": "code_verifier", "value": "{{code_verifier}}", "description": "The generated code verifier. See the Pre-request script in the previous step.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] } }, "status": "Bad Request", "code": 400, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Cache-Control", "value": "no-store" }, { "key": "Pragma", "value": "no-cache" }, { "key": "Content-Type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "103" }, { "key": "Date", "value": "Thu, 13 Aug 2020 12:20:00 GMT" }, { "key": "Connection", "value": "close" } ], "cookie": [], "body": "{\n \"error_description\": \"The polling interval has not elapsed since the last request\",\n \"error\": \"slow_down\"\n}" } ] }, { "name": "Step 6: Introspect the Access Token", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "const JSONResponse = pm.response.json();", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains correct `client_id`.\", function () {", " pm.expect(JSONResponse.client_id).to.eql(pm.collectionVariables.get(\"postmanPublicClientId\"));", "});", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{access_token}}", "description": "Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] }, "description": "Retrieve metadata about the active access token, such as, approved scopes, the user that authorized the token, and the expiry time." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{access_token}}", "description": "Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "content-type", "value": "application/json;charset=UTF-8" }, { "key": "date", "value": "Thu, 22 May 2025 11:31:51 GMT" }, { "key": "x-forgerock-transactionid", "value": "08054585-cd4e-4532-adc4-6d7d9a0df544" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" }, { "key": "Transfer-Encoding", "value": "chunked" } ], "cookie": [], "body": "{\n \"active\": true,\n \"scope\": \"manage\",\n \"realm\": \"/alpha\",\n \"client_id\": \"postmanPublicClient\",\n \"user_id\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"username\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"token_type\": \"Bearer\",\n \"exp\": 1747917043,\n \"sub\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"iss\": \"https://openam-docs-rapid.forgeblocks.com:443/am/oauth2/realms/root/realms/alpha\",\n \"subname\": \"6d0537b3-e523-480d-9d0a-84d25ac7a2e5\",\n \"auth_level\": 0,\n \"authGrantId\": \"8FXzOKI1yi6g92kyvhYHaTm-uuE\",\n \"auditTrackingId\": \"7964c31c-85e4-46b0-a453-8c593b2588b2-248586\",\n \"expires_in\": 3531\n}" } ] } ], "description": "The Device Flow is designed for client devices that have limited user interfaces, such as a set-top box. Since the devices are usually public clients and the device code can be intercepted by malicious users, you can combine the Device Flow with the PKCE standard (RFC 7636) to mitigate against interception attacks if the devices allow it.\n\nThis flow is beyond the PKCE and the Device Flow specs, since the Device Flow spec is still a draft and it is not officially recognized by the PKCE standard.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Refresh Token Flow", "item": [ { "name": "Step 1: Start Login Journey", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", "}", "", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('authId');", "});", "", "", "" ], "type": "text/javascript", "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "This collection documents version 2.1 of the authentication resource." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] }, "description": "To get started, log in to the authorization server using the credentials of the administator to receive an administrative SSO token needed for the following prerequisites. \n" }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "This collection documents version 2.1 of the authentication resource." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "private" }, { "key": "content-api-version", "value": "resource=2.1" }, { "key": "expires", "value": "0" }, { "key": "pragma", "value": "no-cache" }, { "key": "set-cookie", "value": "amlbcookie=01; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "content-type", "value": "application/json" }, { "key": "Content-Length", "value": "2574" }, { "key": "date", "value": "Wed, 21 May 2025 16:42:26 GMT" }, { "key": "x-forgerock-transactionid", "value": "e3721723-80d1-42c0-ba73-a8e972d9a103" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"authId\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3aGl0ZWxpc3Qtc3RhdGUiOiJlMjVmZWM2Ni05MGYwLTQ2NmEtYmM5Mi0zMjgxNzFkZjhhY2EiLCJhdXRoSW5kZXhWYWx1ZSI6IkxvZ2luIiwib3RrIjoiMmlrN2c2M203b203Yzlncm42NnNyc2hmdjEiLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2FscGhhIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNREUuKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU214aWJVMXBUMmxLUWsxVVNUUlJNRXBFVEZWb1ZFMXFWVEpKYVhkcFdWZDRia2xxYjJsYVIyeDVTVzR3TGk1dVN6UjRkbW8zTUZKVlJEZGxWbUYyYTNaSlQyOVJMa1puVW1KVkxXSnpNV3g2Y25sWmQyOXZUWEJDY1Vrek4wOXBORzlqU1ZNM2IyRTFkbkZUV1RCME9GcFZjWEl4VUV4Q1drbGZjRzVaTlVoVWNERnhORGM1UlRSTlpXbERZWFZqZWxWM1pYaHNTMVp1WjNZM05sVkxUMFpEY210aVJtbDZkekV0WmxkQlgxaE1UWEUyTm5sMk5GUllWMlJ0ZW1WMk1HcFVZbEJyTlRSWmQxZHVORk5mTW0xaU4ybDVWakp4TW1weGRVeFFNM0Z2ZGpKelVFVTVTVmxXU205elp5MUtNbkJmVlZVMGFYVmtZVWR5TFZaYWFYUjRUMlpaY2xoTFNUUXhZMkpOZDBOWlNuUTVjakJyVGtGaU5uSnFXWFJhTVcxTU9XWkdZbk5QVEdkVmRGOXlVelpXWjFjNGEyMDNaa1Z0VWtkRGMzQnljUzFMUW1SSlZrZFVZM05RZFhscFYyTnpRVFJXZDB4TlVHUXRTMFpmUkU5aWIzSlJaMDh5YWw5WldraG5OMFZoUm1adWJFdFJkVGxOY1dWSVoySmtXWGxtVmswM1FWRklSMFpNT1hGSU5Hc3djbU5RTTNvM0xUbFdPRGxaTkhGd09FSmlNelJrWDJGWFJsZFlURzlyWW5GcVF6WnFURGRmY0hRemJrdEJXVFJXWjBwWU5XUnpPVEYxUkdNelVrc3lSVFUzU1VoemFVRndObUpNVFhCVVZFRjFUbEpoVUU4NFlrZHlNVVprVFdoamJESkNZMVpqV2xvdFJqWm5XbGxJY1ZkSFNsbGhibGR6TmpGU1lWVlNSMk51Ums4MGIySXpXRGRLYjFsSlRHRldaMGRaUjNOTVRXbENlbXBuZWpkc2QyWlJVbVJ5VUdGT1Zta3hZMkpuY2pkM1NtMTFaVTQxY1VGTVZsazVUbWRpVHpJM1ozbGhZVFZYWld4T1ZscFpabEV6TldVNVdGOTNZMGc1YWpCZlQxbG9VR1kxTTA5RmF6Rm1aazQ1TkVZd2NuQnBWVkpqVWtSMk9WQkhNakZUV21wQlVHRXdjRWRoWnpGU1ltd3lRelEyVGpsMlRDMVRhRzlqWDNWbFUxaGxZWEJPYUZVNExWQjRNbWh5VWpjMVpqbEpXbUpyVTB0UlZ6bHVPVGRsTlRCQk5XSnFRbUZ0UVdKblowbFJkR2t4TkY5ZmJETmhMVTVYVXpKMldHOVBlVTF5VjAxdlYySkdkRVY1T1RKTmJYWXhRbEV0VjNKVlpIZFpNRTFaU1RJeFNGWXlTblZJWlVsMFh6ZDZTMnh2YzAxZlltVXRRVzFmZW5rd1NXMXlNQzU1ZVZCVFluZFJRVWhSV0ZSbVN5MWxhWEZ0TTFSUi5LLTJScUhuTFpKbHRXX2xSRFRaNHU5cUEyYzdBRk4tSjh3YkttS19Ud0o4IiwiZXhwIjoxNzQ3ODQ2MDQ2LCJpYXQiOjE3NDc4NDU3NDZ9.QbQuh-lA5dJpHxijlVmxAY2S64po-pHQtWcChP9hVOA\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"\"\n }\n ],\n \"_id\": 1\n }\n ],\n \"header\": \"Sign In\",\n \"description\": \"New here? Create an account
Forgot username? Forgot password?\"\n}" } ] }, { "name": "Step 2: Authenticate as Postman demo user", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", "}", "", "// Get custom cookie name\",", "var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());", "pm.collectionVariables.set(\"cookieName\", customCookieName);", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId');", "});", "", "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ] }, "description": "To respond to a callback, send back the whole JSON object with the missing `input` values filled.\n\nThis request shows how to respond to the NameCallback and PasswordCallback callbacks.\n\nOverride the values in this response to the callbacks by using the `amDemoUsername` and `amDemoPassword` Postman variables." }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "private" }, { "key": "set-cookie", "value": "8a92ca506c38f08=86L9WN0t7-98ZGam0o27As40YeU.*AAJTSQACMDIAAlNLABx1S2d1cG1BakI1SVVCMU9lVTh5VHgrTWJNRFE9AAR0eXBlAANDVFMAAlMxAAIwMQ..*; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "set-cookie", "value": "amlbcookie=01; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "content-api-version", "value": "resource=2.1" }, { "key": "expires", "value": "0" }, { "key": "pragma", "value": "no-cache" }, { "key": "content-type", "value": "application/json" }, { "key": "Content-Length", "value": "183" }, { "key": "date", "value": "Thu, 22 May 2025 11:33:18 GMT" }, { "key": "x-forgerock-transactionid", "value": "0aae0dfd-c984-4a44-86fa-16fbbd198c23" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"tokenId\": \"86L9WN0t7-98ZGam0o27As40YeU.*AAJTSQACMDIAAlNLABx1S2d1cG1BakI1SVVCMU9lVTh5VHgrTWJNRFE9AAR0eXBlAANDVFMAAlMxAAIwMQ..*\",\n \"successUrl\": \"/enduser/?realm=/alpha\",\n \"realm\": \"/alpha\"\n}" } ] }, { "name": "Step 3: [User] Get Authorization Code", "event": [ { "listen": "test", "script": { "exec": [ "const querystring = require('querystring');", "location = pm.response.headers.get('location');", "params = {};", "", "if (location) {", " parts = location.split('?');", " if (1 in parts) {", " params = querystring.parse(parts[1]);", " }", "}", "", "if (params.code)", "{", " pm.globals.set(\"authorization_code\", params.code);", "}", "", "// Tests", "", "pm.test(\"Status code is 302\", () => {", " pm.expect(pm.response.code).to.eql(302);", "});", "", "pm.test(\"Response contains a location header\", () => {", " pm.expect(location).to.be.a(\"string\");", "});", "", "pm.test(\"Location header contains `code` argument\", () => {", " pm.expect(params.code).to.be.a(\"string\");", "});" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true, "followRedirects": false }, "request": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "scope", "value": "edit", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" }, { "key": "response_type", "value": "code", "description": "Response types the client will support and use.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "csrf", "value": "{{demoSSOToken}}", "description": "SSO token of a ForgeRock user, to protect against cross-site request forgery.", "type": "text" }, { "key": "decision", "value": "allow", "description": "Decision that grants access to the authentication code. When using a browser, the user would consent that the client can access their information. This flow can be used machine-to-machine, by assuming consent, for example between two services provided by the same organization.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/authorize", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "authorize" ] }, "description": "Make a call to the authorization server's authorization endpoint, specifying the SSO token of the user in a cookie." }, "response": [ { "name": "Example (see headers)", "originalRequest": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "scope", "value": "edit", "description": "Strings that are presented to the user for approval and included in tokens so that the protected resource may make decisions about what to give access to.", "type": "text" }, { "key": "response_type", "value": "code", "description": "Response types the client will support and use.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "csrf", "value": "{{demoSSOToken}}", "description": "SSO token of a ForgeRock user, to protect against cross-site request forgery.", "type": "text" }, { "key": "decision", "value": "allow", "description": "Decision that grants access to the authentication code. When using a browser, the user would consent that the client can access their information. This flow can be used machine-to-machine, by assuming consent, for example between two services provided by the same organization.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/authorize", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "authorize" ] } }, "status": "Found", "code": 302, "_postman_previewlanguage": "plain", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "no-store" }, { "key": "location", "value": "https://httpbin.org/anything?code=hb0fz4ii-S3z6rgqGmfaPhst6VA&iss=https%3A%2F%2Fopenam-docs-rapid.forgeblocks.com%3A443%2Fam%2Foauth2%2Frealms%2Froot%2Frealms%2Falpha&client_id=postmanConfidentialClient" }, { "key": "pragma", "value": "no-cache" }, { "key": "set-cookie", "value": "OAUTH_REQUEST_ATTRIBUTES=DELETED; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Path=/; Domain=openam-docs-rapid.forgeblocks.com; Secure; HttpOnly; SameSite=none" }, { "key": "Content-Length", "value": "0" }, { "key": "date", "value": "Thu, 22 May 2025 11:36:14 GMT" }, { "key": "x-forgerock-transactionid", "value": "5682c768-a0be-44bb-896c-edafb391f2a7" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "" } ] }, { "name": "Step 4: [User] Exchange the Authentication Code for an Access Token", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {} } }, { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "if(JSONResponse.access_token && JSONResponse.access_token != \"\")", "{", " pm.globals.set(\"access_token\", JSONResponse.access_token);", "}", "", "if(JSONResponse.refresh_token && JSONResponse.refresh_token != \"\")", "{", " pm.globals.set(\"refresh_token\", JSONResponse.refresh_token);", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(JSONResponse.access_token).to.be.a(\"string\");", "});", "", "pm.test(\"Response contains refresh_token\", function () {", " pm.expect(JSONResponse.refresh_token).to.be.a(\"string\");", "});", "", "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "authorization_code", "description": "Grant types this client will support and use.", "type": "text" }, { "key": "code", "value": "{{authorization_code}}", "description": "The authentication code.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Authenticate with the authorization server using the details of the confidential client and the authentication code recieved in the previous call.\n" }, "response": [ { "name": "Example", "originalRequest": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "authorization_code", "description": "Grant types this client will support and use.", "type": "text" }, { "key": "code", "value": "{{authorization_code}}", "description": "The authentication code.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "no-store" }, { "key": "pragma", "value": "no-cache" }, { "key": "content-type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "2025" }, { "key": "date", "value": "Thu, 22 May 2025 11:37:22 GMT" }, { "key": "x-forgerock-transactionid", "value": "07ba53e6-dea6-41b2-9a8a-5605db082d21" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"access_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNzk2NGMzMWMtODVlNC00NmIwLWE0NTMtOGM1OTNiMjU4OGIyLTI1MDAwMSIsInN1Ym5hbWUiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJpc3MiOiJodHRwczovL29wZW5hbS1kb2NzLXJhcGlkLmZvcmdlYmxvY2tzLmNvbTo0NDMvYW0vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hbHBoYSIsInRva2VuTmFtZSI6ImFjY2Vzc190b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJhdXRoR3JhbnRJZCI6IkpHcHV4NXR1RzJ4UExpSHdsWllfZ0pYVzVUWSIsImNsaWVudF9pZCI6InBvc3RtYW5Db25maWRlbnRpYWxDbGllbnQiLCJhdWQiOiJwb3N0bWFuQ29uZmlkZW50aWFsQ2xpZW50IiwibmJmIjoxNzQ3OTEzODQyLCJncmFudF90eXBlIjoiYXV0aG9yaXphdGlvbl9jb2RlIiwic2NvcGUiOlsiZWRpdCJdLCJhdXRoX3RpbWUiOjE3NDc5MTM1OTgsInJlYWxtIjoiL2FscGhhIiwiZXhwIjoxNzQ3OTE3NDQyLCJpYXQiOjE3NDc5MTM4NDIsImV4cGlyZXNfaW4iOjM2MDAsImp0aSI6ImtySVh6dWQ4SEdFa3NtUnZOR0hsdEZ2Rl9sdyJ9._SBRqNkt2Fuq7LVspc9Q6N6gpOZ9HmmNf9sqCGme0og\",\n \"refresh_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNzk2NGMzMWMtODVlNC00NmIwLWE0NTMtOGM1OTNiMjU4OGIyLTI1MDAwMiIsInN1Ym5hbWUiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJpc3MiOiJodHRwczovL29wZW5hbS1kb2NzLXJhcGlkLmZvcmdlYmxvY2tzLmNvbTo0NDMvYW0vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hbHBoYSIsInRva2VuTmFtZSI6InJlZnJlc2hfdG9rZW4iLCJ0b2tlbl90eXBlIjoiQmVhcmVyIiwiYXV0aEdyYW50SWQiOiJKR3B1eDV0dUcyeFBMaUh3bFpZX2dKWFc1VFkiLCJjbGllbnRfaWQiOiJwb3N0bWFuQ29uZmlkZW50aWFsQ2xpZW50IiwiYXVkIjoicG9zdG1hbkNvbmZpZGVudGlhbENsaWVudCIsImFjciI6IjAiLCJuYmYiOjE3NDc5MTM4NDIsImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJzY29wZSI6WyJlZGl0Il0sImF1dGhfdGltZSI6MTc0NzkxMzU5OCwicmVhbG0iOiIvYWxwaGEiLCJleHAiOjE3NDg1MTg2NDIsImlhdCI6MTc0NzkxMzg0MiwiZXhwaXJlc19pbiI6NjA0ODAwLCJqdGkiOiIwdUNJY3I3emNKSDU5cXpsRGQ2MkpLSm5mOXcifQ.eFYLeigOyPQJOWi97R6Agfel0q2APES-qILpMAPvxKU\",\n \"scope\": \"edit\",\n \"token_type\": \"Bearer\",\n \"expires_in\": 3599\n}" } ] }, { "name": "Step 5: [User] Refresh the Access Token", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript" } }, { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "pm.test(\"Response contains new refresh_token\", function () {", " pm.expect(JSONResponse.refresh_token).to.not.eql(pm.globals.get(\"refresh_token\"));", "});", "", "pm.test(\"Response contains new access_token\", function () {", " pm.expect(JSONResponse.access_token).to.not.eql(pm.globals.get(\"access_token\"));", "});", "", "", "", "if(JSONResponse.access_token && JSONResponse.access_token != \"\" && JSONResponse.access_token != pm.globals.get(\"access_token\"))", "{", " pm.globals.set(\"access_token\", JSONResponse.access_token);", "}", "", "if(JSONResponse.refresh_token && JSONResponse.refresh_token != \"\" && JSONResponse.refresh_token != pm.globals.get(\"refresh_token\"))", "{", " pm.globals.set(\"refresh_token\", JSONResponse.refresh_token);", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(JSONResponse.access_token).to.be.a(\"string\");", "});", "", "pm.test(\"Response contains refresh_token\", function () {", " pm.expect(JSONResponse.refresh_token).to.be.a(\"string\");", "});", "", "", "", "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "refresh_token", "description": "The Grant Type supported by AM.", "type": "text" }, { "key": "refresh_token", "value": "{{refresh_token}}", "description": "The refresh token.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the OAuth Confidential Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the OAuth Confidential Client. See the ForgeRock documentation for stronger methods of client authentication.", "type": "text" }, { "key": "scope", "value": "edit", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Use a refresh token to ask for a new access token." }, "response": [ { "name": "Example (new access and refresh tokens)", "originalRequest": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "refresh_token", "description": "The Grant Type supported by AM.", "type": "text" }, { "key": "refresh_token", "value": "{{refresh_token}}", "description": "The refresh token.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the OAuth Confidential Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the OAuth Confidential Client. See the ForgeRock documentation for stronger methods of client authentication.", "type": "text" }, { "key": "scope", "value": "edit", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "x-frame-options", "value": "SAMEORIGIN" }, { "key": "content-security-policy-report-only", "value": "frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'" }, { "key": "x-content-type-options", "value": "nosniff" }, { "key": "cache-control", "value": "no-store" }, { "key": "pragma", "value": "no-cache" }, { "key": "content-type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "2012" }, { "key": "date", "value": "Thu, 22 May 2025 11:37:54 GMT" }, { "key": "x-forgerock-transactionid", "value": "310978a4-400b-4b1e-bdc8-5971b89d6a19" }, { "key": "strict-transport-security", "value": "max-age=31536000; includeSubDomains; preload;" }, { "key": "x-robots-tag", "value": "none" }, { "key": "Via", "value": "1.1 google" }, { "key": "Alt-Svc", "value": "h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000" } ], "cookie": [], "body": "{\n \"access_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNzk2NGMzMWMtODVlNC00NmIwLWE0NTMtOGM1OTNiMjU4OGIyLTI1MDA2MyIsInN1Ym5hbWUiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJpc3MiOiJodHRwczovL29wZW5hbS1kb2NzLXJhcGlkLmZvcmdlYmxvY2tzLmNvbTo0NDMvYW0vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hbHBoYSIsInRva2VuTmFtZSI6ImFjY2Vzc190b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJhdXRoR3JhbnRJZCI6IkpHcHV4NXR1RzJ4UExpSHdsWllfZ0pYVzVUWSIsImNsaWVudF9pZCI6InBvc3RtYW5Db25maWRlbnRpYWxDbGllbnQiLCJhdWQiOiJwb3N0bWFuQ29uZmlkZW50aWFsQ2xpZW50IiwibmJmIjoxNzQ3OTEzODc0LCJncmFudF90eXBlIjoicmVmcmVzaF90b2tlbiIsInNjb3BlIjpbImVkaXQiXSwiYXV0aF90aW1lIjoxNzQ3OTEzNTk4LCJyZWFsbSI6Ii9hbHBoYSIsImV4cCI6MTc0NzkxNzQ3NCwiaWF0IjoxNzQ3OTEzODc0LCJleHBpcmVzX2luIjozNjAwLCJqdGkiOiJyUnpiWkhRMEJJaF9RWFhMdno3OE1tTXdINFUifQ.EXcFgtxf7-wAUZpe7vqFitnG3FqFFDNSXqB8y4Hk2d8\",\n \"refresh_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNzk2NGMzMWMtODVlNC00NmIwLWE0NTMtOGM1OTNiMjU4OGIyLTI1MDA2NCIsInN1Ym5hbWUiOiI2ZDA1MzdiMy1lNTIzLTQ4MGQtOWQwYS04NGQyNWFjN2EyZTUiLCJpc3MiOiJodHRwczovL29wZW5hbS1kb2NzLXJhcGlkLmZvcmdlYmxvY2tzLmNvbTo0NDMvYW0vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hbHBoYSIsInRva2VuTmFtZSI6InJlZnJlc2hfdG9rZW4iLCJ0b2tlbl90eXBlIjoiQmVhcmVyIiwiYXV0aEdyYW50SWQiOiJKR3B1eDV0dUcyeFBMaUh3bFpZX2dKWFc1VFkiLCJjbGllbnRfaWQiOiJwb3N0bWFuQ29uZmlkZW50aWFsQ2xpZW50IiwiYXVkIjoicG9zdG1hbkNvbmZpZGVudGlhbENsaWVudCIsImFjciI6IjAiLCJuYmYiOjE3NDc5MTM4NzQsImdyYW50X3R5cGUiOiJyZWZyZXNoX3Rva2VuIiwic2NvcGUiOlsiZWRpdCJdLCJhdXRoX3RpbWUiOjE3NDc5MTM1OTgsInJlYWxtIjoiL2FscGhhIiwiZXhwIjoxNzQ4NTE4Njc0LCJpYXQiOjE3NDc5MTM4NzQsImV4cGlyZXNfaW4iOjYwNDgwMCwianRpIjoiUGdBNmJidFMxaXpFS3hQY1Z1OXNIdVhXQVIwIn0.VOHVNVqYME6sEUGuA0Z7Z0J0OWQ4YOZE-nV5iy4kqog\",\n \"scope\": \"edit\",\n \"token_type\": \"Bearer\",\n \"expires_in\": 3599\n}" } ] }, { "name": "Step 6: [User] Revoke the Refresh Token", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response JSON is empty\", function () {", " pm.expect(responseBody.length).to.eql(2);", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{refresh_token}}", "description": "The refresh token to revoke.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client. ", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client. See the ForgeRock documentation for stronger methods of client authentication.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/token/revoke", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "token", "revoke" ] }, "description": "Revoke the refresh token created in the previous call. Revoking a refresh token also revokes any other associated tokens that were issued with the same authorization grant. " }, "response": [ { "name": "Example (empty response when revoking a token)", "originalRequest": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{refresh_token}}", "description": "The refresh token to revoke.", "type": "text" }, { "key": "client_id", "value": "{{postmanConfidentialClientId}}", "description": "The ID of the Confidential OAuth Client. ", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Confidential OAuth Client. See the ForgeRock documentation for stronger methods of client authentication.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/token/revoke", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "token", "revoke" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "X-Frame-Options", "value": "SAMEORIGIN" }, { "key": "X-Content-Type-Options", "value": "nosniff" }, { "key": "Content-Type", "value": "application/json;charset=UTF-8" }, { "key": "Content-Length", "value": "2" }, { "key": "Date", "value": "Thu, 13 Aug 2020 12:22:07 GMT" } ], "cookie": [], "body": "{}" } ] } ], "description": "Refresh tokens are a type of token that can be used to obtain a new access token that may have identical or narrower scopes than the original. Refresh tokens are long-lived by default, and AM allows you to configure the lifetime of the tokens in the OAuth 2.0 Provider settings, or in each client. By default, the configuration of the OAuth 2.0 Provider is used. ", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] } ], "description": "This section describes the OAuth 2.0 flows that the Advanced Identity Cloud supports, and also provides the information required to implement them. \n\nYou should decide which flow is best for your environment based on the application that will be the OAuth 2.0 client. ", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Session Management", "item": [ { "name": "Step 1: Start Login journey", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request have a callback?", "if(JSONResponse.authId && JSONResponse.authId != \"\")", "{", " // Set `authId` variable", " pm.globals.set(\"authId\", JSONResponse.authId);", "}", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('authId');", "});" ], "type": "text/javascript", "packages": {} } }, { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource." }, { "key": "Accept-API-Version", "value": "resource=2.1", "description": "This collection documents version 2.1 of the authentication resource." } ], "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate?authIndexType=service&authIndexValue={{loginJourney}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ], "query": [ { "key": "authIndexType", "value": "service" }, { "key": "authIndexValue", "value": "{{loginJourney}}" } ] }, "description": "To get started, log in to the authorization server using the credentials of the administator to receive an administrative SSO token needed for the following prerequisites. \n" }, "response": [] }, { "name": "Step 2: Authenticate as Postman demo user", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request return SSO Token?", "if(JSONResponse.tokenId && JSONResponse.tokenId != \"\")", "{", " // Set `demoSSOToken` variable", " pm.globals.set(\"demoSSOToken\", JSONResponse.tokenId);", "", " // Get custom cookie name\",", " var customCookieName = frUtils.getSessionCookieName(pm.response.headers.all());", " pm.collectionVariables.set(\"cookieName\", customCookieName);", "", " // Remove `authId` variable", " pm.globals.unset(\"authId\");", "", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('tokenId');", "});" ], "type": "text/javascript", "packages": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/json", "description": "Specifies that the `/json/authenticate` endpoint uses JSON format for requests." }, { "key": "Accept-API-Version", "value": "resource=2.1, protocol=1.0", "description": "Specifies the version of the `/json/authenticate` endpoint to use." } ], "body": { "mode": "raw", "raw": "{\n \"authId\": \"{{authId}}\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"User Name\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"{{postmanDemoUsername}}\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"PasswordCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Password\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"{{postmanDemoPassword}}\"\n }\n ],\n \"_id\": 1\n }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ] }, "description": "To respond to a callback, send back the whole JSON object with the missing `input` values filled.\n\nThis request shows how to respond to the NameCallback and PasswordCallback callbacks.\n\nOverride the values in this response to the callbacks by using the `amDemoUsername` and `amDemoPassword` Postman variables." }, "response": [] }, { "name": "Step 3: [User] Read session info", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});" ], "type": "text/javascript" } }, { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=4.0", "description": "(Required) " }, { "key": "Content-Type", "value": "application/json" }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "{{amUrl}}/json{{realm}}/sessions?_prettyPrint=true&_action=getsessioninfo", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "sessions" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_action", "value": "getsessioninfo" } ] }, "description": "It reads and returns the information about the requested session." }, "response": [] }, { "name": "Step 4: [User] Read session info and reset idle time", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=4.0", "description": "(Required) " }, { "key": "Content-Type", "value": "application/json" }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "{{amUrl}}/json{{realm}}/sessions?_prettyPrint=true&_action=getsessioninfoandresetidletime", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "sessions" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_action", "value": "getsessioninfoandresetidletime" } ] }, "description": "It reads and returns the information about the requested session. It also resets the session idle time." }, "response": [] }, { "name": "Step 5: [User] Read session properties", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=3.1, protocol=1.0", "description": "(Required) " }, { "key": "Content-Type", "value": "application/json" }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "{{amUrl}}/json{{realm}}/sessions?_prettyPrint=true&_action=getSessionProperties", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "sessions" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_action", "value": "getSessionProperties" } ] }, "description": "It reads and returns all of the allowlisted properties for the requested session." }, "response": [] }, { "name": "Step 6: [User] Refresh session", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});" ], "type": "text/javascript" } } ], "request": { "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=4.0", "description": "(Required) ", "type": "text" }, { "key": "Content-Type", "value": "application/json", "type": "text" }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "{{amUrl}}/json{{realm}}/sessions?_prettyPrint=true&_action=refresh", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "sessions" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_action", "value": "refresh" } ] }, "description": "Suggests to OpenAM that it should refresh this session (update it's latest access time and reset its idleTime to 0). This will only be obeyed if the time between the session's previous latest access time and now is greater than the value configured for the server's Latest Access Time Update Frequency setting, which defaults to 60 seconds." }, "response": [] }, { "name": "Step 7: [User] Validate session", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Session is valid\", function () {", " pm.expect(JSONResponse.valid).to.eql(true);", "});", "", "pm.test(\"Response has expected data\", function () {", " pm.expect(JSONResponse).to.have.all.keys('valid','sessionUid','uid','realm');", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "description": "(Required) " }, { "key": "Content-Type", "value": "application/json" }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "{{amUrl}}/json{{realm}}/sessions?_prettyPrint=true&_action=validate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "sessions" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_action", "value": "validate" } ] }, "description": "It checks that the specified SSO Token Id is valid or not. If there is any problem getting or validating the token which causes an exception the json response will be false. In addition if the token is expired then the json response will be set to false. Otherwise it will be set to true." }, "response": [] }, { "name": "Step 8. [User] Logout session", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"User was logged out\", function () {", " pm.expect(JSONResponse.result).to.eql(\"Successfully logged out\");", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "resource=4.0", "description": "(Required) " }, { "key": "Content-Type", "value": "application/json" }, { "key": "{{cookieName}}", "value": "{{demoSSOToken}}", "type": "text" } ], "body": { "mode": "raw", "raw": "" }, "url": { "raw": "{{amUrl}}/json{{realm}}/sessions?_prettyPrint=true&_action=logout", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "sessions" ], "query": [ { "key": "_fields", "value": "", "description": "Optional parameter containing a comma separated list of field references specifying which fields of the targeted JSON resource should be returned.", "disabled": true }, { "key": "_prettyPrint", "value": "true", "description": "Optional parameter requesting that the returned JSON resource content should be formatted to be more human readable." }, { "key": "_action", "value": "logout", "description": "(Required) " } ] }, "description": "It does logout from OpenAM" }, "response": [] } ], "description": "When a user authenticates to the Advanced Identity Cloud, they are issues with a session token.\n\nYou can obtain information about a users' session, and terminate it, which represents the user logging out of your service.", "auth": { "type": "noauth" }, "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Auditing/Monitoring", "item": [ { "name": "Auditing", "item": [ { "name": "Step 1: [API Keys] Get Audit Log Sources", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Did request contain results?", "if(JSONResponse.resultCount && JSONResponse.resultCount > 0)", "{", " // Set `managedUserId` variable", " pm.globals.set(\"auditSource\", JSONResponse.result[0]);", "}", "else", "{", " pm.globals.set(\"auditSource\", \"none_found\"); ", "}", "", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains tokenId or authId\", function () {", " pm.expect(JSONResponse).to.have.any.keys('resultCount', 'result');", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true, "followRedirects": true }, "request": { "auth": { "type": "noauth" }, "method": "GET", "header": [ { "key": "x-api-key", "value": "{{logApiKey}}" }, { "key": "x-api-secret", "value": "{{logApiSecret}}", "type": "text" } ], "url": { "raw": "{{platformUrl}}/monitoring/logs/sources", "host": [ "{{platformUrl}}" ], "path": [ "monitoring", "logs", "sources" ] }, "description": "Get log sources" }, "response": [ { "name": "List of log sources", "originalRequest": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/logs/sources?_pageSize=&_pagedResouresOffset=&_prettyPrint=false", "host": [ "{{baseUrl}}" ], "path": [ "logs", "sources" ], "query": [ { "key": "_pageSize", "value": "" }, { "key": "_pagedResouresOffset", "value": "" }, { "key": "_prettyPrint", "value": "false" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n\t\"result\": [\n\t\t\"\",\n\t\t\"\"\n\t],\n\t\"resultCount\": \"\",\n\t\"pagedResultsCookie\": \"\",\n\t\"totalPagedResultsPolicy\": \"\",\n\t\"totalPagedResults\": \"\",\n\t\"remainingPagedResults\": \"\"\n}" } ] }, { "name": "Step 2: [API Keys] Get Audit Logs for a Source", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains resultCount or result\", function () {", " pm.expect(JSONResponse).to.have.any.keys('resultCount', 'result');", "});" ], "type": "text/javascript" } } ], "request": { "auth": { "type": "noauth" }, "method": "GET", "header": [ { "key": "x-api-key", "value": "{{logApiKey}}", "type": "text" }, { "key": "x-api-secret", "value": "{{logApiSecret}}", "type": "text" } ], "url": { "raw": "{{platformUrl}}/monitoring/logs?source={{auditSource}}&_pageSize=10&_prettyPrint=true", "host": [ "{{platformUrl}}" ], "path": [ "monitoring", "logs" ], "query": [ { "key": "source", "value": "{{auditSource}}" }, { "key": "_pageSize", "value": "10" }, { "key": "_prettyPrint", "value": "true" } ] }, "description": "Get log events" }, "response": [ { "name": "List of log events", "originalRequest": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/logs?source=&beginTime=&endTime=&_pageSize=&_pagedResultsCookie=&_prettyPrint=false&_sortKeys=", "host": [ "{{baseUrl}}" ], "path": [ "logs" ], "query": [ { "key": "source", "value": "" }, { "key": "beginTime", "value": "" }, { "key": "endTime", "value": "" }, { "key": "_pageSize", "value": "" }, { "key": "_pagedResultsCookie", "value": "" }, { "key": "_prettyPrint", "value": "false" }, { "key": "_sortKeys", "value": "" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n\t\"result\": [\n\t\t{\n\t\t\t\"payload\": \"\",\n\t\t\t\"timestamp\": \"\",\n\t\t\t\"type\": \"\"\n\t\t},\n\t\t{\n\t\t\t\"payload\": \"\",\n\t\t\t\"timestamp\": \"\",\n\t\t\t\"type\": \"\"\n\t\t}\n\t],\n\t\"resultCount\": \"\",\n\t\"pagedResultsCookie\": \"\",\n\t\"totalPagedResultsPolicy\": \"\",\n\t\"totalPagedResults\": \"\",\n\t\"remainingPagedResults\": \"\"\n}" } ] }, { "name": "Step 2: [API Keys] Get Audit Logs for a Transaction ID", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains resultCount or result\", function () {", " pm.expect(JSONResponse).to.have.any.keys('resultCount', 'result');", "});" ], "type": "text/javascript" } } ], "request": { "auth": { "type": "noauth" }, "method": "GET", "header": [ { "key": "x-api-key", "value": "{{logApiKey}}", "type": "text" }, { "key": "x-api-secret", "value": "{{logApiSecret}}", "type": "text" } ], "url": { "raw": "{{platformUrl}}/monitoring/logs?source={{auditSource}}&transactionId={{lastForgeRockTransactionId}}&_pageSize=10&_prettyPrint=true", "host": [ "{{platformUrl}}" ], "path": [ "monitoring", "logs" ], "query": [ { "key": "source", "value": "{{auditSource}}" }, { "key": "transactionId", "value": "{{lastForgeRockTransactionId}}" }, { "key": "_pageSize", "value": "10" }, { "key": "_prettyPrint", "value": "true" } ] }, "description": "Get log events" }, "response": [ { "name": "List of log events", "originalRequest": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/logs?source=&beginTime=&endTime=&_pageSize=&_pagedResultsCookie=&_prettyPrint=false&_sortKeys=", "host": [ "{{baseUrl}}" ], "path": [ "logs" ], "query": [ { "key": "source", "value": "" }, { "key": "beginTime", "value": "" }, { "key": "endTime", "value": "" }, { "key": "_pageSize", "value": "" }, { "key": "_pagedResultsCookie", "value": "" }, { "key": "_prettyPrint", "value": "false" }, { "key": "_sortKeys", "value": "" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n\t\"result\": [\n\t\t{\n\t\t\t\"payload\": \"\",\n\t\t\t\"timestamp\": \"\",\n\t\t\t\"type\": \"\"\n\t\t},\n\t\t{\n\t\t\t\"payload\": \"\",\n\t\t\t\"timestamp\": \"\",\n\t\t\t\"type\": \"\"\n\t\t}\n\t],\n\t\"resultCount\": \"\",\n\t\"pagedResultsCookie\": \"\",\n\t\"totalPagedResultsPolicy\": \"\",\n\t\"totalPagedResults\": \"\",\n\t\"remainingPagedResults\": \"\"\n}" } ] }, { "name": "Step 3: [API Keys] Tail the Audit Logs for a Source", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "if(JSONResponse.pagedResultsCookie && JSONResponse.pagedResultsCookie != \"\"){", " pm.globals.set(\"pagedResultsCookie\", JSONResponse.pagedResultsCookie);", "}", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains results\", function () {", " pm.expect(JSONResponse).to.have.any.keys('resultCount', 'result');", "});", "", "pm.test(\"Response contains pagedResultsCookie\", function () {", " pm.expect(JSONResponse).to.have.any.keys('pagedResultsCookie');", "});" ], "type": "text/javascript" } } ], "request": { "auth": { "type": "noauth" }, "method": "GET", "header": [ { "key": "x-api-key", "value": "{{logApiKey}}", "type": "text" }, { "key": "x-api-secret", "value": "{{logApiSecret}}", "type": "text" } ], "url": { "raw": "{{platformUrl}}/monitoring/logs/tail?source={{auditSource}}&_prettyPrint=true", "host": [ "{{platformUrl}}" ], "path": [ "monitoring", "logs", "tail" ], "query": [ { "key": "source", "value": "{{auditSource}}" }, { "key": "_prettyPrint", "value": "true" } ] }, "description": "Tail log events" }, "response": [ { "name": "List of log events", "originalRequest": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/logs/tail?source=&_pagedResultsCookie=&_prettyPrint=false", "host": [ "{{baseUrl}}" ], "path": [ "logs", "tail" ], "query": [ { "key": "source", "value": "" }, { "key": "_pagedResultsCookie", "value": "" }, { "key": "_prettyPrint", "value": "false" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n\t\"result\": [\n\t\t{\n\t\t\t\"payload\": \"\",\n\t\t\t\"timestamp\": \"\",\n\t\t\t\"type\": \"\"\n\t\t},\n\t\t{\n\t\t\t\"payload\": \"\",\n\t\t\t\"timestamp\": \"\",\n\t\t\t\"type\": \"\"\n\t\t}\n\t],\n\t\"resultCount\": \"\",\n\t\"pagedResultsCookie\": \"\",\n\t\"totalPagedResultsPolicy\": \"\",\n\t\"totalPagedResults\": \"\",\n\t\"remainingPagedResults\": \"\"\n}" } ] }, { "name": "Step 4: [API Keys] Tail the Audit Logs for a Source Since Last Request", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "if(JSONResponse.pagedResultsCookie && JSONResponse.pagedResultsCookie != \"\"){", " pm.globals.set(\"pagedResultsCookie\", JSONResponse.pagedResultsCookie);", "}", "", "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains results\", function () {", " pm.expect(JSONResponse).to.have.any.keys('resultCount', 'result');", "});", "", "pm.test(\"Response contains pagedResultsCookie\", function () {", " pm.expect(JSONResponse).to.have.any.keys('pagedResultsCookie');", "});", "" ], "type": "text/javascript" } } ], "request": { "auth": { "type": "noauth" }, "method": "GET", "header": [ { "key": "x-api-key", "value": "{{logApiKey}}", "type": "text" }, { "key": "x-api-secret", "value": "{{logApiSecret}}", "type": "text" } ], "url": { "raw": "{{platformUrl}}/monitoring/logs/tail?source={{auditSource}}&_pagedResultsCookie={{pagedResultsCookie}}&_prettyPrint=true", "host": [ "{{platformUrl}}" ], "path": [ "monitoring", "logs", "tail" ], "query": [ { "key": "source", "value": "{{auditSource}}" }, { "key": "_pagedResultsCookie", "value": "{{pagedResultsCookie}}" }, { "key": "_prettyPrint", "value": "true" } ] }, "description": "Tail log events" }, "response": [ { "name": "List of log events", "originalRequest": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/logs/tail?source=&_pagedResultsCookie=&_prettyPrint=false", "host": [ "{{baseUrl}}" ], "path": [ "logs", "tail" ], "query": [ { "key": "source", "value": "" }, { "key": "_pagedResultsCookie", "value": "" }, { "key": "_prettyPrint", "value": "false" } ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "Content-Type", "value": "application/json" } ], "cookie": [], "body": "{\n\t\"result\": [\n\t\t{\n\t\t\t\"payload\": \"\",\n\t\t\t\"timestamp\": \"\",\n\t\t\t\"type\": \"\"\n\t\t},\n\t\t{\n\t\t\t\"payload\": \"\",\n\t\t\t\"timestamp\": \"\",\n\t\t\t\"type\": \"\"\n\t\t}\n\t],\n\t\"resultCount\": \"\",\n\t\"pagedResultsCookie\": \"\",\n\t\"totalPagedResultsPolicy\": \"\",\n\t\"totalPagedResults\": \"\",\n\t\"remainingPagedResults\": \"\"\n}" } ] } ], "description": "The Audit Logging Service uses a structured message format that adheres to a consistent log structure common across the ForgeRock Identity Platform. This common structure allows correlation between log messages of the different components of the Platform once the transaction IDs are trusted by enabling the ForgerRock trust transaction header system property. ", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Health", "item": [ { "name": "Check Health", "event": [ { "listen": "test", "script": { "exec": [ "const JSONResponse = pm.response.json();", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"ID Cloud status is OK\", function () {", " pm.expect(JSONResponse.status).to.eql(\"OK\");", "});" ], "type": "text/javascript" } } ], "request": { "auth": { "type": "noauth" }, "method": "GET", "header": [], "url": { "raw": "{{platformUrl}}/monitoring/health", "host": [ "{{platformUrl}}" ], "path": [ "monitoring", "health" ] }, "description": "Is the Advanced Identity Cloud \"alive\"?" }, "response": [ { "name": "Prometheus metrics for all AM pods", "originalRequest": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/metrics/prometheus/am", "host": [ "{{baseUrl}}" ], "path": [ "metrics", "prometheus", "am" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "text", "header": [ { "key": "Content-Type", "value": "text/plain" } ], "cookie": [], "body": "# HELP am_cts_task_queue_size number of operations waiting in a CTS queue\n# TYPE am_cts_task_queue_size gauge\nam_cts_task_queue_size{kubernetes_pod_name=\"am-568cc4fbb6-cjnpg\",} 0.0" } ] } ], "description": "Check the health status of your Advanced Identity Cloud.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Monitoring", "item": [ { "name": "[API Keys] Get Prometheus Metrics (AM)", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});" ], "type": "text/javascript" } } ], "request": { "auth": { "type": "noauth" }, "method": "GET", "header": [ { "key": "x-api-key", "value": "{{logApiKey}}", "type": "text" }, { "key": "x-api-secret", "value": "{{logApiSecret}}", "type": "text" } ], "url": { "raw": "{{platformUrl}}/monitoring/prometheus/am", "host": [ "{{platformUrl}}" ], "path": [ "monitoring", "prometheus", "am" ] }, "description": "AM prometheus metrics" }, "response": [ { "name": "Prometheus metrics for all AM pods", "originalRequest": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/metrics/prometheus/am", "host": [ "{{baseUrl}}" ], "path": [ "metrics", "prometheus", "am" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "text", "header": [ { "key": "Content-Type", "value": "text/plain" } ], "cookie": [], "body": "# HELP am_cts_task_queue_size number of operations waiting in a CTS queue\n# TYPE am_cts_task_queue_size gauge\nam_cts_task_queue_size{kubernetes_pod_name=\"am-568cc4fbb6-cjnpg\",} 0.0" } ] }, { "name": "[API Keys] Get Prometheus Metrics (IDM)", "event": [ { "listen": "test", "script": { "exec": [ "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});" ], "type": "text/javascript" } } ], "request": { "auth": { "type": "noauth" }, "method": "GET", "header": [ { "key": "x-api-key", "value": "{{logApiKey}}", "type": "text" }, { "key": "x-api-secret", "value": "{{logApiSecret}}", "type": "text" } ], "url": { "raw": "{{platformUrl}}/monitoring/prometheus/idm", "host": [ "{{platformUrl}}" ], "path": [ "monitoring", "prometheus", "idm" ] }, "description": "AM prometheus metrics" }, "response": [ { "name": "Prometheus metrics for all AM pods", "originalRequest": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/metrics/prometheus/am", "host": [ "{{baseUrl}}" ], "path": [ "metrics", "prometheus", "am" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "text", "header": [ { "key": "Content-Type", "value": "text/plain" } ], "cookie": [], "body": "# HELP am_cts_task_queue_size number of operations waiting in a CTS queue\n# TYPE am_cts_task_queue_size gauge\nam_cts_task_queue_size{kubernetes_pod_name=\"am-568cc4fbb6-cjnpg\",} 0.0" } ] } ], "description": "Prometheus is third-party software used for gathering and processing monitoring data. Advanced Identity Cloud exposes the endpoints in this section, which Prometheus uses to gather metrics.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] } ], "description": "The Advanced Identity Cloud supports a comprehensive Audit Logging Service that captures key auditing events, critical for system security, troubleshooting, and regulatory compliance.\n\nAudit logs gather operational information about events occurring within a deployment to track processes and security data, such as authentication mechanisms, system access, user and administrator activity, error messages, and configuration changes. \n\nThe ID Cloud also offer advanced monitoring services that will let you monitor metrics, such as authentication and authorization outcomes, token-related operations, CTS queues, or JVM usage.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Well Known", "item": [ { "name": "Assetlinks", "item": [ { "name": "Step 1: [fr:idm:*] Create or update assetlinks.json", "event": [ { "listen": "test", "script": { "exec": [ "//Tests", "", "pm.test(\"Status code is 200 OK or 201 Created\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,201]);", "});", "", "const JSONResponse = pm.response.json();", "", "pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse[0]).to.have.property('relation');", " pm.expect(JSONResponse[0]).to.have.property('target');", "});" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "PUT", "header": [], "body": { "mode": "raw", "raw": "[\n {\n \"relation\": [\n \"delegate_permission/common.handle_all_urls\",\n \"delegate_permission/common.get_login_creds\"\n ],\n \"target\": {\n \"namespace\": \"web\",\n \"site\": \"https://id.mycompany.com\"\n }\n }\n]", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{platformUrl}}/.well-known/assetlinks.json", "host": [ "{{platformUrl}}" ], "path": [ ".well-known", "assetlinks.json" ] } }, "response": [] }, { "name": "Step 2: Read assetlinks.json", "event": [ { "listen": "test", "script": { "exec": [ "//Tests", "", "pm.test(\"Status code is 200 OK\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200]);", "});", "", "if(pm.response.code === 200){", " const JSONResponse = pm.response.json();", "", " pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse[0]).to.have.property('relation');", " pm.expect(JSONResponse[0]).to.have.property('target');", " });", "};" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "noauth" }, "method": "GET", "header": [], "url": { "raw": "{{platformUrl}}/.well-known/assetlinks.json", "host": [ "{{platformUrl}}" ], "path": [ ".well-known", "assetlinks.json" ] } }, "response": [] }, { "name": "Step 3: [fr:idm:*] Delete assetlinks.json", "event": [ { "listen": "test", "script": { "exec": [ "//Tests", "", "pm.test(\"Status code is 200 OK or 404 Not Found\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,404]);", "});", "", "if(pm.response.code === 200){", " const JSONResponse = pm.response.json();", "", " pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse[0]).to.have.property('relation');", " pm.expect(JSONResponse[0]).to.have.property('target');", " });", "};", "", "if(pm.response.code === 404){", " const JSONResponse = pm.response.json();", "", " pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse).to.have.property('code');", " pm.expect(JSONResponse).to.have.property('reason');", " pm.expect(JSONResponse).to.have.property('message');", " });", "};" ], "type": "text/javascript" } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "DELETE", "header": [], "body": { "mode": "raw", "raw": "", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{platformUrl}}/.well-known/assetlinks.json", "host": [ "{{platformUrl}}" ], "path": [ ".well-known", "assetlinks.json" ] } }, "response": [] } ] } ], "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{adminAccessToken}}", "type": "string" } ] }, "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Token Exchange Flows", "item": [ { "name": "Prerequisites", "item": [ { "name": "Step 1: Additional Configuration", "item": [ { "name": "Step 1a: Create a Second Demo User", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "const JSONResponse = pm.response.json();", "", "// Tests", "", "pm.test(\"Status code is 201 Created or 403 Forbidden\", function () {", " pm.expect(pm.response.code).to.be.oneOf([201,403]);", "});", "", "if(pm.response.code === 201){", "", " if(JSONResponse._id && JSONResponse._id != \"\"){", " pm.globals.set(\"managedUserId2\", JSONResponse._id);", " }", "", " if(JSONResponse.userName && JSONResponse.userName != \"\"){", " pm.globals.set(\"managedUsername2\", JSONResponse.userName);", " }", "", " pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse).to.have.property('_id');", " pm.expect(JSONResponse).to.have.property('userName');", " pm.expect(JSONResponse).to.have.property('sn');", " pm.expect(JSONResponse).to.have.property('givenName');", " pm.expect(JSONResponse).to.have.property('mail');", " pm.expect(JSONResponse).to.have.property('telephoneNumber');", " });", "", " pm.test(\"Response does not contain password\", function () {", " pm.expect(JSONResponse).to.not.have.property('password');", " });", "", " pm.test(\"Response contains requested user name\", function () {", " pm.expect(JSONResponse.userName).to.eql(pm.variables.get(\"postmanDemoUsername2\"));", " });", "};", "", "if(pm.response.code === 403){", " pm.test(\"Policy validation failed\", function () {", " pm.expect(JSONResponse.message).to.eql(\"Policy validation failed\");", " });", "", " pm.test(\"Username is not unique\", function () {", " pm.expect(JSONResponse.detail.failedPolicyRequirements[0].property).to.eql(\"userName\");", " });", "}" ], "type": "text/javascript", "packages": {}, "requests": {} } }, { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "protocolProfileBehavior": { "disabledSystemHeaders": {} }, "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "POST", "header": [ { "key": "content-type", "value": "application/json" } ], "body": { "mode": "raw", "raw": "{\n \"userName\": \"{{postmanDemoUsername2}}\",\n \"sn\": \"Demo-User2\",\n \"givenName\": \"Postman\",\n \"mail\": \"{{postmanDemoEmail2}}\",\n \"telephoneNumber\": \"{{$randomPhoneNumber}}\",\n \"password\": \"{{postmanDemoPassword2}}\"\n}", "options": { "raw": { "language": "text" } } }, "url": { "raw": "{{idmUrl}}/managed/alpha_user?_action=create", "host": [ "{{idmUrl}}" ], "path": [ "managed", "alpha_user" ], "query": [ { "key": "_action", "value": "create" } ] }, "description": "Using the SSO Token you received as an Adminstrator, create a second demo user to use in the Token Exchange Flow." }, "response": [] }, { "name": "Step 1b: Add OAuth 2.0 may_act claim Script", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = JSON.parse(responseBody);", "if(pm.response.code == 201)", "{", " pm.collectionVariables.set(\"script_id\", jsonData._id);", "}", "", "", "// Tests", "", "pm.test(\"Status code is 201.\", () => {", " pm.expect(pm.response.code).to.eql(201);", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } }, { "listen": "prerequest", "script": { "exec": [ "var client_id = pm.collectionVariables.get(\"serviceRelatedClientId\");", "var user_id = pm.globals.get(\"managedUserId2\");", "", "var scriptTemplate = `", "import org.forgerock.json.JsonValue", "token.setMayAct(", "JsonValue.json(JsonValue.object(", " JsonValue.field(\"client_id\", \"{{client_id}}\"),", " JsonValue.field(\"sub\", \"{{user_id}}\"))));", "`", "", "var script = scriptTemplate", " .replace(\"{{client_id}}\", client_id)", " .replace(\"{{user_id}}\", user_id);", "", "pm.collectionVariables.set(\"may_act_script_body\", btoa(script));", "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "POST", "header": [ { "key": "Accept-API-Version", "value": "protocol=1.0,resource=1.0", "type": "text" } ], "body": { "mode": "raw", "raw": "{\n \"_id\": null,\n \"name\": \"Example may_act Claim Script\",\n \"script\": \"{{may_act_script_body}}\",\n \"language\": \"GROOVY\",\n \"context\": \"OAUTH2_MAY_ACT\",\n \"description\": \"\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json/{{realm}}/scripts/?_action=create", "host": [ "{{amUrl}}" ], "path": [ "json", "{{realm}}", "scripts", "" ], "query": [ { "key": "_action", "value": "create" } ] }, "description": "Creates a new OAuth2 Access Token may_act script that can be used to add a may_act claim to OAuth2 and OIDC tokens." }, "response": [] }, { "name": "Step 1c: Delete Confidential OAuth 2.0 Client", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "const JSONResponse = pm.response.json();", "", "pm.test(\"Status code is 201 Created or 200 OK\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,201]);", "});", "", "pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse).to.have.property('_id');", " pm.expect(JSONResponse).to.have.property('advancedOAuth2ClientConfig');", " pm.expect(JSONResponse).to.have.property('coreOAuth2ClientConfig');", "});", "", "pm.test(\"Response contains requested client ID\", function () {", " pm.expect(JSONResponse._id).to.eql(pm.variables.get(\"postmanConfidentialClientId\"));", "});", "", "pm.test(\"Response contains confidential client type\", function () {", " pm.expect(JSONResponse.coreOAuth2ClientConfig.clientType.value).to.eql(\"Confidential\");", "});", "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "DELETE", "header": [ { "key": "accept", "value": "application/json", "description": "Specifies certain media types which are acceptable for the resource.", "type": "text" }, { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource.", "type": "text" }, { "key": "X-Requested-With", "value": "PingOne Advanced Identity Cloud Postman Collection", "description": "Custom header.", "type": "text" }, { "key": "{{cookieName}}", "value": "{{adminSSOToken}}", "description": "SSO token of an administrator. ", "type": "text", "disabled": true } ], "body": { "mode": "raw", "raw": "{}" }, "url": { "raw": "{{amUrl}}/json{{realm}}/realm-config/agents/OAuth2Client/{{postmanConfidentialClientId}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "realm-config", "agents", "OAuth2Client", "{{postmanConfidentialClientId}}" ] }, "description": "Register a demonstration confidential client, used in the OAuth 2.0 flows section of the collection." }, "response": [] }, { "name": "Step 1d: Re-create Confidential OAuth 2.0 Client with may_act", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "const JSONResponse = pm.response.json();", "", "pm.test(\"Status code is 201 Created or 200 OK\", function () {", " pm.expect(pm.response.code).to.be.oneOf([200,201]);", "});", "", "pm.test(\"Response contains expected keys\", function () {", " pm.expect(JSONResponse).to.have.property('_id');", " pm.expect(JSONResponse).to.have.property('advancedOAuth2ClientConfig');", " pm.expect(JSONResponse).to.have.property('coreOAuth2ClientConfig');", "});", "", "pm.test(\"Response contains requested client ID\", function () {", " pm.expect(JSONResponse._id).to.eql(pm.variables.get(\"postmanConfidentialClientId\"));", "});", "", "pm.test(\"Response contains confidential client type\", function () {", " pm.expect(JSONResponse.coreOAuth2ClientConfig.clientType.value).to.eql(\"Confidential\");", "});", "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "PUT", "header": [ { "key": "accept", "value": "application/json", "description": "Specifies certain media types which are acceptable for the resource.", "type": "text" }, { "key": "Content-Type", "value": "application/json", "description": "The media type of the resource.", "type": "text" }, { "key": "X-Requested-With", "value": "PingOne Advanced Identity Cloud Postman Collection", "description": "Custom header.", "type": "text" }, { "key": "{{cookieName}}", "value": "{{adminSSOToken}}", "description": "SSO token of an administrator. ", "type": "text", "disabled": true } ], "body": { "mode": "raw", "raw": "{\n \"coreOAuth2ClientConfig\": {\n \"agentgroup\": \"\",\n \"status\": {\n \"inherited\": false,\n \"value\": \"Active\"\n },\n \n \"userpassword\": \"{{postmanClientSecret}}\",\n \"clientType\": {\n \"inherited\": false,\n \"value\": \"Confidential\"\n },\n \"loopbackInterfaceRedirection\": {\n \"inherited\": true,\n \"value\": true\n },\n \"redirectionUris\": {\n \"inherited\": false,\n \"value\": [\n \"{{redirectUri}}\"\n ]\n },\n \"scopes\": {\n \"inherited\": false,\n \"value\": [\n \"write\",\n \"read\",\n \"share\",\n \"print\",\n \"copy\",\n \"delete\",\n \"manage\",\n \"edit\",\n \"am-introspect-all-tokens\",\n \"openid\"\n ]\n },\n \"defaultScopes\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"clientName\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"authorizationCodeLifetime\": {\n \"inherited\": true,\n \"value\": 0\n },\n \"refreshTokenLifetime\": {\n \"inherited\": true,\n \"value\": 0\n },\n \"accessTokenLifetime\": {\n \"inherited\": true,\n \"value\": 0\n }\n },\n \"advancedOAuth2ClientConfig\": {\n \"name\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"descriptions\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"requestUris\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"responseTypes\": {\n \"inherited\": false,\n \"value\": [\n \"code\",\n \"token\"\n ]\n },\n \"grantTypes\": {\n \"inherited\": false,\n \"value\": [\n \"authorization_code\",\n \"implicit\",\n \"password\",\n \"client_credentials\",\n \"refresh_token\",\n \"urn:ietf:params:oauth:grant-type:uma-ticket\",\n \"urn:ietf:params:oauth:grant-type:device_code\",\n \"urn:ietf:params:oauth:grant-type:saml2-bearer\",\n \"urn:ietf:params:oauth:grant-type:jwt-bearer\",\n \"urn:openid:params:grant-type:ciba\"\n ]\n },\n \"contacts\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"tokenEndpointAuthMethod\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"sectorIdentifierUri\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"subjectType\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"updateAccessToken\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"clientUri\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"logoUri\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"policyUri\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"isConsentImplied\": {\n \"inherited\": true,\n \"value\": true\n },\n \"mixUpMitigation\": {\n \"inherited\": true,\n \"value\": true\n }\n },\n \"coreOpenIDClientConfig\": {\n \"claims\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"postLogoutRedirectUri\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"clientSessionUri\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"defaultMaxAge\": {\n \"inherited\": true,\n \"value\": 0\n },\n \"defaultMaxAgeEnabled\": {\n \"inherited\": true,\n \"value\": true\n },\n \"defaultAcrValues\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n },\n \"jwtTokenLifetime\": {\n \"inherited\": true,\n \"value\": 0\n }\n },\n \"signEncOAuth2ClientConfig\": {\n \"jwksUri\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"jwksCacheTimeout\": {\n \"inherited\": true,\n \"value\": 0\n },\n \"jwkStoreCacheMissCacheTime\": {\n \"inherited\": true,\n \"value\": 0\n },\n \"tokenEndpointAuthSigningAlgorithm\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"jwkSet\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"idTokenSignedResponseAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"idTokenEncryptionEnabled\": {\n \"inherited\": true,\n \"value\": true\n },\n \"idTokenEncryptionAlgorithm\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"idTokenEncryptionMethod\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"idTokenPublicEncryptionKey\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"clientJwtPublicKey\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"mTLSTrustedCert\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"mTLSSubjectDN\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"mTLSCertificateBoundAccessTokens\": {\n \"inherited\": true,\n \"value\": true\n },\n \"publicKeyLocation\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"userinfoResponseFormat\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"userinfoSignedResponseAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"userinfoEncryptedResponseAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"userinfoEncryptedResponseEncryptionAlgorithm\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"requestParameterSignedAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"requestParameterEncryptedAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"requestParameterEncryptedEncryptionAlgorithm\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"tokenIntrospectionResponseFormat\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"tokenIntrospectionSignedResponseAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"tokenIntrospectionEncryptedResponseAlg\": {\n \"inherited\": true,\n \"value\": \"string\"\n },\n \"tokenIntrospectionEncryptedResponseEncryptionAlgorithm\": {\n \"inherited\": true,\n \"value\": \"string\"\n }\n },\n \"coreUmaClientConfig\": {\n \"claimsRedirectionUris\": {\n \"inherited\": true,\n \"value\": [\n \"Unknown Type: any\"\n ]\n }\n },\n \"overrideOAuth2ClientConfig\": {\n \"providerOverridesEnabled\": true,\n \"acceptAudienceParametersInTokenExchangeRequests\": {{acceptAudienceParamOnTokenExchangeRequests}},\n \"accessTokenMayActScript\":\"{{script_id}}\",\n \"oidcMayActScript\":\"{{script_id}}\"\n }\n}" }, "url": { "raw": "{{amUrl}}/json{{realm}}/realm-config/agents/OAuth2Client/{{postmanConfidentialClientId}}", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "realm-config", "agents", "OAuth2Client", "{{postmanConfidentialClientId}}" ] }, "description": "Register a demonstration confidential client, used in the OAuth 2.0 flows section of the collection." }, "response": [] }, { "name": "Step 1e: Update OAuth 2.0 Provider Service", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "PUT", "header": [ { "key": "Accept-API-Version", "value": "resource=1.0", "type": "text" }, { "key": "Content-Type", "value": "application/json", "type": "text" } ], "body": { "mode": "raw", "raw": "{\n \"advancedOAuth2Config\":{\n \"responseTypeClasses\":[\n \"code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler\",\n \"device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler\",\n \"token|org.forgerock.oauth2.core.TokenResponseTypeHandler\",\n \"id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler\"\n ],\n \"grantTypes\":[\n \"implicit\",\n \"refresh_token\",\n \"urn:ietf:params:oauth:grant-type:saml2-bearer\",\n \"password\",\n \"client_credentials\",\n \"urn:ietf:params:oauth:grant-type:device_code\",\n \"authorization_code\",\n \"urn:openid:params:grant-type:ciba\",\n \"urn:ietf:params:oauth:grant-type:uma-ticket\",\n \"urn:ietf:params:oauth:grant-type:jwt-bearer\",\n \"urn:ietf:params:oauth:grant-type:token-exchange\"\n ],\n \"acceptAudienceParametersInTokenExchangeRequests\": {{acceptAudienceParamOnTokenExchangeRequests}}\n }\n}" }, "url": { "raw": "{{amUrl}}/json/{{realm}}/realm-config/services/oauth-oidc", "host": [ "{{amUrl}}" ], "path": [ "json", "{{realm}}", "realm-config", "services", "oauth-oidc" ] }, "description": "Add the may_act script to the OAuth 2.0 provider service configuration." }, "response": [] }, { "name": "Step 1f: Create a User-Related Confidential Client", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "pm.test(\"Status code is 201.\", () => {", " pm.expect(pm.response.code).to.eql(201);", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "PUT", "header": [ { "key": "Content-Type", "value": "application/json", "type": "text" }, { "key": "X-Requested-With", "value": "ForgeRock Collection", "type": "text" } ], "body": { "mode": "raw", "raw": "{\n \"coreOAuth2ClientConfig\": { \n \"userpassword\": \"{{postmanClientSecret}}\",\n \"redirectionUris\": {\n \"inherited\": false,\n \"value\": [\n \"{{redirectUri}}\"\n ]\n },\n \"scopes\": {\n \"inherited\": false,\n \"value\": [\n \"write\",\n \"read\",\n \"openid\"\n ]\n }\n },\n \"advancedOAuth2ClientConfig\": {\n \"grantTypes\": {\n \"inherited\": false,\n \"value\": [\n \"authorization_code\",\n \"implicit\",\n \"password\",\n \"client_credentials\",\n \"refresh_token\",\n \"urn:ietf:params:oauth:grant-type:device_code\",\n \"urn:ietf:params:oauth:grant-type:token-exchange\"\n ]\n },\n \"tokenEndpointAuthMethod\": {\n \"inherited\": false,\n \"value\": \"client_secret_post\"\n }\n },\n \"overrideOAuth2ClientConfig\": {\n \"providerOverridesEnabled\": true,\n \"acceptAudienceParametersInTokenExchangeRequests\": {{acceptAudienceParamOnTokenExchangeRequests}},\n \"accessTokenMayActScript\":\"{{script_id}}\",\n \"oidcMayActScript\":\"{{script_id}}\"\n }\n}" }, "url": { "raw": "{{amUrl}}/json/{{realm}}/realm-config/agents/OAuth2Client/{{userRelatedClientId}}", "host": [ "{{amUrl}}" ], "path": [ "json", "{{realm}}", "realm-config", "agents", "OAuth2Client", "{{userRelatedClientId}}" ] }, "description": "The token exchange flows will use this client to request subject tokens." }, "response": [] }, { "name": "Step 1g: Create a Service-Related Confidential Client", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "pm.test(\"Status code is 201.\", () => {", " pm.expect(pm.response.code).to.eql(201);", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "auth": { "type": "bearer", "bearer": [ { "key": "token", "value": "{{serviceAccountAccessToken}}", "type": "string" } ] }, "method": "PUT", "header": [ { "key": "Content-Type", "value": "application/json", "type": "text" }, { "key": "X-Requested-With", "value": "ForgeRock Collection", "type": "text" } ], "body": { "mode": "raw", "raw": "{\n \"coreOAuth2ClientConfig\": { \n \"userpassword\": \"{{postmanClientSecret}}\",\n \"redirectionUris\": {\n \"inherited\": false,\n \"value\": [\n \"{{redirectUri}}\"\n ]\n },\n \"scopes\": {\n \"inherited\": false,\n \"value\": [\n \"read\",\n \"write\",\n \"transfer\"\n ]\n }\n },\n \"advancedOAuth2ClientConfig\": {\n \"grantTypes\": {\n \"inherited\": false,\n \"value\": [\n \"authorization_code\",\n \"implicit\",\n \"password\",\n \"client_credentials\",\n \"refresh_token\",\n \"urn:ietf:params:oauth:grant-type:device_code\",\n \"urn:ietf:params:oauth:grant-type:token-exchange\"\n ]\n },\n \"tokenEndpointAuthMethod\": {\n \"inherited\": false,\n \"value\": \"client_secret_post\"\n },\n \"allowedResourceServerAudienceValues\": [\n \"{{tokenExchangeAudienceValue}}\"\n ]\n },\n \"overrideOAuth2ClientConfig\": {\n \"providerOverridesEnabled\": true,\n \"acceptAudienceParametersInTokenExchangeRequests\": {{acceptAudienceParamOnTokenExchangeRequests}},\n \"accessTokenMayActScript\":\"{{script_id}}\",\n \"oidcMayActScript\":\"{{script_id}}\"\n }\n}" }, "url": { "raw": "{{amUrl}}/json/{{realm}}/realm-config/agents/OAuth2Client/{{serviceRelatedClientId}}", "host": [ "{{amUrl}}" ], "path": [ "json", "{{realm}}", "realm-config", "agents", "OAuth2Client", "{{serviceRelatedClientId}}" ] }, "description": "The token exchange flows will use this client to request token impersonation or delegation." }, "response": [] } ], "description": "Additional configuration required in AM to run the token exchange flows.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Step 2: Run the Authorization Code Grant for the Demo user", "item": [ { "name": "Step 2a: Log in as the Demo User", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = JSON.parse(responseBody);", "", "if(pm.response.code == 200 && jsonData.tokenId.length >3)", "{", " pm.collectionVariables.set(\"SSOToken\", jsonData.tokenId);", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "" ], "type": "text/javascript", "packages": {}, "requests": {} } }, { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "X-OpenAM-Username", "value": "{{postmanDemoUsername}}" }, { "key": "X-OpenAM-Password", "value": "{{postmanDemoPassword}}" }, { "key": "Accept-API-Version", "value": "resource=2.1" } ], "body": { "mode": "raw", "raw": "{}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ] }, "description": "Log in as the Demo user to obtain a session token for them. This token will be used in the following calls." }, "response": [] }, { "name": "Step 2b: Get Authorization Code", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = pm.response.json();", "", "if(pm.response.code == 200)", "{", " if(jsonData.args.code && jsonData.args.code != \"\") {", " pm.collectionVariables.set(\"authorization_code\", jsonData.args.code);", " }", "}", "", "// TESTS", "", "pm.test(\"Follow redirects is enabled in Postman (Status code not 302)\", () => {", " // If response was 302, ensure Postman is following redirects. ", " pm.response.to.not.have.status(302);", "});", "", "pm.test(\"Response from httpbin contained `code` argument\", () => {", " pm.expect(jsonData.args.code).to.be.a(\"string\");", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [ { "key": "Cookie", "value": "{{cookieName}}={{SSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "scope", "value": "write read openid", "type": "text" }, { "key": "response_type", "value": "code", "type": "text" }, { "key": "client_id", "value": "{{userRelatedClientId}}", "type": "text" }, { "key": "redirect_uri", "value": "{{redirectUri}}", "type": "text" }, { "key": "decision", "value": "allow", "description": "Decision that grants access to the authentication code. When using a browser, the user would consent that the client can access their information.", "type": "text" }, { "key": "csrf", "value": "{{SSOToken}}", "description": "SSO token of the user, to protect against cross-site request forgery.", "type": "text" }, { "key": "state", "value": "abc123", "description": "Random string to protect against cross-site request forgery", "type": "text" }, { "key": "nonce", "value": "123abc", "description": "Random string to protect against replay attacks", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/authorize", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "authorize" ] }, "description": "Get the authorization code by making a call to the authorization server's authorization endpoint, specifying the SSO token of the user.\n" }, "response": [] }, { "name": "Step 2c: Exchange the Authorization Code for an Access Token and an ID token", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {}, "requests": {} } }, { "listen": "test", "script": { "exec": [ "var jsonData = JSON.parse(responseBody);", "", "if (pm.response.code == 200 && jsonData.access_token)", "{", " pm.collectionVariables.set(\"access_token\", jsonData.access_token);", " pm.collectionVariables.set(\"id_token\", jsonData.id_token);", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(jsonData.access_token).to.be.a(\"string\");", " pm.expect(jsonData.id_token).to.be.a(\"string\");", "});", "", "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "type": "text" }, { "key": "{{cookieName}}", "value": "{{SSOToken}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "authorization_code", "type": "text" }, { "key": "code", "value": "{{authorization_code}}", "description": "The authentication code.", "type": "text" }, { "key": "redirect_uri", "value": "{{redirectUri}}", "type": "text" }, { "key": "client_id", "value": "{{userRelatedClientId}}", "type": "text", "uuid": "04318abb-edc4-4e77-a374-9556fc273904" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text", "uuid": "3673633d-9d74-4e8d-95c3-f18b702f31c0" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Make a call to the authorization server to exchange the authorization code for an access token and an ID token" }, "response": [] }, { "name": "Step 2d: Introspect the Access Token", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "const jsonData = JSON.parse(responseBody);", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains correct `client_id`.\", function () {", " pm.expect(jsonData.client_id).to.eql(pm.collectionVariables.get(\"userRelatedClientId\"));", "});", "", "", "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{access_token}}", "description": "Access token you want to introspect", "type": "text" }, { "key": "client_id", "value": "{{userRelatedClientId}}", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] }, "description": "Retrieve information about the active access token. For example, approved scopes, the user that authorized the token, and the expiry time." }, "response": [] }, { "name": "Step 2e: Get the ID Token Information", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "var jsonData = JSON.parse(responseBody);", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains correct `client_id`.\", function () {", " pm.expect(jsonData.aud).to.eql(pm.collectionVariables.get(\"userRelatedClientId\"));", "});", "", "pm.test(\"Subject is postmanDemoUsername\", function () {", " pm.expect(jsonData.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername\"));", "});", "", "pm.test(\"Response contains `may act`\", function () {", " pm.expect(jsonData.may_act).to.be.an(\"object\")", "});", "", "pm.test(\"May Act as service_related_client)id\", function () {", " pm.expect(jsonData.may_act.client_id).to.eql(pm.collectionVariables.get(\"serviceRelatedClientId\"));", "});", "", "pm.test(\"May Act as postmanDemoUsername2\", function () {", " pm.expect(jsonData.may_act.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername2\"));", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "id_token", "value": "{{id_token}}", "type": "text" }, { "key": "client_id", "value": "{{userRelatedClientId}}", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/idtokeninfo", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "idtokeninfo" ] }, "description": "Retrieve metadata about the ID token using the idtokeninfo endpoint," }, "response": [] }, { "name": "Step 2f: Log out the Demo User", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{SSOToken}}", "type": "text" }, { "key": "Accept-API-Version", "value": "resource=2.1", "type": "text" } ], "url": { "raw": "{{amUrl}}/json{{realm}}/sessions/?_action=logout", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "sessions", "" ], "query": [ { "key": "_action", "value": "logout" } ] } }, "response": [] } ], "description": "Run the Authorization Code Grant for the Demo user to obtain an access token that can later be exchanged in the impersonation and the delegation flows. Note that the token is requested by the {{userRelatedClientId}}, and will be exchanged by the {{serviceRelatedClientId}}.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Step 3: Run the Authorization Code Grant for the Second Demo User", "item": [ { "name": "Step 3a: Log in as the Second Demo User", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = JSON.parse(responseBody);", "", "if(pm.response.code == 200 && jsonData.tokenId.length >3)", "{", " pm.collectionVariables.set(\"SSOToken_2\", jsonData.tokenId);", "}", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "" ], "type": "text/javascript", "packages": {}, "requests": {} } }, { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "protocolProfileBehavior": { "disableCookies": true }, "request": { "method": "POST", "header": [ { "key": "X-OpenAM-Username", "value": "{{postmanDemoUsername2}}" }, { "key": "X-OpenAM-Password", "value": "{{postmanDemoPassword2}}" }, { "key": "Accept-API-Version", "value": "resource=2.1" } ], "body": { "mode": "raw", "raw": "{}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{amUrl}}/json{{realm}}/authenticate", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "authenticate" ] }, "description": "Log in as the Second Demo user to obtain a session token for them. This token will be used in the following calls." }, "response": [] }, { "name": "Step 3b: Get Second Authorization Code", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = pm.response.json();", "", "if(pm.response.code == 200)", "{", " if(jsonData.args.code && jsonData.args.code != \"\") {", " pm.collectionVariables.set(\"authorization_code_2\", jsonData.args.code);", " }", "}", "// TESTS", "", "pm.test(\"Follow redirects is enabled in Postman (Status code not 302)\", () => {", " // If response was 302, ensure Postman is following redirects. ", " pm.response.to.not.have.status(302);", "});", "", "pm.test(\"Response from httpbin contained `code` argument\", () => {", " pm.expect(jsonData.args.code).to.be.a(\"string\");", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [ { "key": "Cookie", "value": "{{cookieName}}={{SSOToken_2}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "scope", "value": "write openid", "type": "text" }, { "key": "response_type", "value": "code", "type": "text" }, { "key": "client_id", "value": "{{userRelatedClientId}}", "type": "text" }, { "key": "redirect_uri", "value": "{{redirectUri}}", "type": "text" }, { "key": "decision", "value": "allow", "description": "Decision that grants access to the authentication code. When using a browser, the user would consent that the client can access their information.", "type": "text" }, { "key": "csrf", "value": "{{SSOToken_2}}", "description": "SSO token of the user, to protect against cross-site request forgery.", "type": "text" }, { "key": "nonce", "value": "123abc", "description": "Random string to protect against replay attacks", "type": "text" }, { "key": "state", "value": "abc123", "description": "Random string to protect against cross-site request forgery", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/authorize", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "authorize" ] }, "description": "Get the authorization code by making a call to the authorization server's authorization endpoint, specifying the SSO token of the user.\n" }, "response": [] }, { "name": "Step 3c: Exchange the Second Authorization Code for a Second Access Token", "event": [ { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {}, "requests": {} } }, { "listen": "test", "script": { "exec": [ "", "var jsonData = JSON.parse(responseBody);", "", "if (pm.response.code == 200 && jsonData.access_token)", "{", " pm.collectionVariables.set(\"access_token_2\", jsonData.access_token);", " pm.collectionVariables.set(\"id_token_2\", jsonData.id_token);", "}", "", "", "// Tests", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(jsonData.access_token).to.be.a(\"string\");", " pm.expect(jsonData.id_token).to.be.a(\"string\");", "});", "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "type": "text" }, { "key": "iPlanetDirectoryPro", "value": "{{SSOToken_2}}", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "authorization_code", "type": "text" }, { "key": "code", "value": "{{authorization_code_2}}", "type": "text" }, { "key": "redirect_uri", "value": "{{redirectUri}}", "type": "text" }, { "key": "client_id", "value": "{{userRelatedClientId}}", "type": "text", "uuid": "1e45ecb1-5568-4d71-b29e-5197e84f9e37" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text", "uuid": "18c2da84-91aa-40de-8b80-351770b15901" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Make a call to the authorization server to exchange the authorization code for an access token." }, "response": [] }, { "name": "Step 3d: Introspect the Access Token", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "const jsonData = JSON.parse(responseBody);", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains correct `client_id`.\", function () {", " pm.expect(jsonData.client_id).to.eql(pm.collectionVariables.get(\"userRelatedClientId\"));", "});", "", "", "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{access_token_2}}", "description": "Access token you want to introspect", "type": "text" }, { "key": "client_id", "value": "{{userRelatedClientId}}", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] }, "description": "Retrieve information about the active access token. For example, approved scopes, the user that authorized the token, and the expiry time." }, "response": [] }, { "name": "Step 3e: Get the ID Token Information", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "var jsonData = JSON.parse(responseBody);", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains correct `client_id`.\", function () {", " pm.expect(jsonData.aud).to.eql(pm.collectionVariables.get(\"userRelatedClientId\"));", "});", "", "pm.test(\"Subject is postmanDemoUsername2\", function () {", " pm.expect(jsonData.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername2\"));", "});", "", "pm.test(\"Response contains `may act`\", function () {", " pm.expect(jsonData.may_act).to.be.an(\"object\")", "});", "", "pm.test(\"May Act as serviceRelatedClientId\", function () {", " pm.expect(jsonData.may_act.client_id).to.eql(pm.collectionVariables.get(\"serviceRelatedClientId\"));", "});", "", "pm.test(\"May Act as postmanDemoUsername2\", function () {", " pm.expect(jsonData.may_act.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername2\"));", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "id_token", "value": "{{id_token_2}}", "type": "text" }, { "key": "client_id", "value": "{{userRelatedClientId}}", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/idtokeninfo", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "idtokeninfo" ] }, "description": "Retrieve metadata about the ID token using the idtokeninfo endpoint," }, "response": [] }, { "name": "Step 3f: Log out the Second Demo User", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [ { "key": "{{cookieName}}", "value": "{{SSOToken_2}}", "type": "text" }, { "key": "Accept-API-Version", "value": "resource=2.1", "type": "text" } ], "url": { "raw": "{{amUrl}}/json{{realm}}/sessions/?_action=logout", "host": [ "{{amUrl}}" ], "path": [ "json{{realm}}", "sessions", "" ], "query": [ { "key": "_action", "value": "logout" } ] } }, "response": [] } ], "description": "Run the Authorization Code Grant for the second Demo user to obtain an access token that can later be exchanged in the delegation flow. Note that the token is requested by the {{userRelatedClientId}}, and will be exchanged by the {{serviceRelatedClientId}}.\n\nNOTE: Delegation needs two sets of tokens. If you haven't run the Authorization Code Grant for the Demo User, included in the Prerequisites folder of the Token Exchange Flows, run it now as well.", "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Impersonation: Access Token from Access Token", "item": [ { "name": "Step 1: Request Impersonation Token Exchange", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = JSON.parse(responseBody);", "if(pm.response.code == 200)", "{", " pm.collectionVariables.set(\"impersonation_token\", jsonData.access_token);", "}", "", "//TESTS ", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(jsonData.access_token).to.be.a(\"string\");", "});", "", "pm.test(\"Token is an access token\", function () {", " pm.expect(jsonData.issued_token_type).to.eq(\"urn:ietf:params:oauth:token-type:access_token\");", "});", "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_id", "value": "{{serviceRelatedClientId}}", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" }, { "key": "grant_type", "value": "urn:ietf:params:oauth:grant-type:token-exchange", "type": "text" }, { "key": "subject_token", "value": "{{access_token}}", "type": "text" }, { "key": "subject_token_type", "value": "urn:ietf:params:oauth:token-type:access_token", "type": "text" }, { "key": "scope", "value": "transfer read write", "type": "text" }, { "key": "requested_token_type", "value": "urn:ietf:params:oauth:token-type:access_token", "type": "text" }, { "key": "audience", "value": "{{tokenExchangeAudienceValue}}", "type": "text", "uuid": "23f912b5-b738-4b9b-b001-3e505e216e40" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Requests an impersonation token so that the ForgeRock confidential client can impersonate Demo User." }, "response": [] }, { "name": "Step 2: Introspect the Impersonation Token", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = JSON.parse(responseBody);", "", "// TESTS", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"User ID is postmanDemoUsername\", function () {", " pm.expect(jsonData.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername\"));", "});", "", "pm.test(\"Response contains may_act\", function () {", " pm.expect(jsonData.may_act).to.be.an(\"object\");", "});", "", "pm.test(\"May Act as confidential_client_id\", function () {", " pm.expect(jsonData.may_act.client_id).to.include(pm.collectionVariables.get(\"serviceRelatedClientId\"));", "});", "", "pm.test(\"May Act as postmanDemoUsername2\", function () {", " pm.expect(jsonData.may_act.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername2\"));", "});", "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{impersonation_token}}", "type": "text" }, { "key": "client_id", "value": "{{serviceRelatedClientId}}", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] }, "description": "Retrieve metadata about the active access token, such as, approved scopes, the user that authorized the token, and the expiry time." }, "response": [] } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Impersonation: Access Token from ID Token", "item": [ { "name": "Step 1: Exchange ID Token for Access Token", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = JSON.parse(responseBody);", "if(pm.response.code == 200)", "{", " pm.collectionVariables.set(\"access_token_from_id_token\", jsonData.access_token);", "}", "", "//TESTS ", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(jsonData.access_token).to.be.a(\"string\");", "});", "", "pm.test(\"Token is an access token\", function () {", " pm.expect(jsonData.issued_token_type).to.eql(\"urn:ietf:params:oauth:token-type:access_token\");", "});", "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_id", "value": "{{serviceRelatedClientId}}", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" }, { "key": "grant_type", "value": "urn:ietf:params:oauth:grant-type:token-exchange", "type": "text" }, { "key": "subject_token", "value": "{{id_token}}", "type": "text" }, { "key": "subject_token_type", "value": "urn:ietf:params:oauth:token-type:id_token", "type": "text" }, { "key": "scope", "value": "write read", "type": "text" }, { "key": "requested_token_type", "value": "urn:ietf:params:oauth:token-type:access_token", "type": "text" }, { "key": "audience", "value": "{{tokenExchangeAudienceValue}}", "type": "text", "uuid": "3f929484-143a-4371-9d86-452a011b546d" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Get an Access token from the Token Exchange endpoint using the ID Token." }, "response": [] }, { "name": "Step 2: Introspect the Access Token", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = JSON.parse(responseBody);", "", "// TESTS", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"User ID is postmanDemoUsername\", function () {", " pm.expect(jsonData.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername\"));", "});", "", "pm.test(\"Response contains `may_act`\", function () {", " pm.expect(jsonData.may_act).to.be.an(\"object\");", "});", "", "", "pm.test(\"May Act as serviceRelatedClientId\", function () {", " pm.expect(jsonData.may_act.client_id).to.eql(pm.collectionVariables.get(\"serviceRelatedClientId\"));", "});", "", "pm.test(\"May Act as postmanDemoUsername2\", function () {", " pm.expect(jsonData.may_act.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername2\"));", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{access_token_from_id_token}}", "type": "text" }, { "key": "client_id", "value": "{{serviceRelatedClientId}}", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2/{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2", "{{realm}}", "introspect" ] }, "description": "Retrieve metadata about the active access token, such as, approved scopes, the user that authorized the token, and the expiry time." }, "response": [] } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Impersonation: ID Token from ID Token", "item": [ { "name": "Step 1: Exchange ID Token for ID Token", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = JSON.parse(responseBody);", "if(pm.response.code == 200)", "{", " pm.collectionVariables.set(\"exchanged_id_token\", jsonData.access_token);", "}", "", "//TESTS ", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(jsonData.access_token).to.be.a(\"string\");", "});", "", "pm.test(\"Token is an ID token\", function () {", " pm.expect(jsonData.issued_token_type).to.eq(\"urn:ietf:params:oauth:token-type:id_token\");", "});", "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_id", "value": "{{serviceRelatedClientId}}", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" }, { "key": "grant_type", "value": "urn:ietf:params:oauth:grant-type:token-exchange", "type": "text" }, { "key": "subject_token", "value": "{{id_token}}", "type": "text" }, { "key": "subject_token_type", "value": "urn:ietf:params:oauth:token-type:id_token", "type": "text" }, { "key": "scope", "value": "write read", "type": "text" }, { "key": "requested_token_type", "value": "urn:ietf:params:oauth:token-type:id_token", "type": "text" }, { "key": "audience", "value": "{{tokenExchangeAudienceValue}}", "type": "text", "uuid": "2712c179-8b2a-4113-b50c-7e424fffe9ce" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Exchange Acess token from prerequisits for an ID token using token exchange and save to exchanged_id_token" }, "response": [] }, { "name": "Step 2: Get ID Token information", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "var jsonData = JSON.parse(responseBody);", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains correct `client_id`.\", function () {", " let expectedAudience = pm.collectionVariables.get(\"serviceRelatedClientId\");", " if (pm.collectionVariables.get(\"acceptAudienceParamOnTokenExchangeRequests\") === \"true\") {", " expectedAudience = [pm.collectionVariables.get(\"serviceRelatedClientId\"),", " pm.collectionVariables.get(\"tokenExchangeAudienceValue\")];", " }", " pm.expect(jsonData.aud).to.eql(expectedAudience);", "});", "", "pm.test(\"Subject is postmanDemoUsername\", function () {", " pm.expect(jsonData.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername\"));", "});", "", "pm.test(\"Response contains `may act`\", function () {", " pm.expect(jsonData.may_act).to.be.an(\"object\")", "});", "", "pm.test(\"May Act as confidential_client_id\", function () {", " pm.expect(jsonData.may_act.client_id).to.eql(pm.collectionVariables.get(\"serviceRelatedClientId\"));", "});", "", "pm.test(\"May Act as postmanDemoUsername2\", function () {", " pm.expect(jsonData.may_act.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername2\"));", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "id_token", "value": "{{exchanged_id_token}}", "description": "The Implicit grant Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{serviceRelatedClientId}}", "description": "The ID of the Public OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Public OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/idtokeninfo", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "idtokeninfo" ] }, "description": "Retrieve metadata about the excahnged ID token using the token info endpoint" }, "response": [] } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Impersonation: ID Token from Access Token", "item": [ { "name": "Step 1: Exchange Access Token for ID Token", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = JSON.parse(responseBody);", "if(pm.response.code == 200)", "{", " pm.collectionVariables.set(\"exchanged_id_token\", jsonData.access_token);", "}", "", "//TESTS ", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(jsonData.access_token).to.be.a(\"string\");", "});", "", "pm.test(\"Token is an ID token\", function () {", " pm.expect(jsonData.issued_token_type).to.eq(\"urn:ietf:params:oauth:token-type:id_token\");", "});", "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_id", "value": "{{serviceRelatedClientId}}", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" }, { "key": "grant_type", "value": "urn:ietf:params:oauth:grant-type:token-exchange", "type": "text" }, { "key": "subject_token", "value": "{{access_token}}", "type": "text" }, { "key": "subject_token_type", "value": "urn:ietf:params:oauth:token-type:access_token", "type": "text" }, { "key": "scope", "value": "write read", "type": "text" }, { "key": "requested_token_type", "value": "urn:ietf:params:oauth:token-type:id_token", "type": "text" }, { "key": "audience", "value": "{{tokenExchangeAudienceValue}}", "type": "text", "uuid": "87d11763-86d2-4f82-9ad4-0c72034d1fdd" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Exchange Acess token from prerequisits for an ID token using token exchange and save to exchanged_id_token" }, "response": [] }, { "name": "Step 2: Get ID Token information", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "var jsonData = JSON.parse(responseBody);", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains correct `client_id`.\", function () {", " let expectedAudience = pm.collectionVariables.get(\"serviceRelatedClientId\");", " if (pm.collectionVariables.get(\"acceptAudienceParamOnTokenExchangeRequests\") === \"true\") {", " expectedAudience = [pm.collectionVariables.get(\"serviceRelatedClientId\"),", " pm.collectionVariables.get(\"tokenExchangeAudienceValue\")];", " }", " pm.expect(jsonData.aud).to.eql(expectedAudience);", "});", "", "pm.test(\"Subject is postmanDemoUsername\", function () {", " pm.expect(jsonData.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername\"));", "});", "", "pm.test(\"Response contains `may act`\", function () {", " pm.expect(jsonData.may_act).to.be.an(\"object\")", "});", "", "pm.test(\"May Act as serviceRelatedClientId\", function () {", " pm.expect(jsonData.may_act.client_id).to.eql(pm.collectionVariables.get(\"serviceRelatedClientId\"));", "});", "", "pm.test(\"May Act as postmanDemoUsername2\", function () {", " pm.expect(jsonData.may_act.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername2\"));", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "id_token", "value": "{{exchanged_id_token}}", "description": "The Implicit grant Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{serviceRelatedClientId}}", "description": "The ID of the Public OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Public OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/idtokeninfo", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "idtokeninfo" ] }, "description": "Retrieve metadata about the excahnged ID token using the token info endpoint" }, "response": [] } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Delegation: Access Token+Access Token to Access Token", "item": [ { "name": "Step 1: Request Delegation Token Exchange", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = JSON.parse(responseBody);", "if(pm.response.code == 200)", "{", " pm.collectionVariables.set(\"delegation_token_1\", jsonData.access_token);", "}", "", "//TESTS ", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(jsonData.access_token).to.be.a(\"string\");", "});", "", "pm.test(\"Token is an access token\", function () {", " pm.expect(jsonData.issued_token_type).to.eq(\"urn:ietf:params:oauth:token-type:access_token\");", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_id", "value": "{{serviceRelatedClientId}}", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" }, { "key": "grant_type", "value": "urn:ietf:params:oauth:grant-type:token-exchange", "type": "text" }, { "key": "subject_token", "value": "{{access_token}}", "type": "text" }, { "key": "subject_token_type", "value": "urn:ietf:params:oauth:token-type:access_token", "type": "text" }, { "key": "scope", "value": "write read", "type": "text" }, { "key": "requested_token_type", "value": "urn:ietf:params:oauth:token-type:access_token", "type": "text" }, { "key": "actor_token", "value": "{{access_token_2}}", "type": "text" }, { "key": "actor_token_type", "value": "urn:ietf:params:oauth:token-type:access_token", "type": "text" }, { "key": "audience", "value": "{{tokenExchangeAudienceValue}}", "type": "text", "uuid": "d875bd16-032c-4d95-953e-179e9866c6db" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Request a delegation token so that Demo User can delegate to Demo User 2." }, "response": [] }, { "name": "Step 2: Introspect the Delegated Access Token", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = JSON.parse(responseBody);", "", "// TESTS", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Subject is postmanDemoUsername\", function () {", " pm.expect(jsonData.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername\"));", "});", "", "pm.test(\"Response contains may_act\", function () {", " pm.expect(jsonData.may_act).to.be.an(\"object\");", "});", "", "pm.test(\"Act as postmanDemoUsername2\", function () {", " pm.expect(jsonData.act.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername2\"));", "});", "", "pm.test(\"Response contains act\", function () {", " pm.expect(jsonData.act).to.be.an(\"object\");", "});", "", "pm.test(\"May Act as confidential_client_id\", function () {", " pm.expect(jsonData.may_act.client_id).to.eql(pm.collectionVariables.get(\"serviceRelatedClientId\"));", "});", "", "pm.test(\"May Act as postmanDemoUsername2\", function () {", " pm.expect(jsonData.may_act.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername2\"));", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{delegation_token_1}}", "type": "text" }, { "key": "client_id", "value": "{{serviceRelatedClientId}}", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] } }, "response": [] } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Delegation: Delegated Access Token + Access Token to ID Token", "item": [ { "name": "Step 1: Request a Delegation Token from the Previously-Delegated Token in Step 1", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = JSON.parse(responseBody);", "if(pm.response.code == 200)", "{", " pm.collectionVariables.set(\"delegation_token_2\", jsonData.access_token);", "}", "", "//TESTS ", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(jsonData.access_token).to.be.a(\"string\");", "});", "", "pm.test(\"Token is an access token\", function () {", " pm.expect(jsonData.issued_token_type).to.eq(\"urn:ietf:params:oauth:token-type:id_token\");", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_id", "value": "{{serviceRelatedClientId}}", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" }, { "key": "grant_type", "value": "urn:ietf:params:oauth:grant-type:token-exchange", "type": "text" }, { "key": "subject_token", "value": "{{delegation_token_1}}", "type": "text" }, { "key": "subject_token_type", "value": "urn:ietf:params:oauth:token-type:access_token", "type": "text" }, { "key": "scope", "value": "write read", "type": "text" }, { "key": "requested_token_type", "value": "urn:ietf:params:oauth:token-type:id_token", "type": "text" }, { "key": "actor_token", "value": "{{access_token_2}}", "type": "text" }, { "key": "actor_token_type", "value": "urn:ietf:params:oauth:token-type:access_token", "type": "text" }, { "key": "audience", "value": "{{tokenExchangeAudienceValue}}", "type": "text", "uuid": "b2ab3a61-f2fa-4d0b-b654-f42a026192bb" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Request another delegation token so that Demo User can delegate to Demo User 2 again." }, "response": [] }, { "name": "Step 2: Get Delegated ID Token information", "event": [ { "listen": "test", "script": { "exec": [ "// Tests", "", "var jsonData = JSON.parse(responseBody);", "", "pm.test(\"Status code is 200\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains correct `client_id`.\", function () {", " let expectedAudience = pm.collectionVariables.get(\"serviceRelatedClientId\");", " if (pm.collectionVariables.get(\"acceptAudienceParamOnTokenExchangeRequests\") === \"true\") {", " expectedAudience = [pm.collectionVariables.get(\"serviceRelatedClientId\"),", " pm.collectionVariables.get(\"tokenExchangeAudienceValue\")];", " }", " pm.expect(jsonData.aud).to.eql(expectedAudience);", "});", "", "pm.test(\"Subject is postmanDemoUsername\", function () {", " pm.expect(jsonData.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername\"));", "});", "", "pm.test(\"Response contains `may act`\", function () {", " pm.expect(jsonData.may_act).to.be.an(\"object\")", "});", "", "pm.test(\"May Act as serviceRelatedClientId\", function () {", " pm.expect(jsonData.may_act.client_id).to.eql(pm.collectionVariables.get(\"serviceRelatedClientId\"));", "});", "", "pm.test(\"May Act as postmanDemoUsername2\", function () {", " pm.expect(jsonData.may_act.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername2\"));", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } }, { "listen": "prerequest", "script": { "exec": [ "" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "id_token", "value": "{{delegation_token_2}}", "description": "The Implicit grant Access token you want to introspect.", "type": "text" }, { "key": "client_id", "value": "{{serviceRelatedClientId}}", "description": "The ID of the Public OAuth Client.", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "description": "The secret of the Public OAuth Client.", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/idtokeninfo", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "idtokeninfo" ] }, "description": "Retrieve metadata about the excahnged ID token using the token info endpoint" }, "response": [] } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Delegation: ID Token+ID Token to Access Token", "item": [ { "name": "Step 1: Request Delegation Token Exchange", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = JSON.parse(responseBody);", "if(pm.response.code == 200)", "{", " pm.collectionVariables.set(\"delegation_token_1\", jsonData.access_token);", "}", "", "//TESTS ", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Response contains access_token\", function () {", " pm.expect(jsonData.access_token).to.be.a(\"string\");", "});", "", "pm.test(\"Token is an access token\", function () {", " pm.expect(jsonData.issued_token_type).to.eq(\"urn:ietf:params:oauth:token-type:access_token\");", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_id", "value": "{{serviceRelatedClientId}}", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" }, { "key": "grant_type", "value": "urn:ietf:params:oauth:grant-type:token-exchange", "type": "text" }, { "key": "subject_token", "value": "{{id_token}}", "type": "text" }, { "key": "subject_token_type", "value": "urn:ietf:params:oauth:token-type:id_token", "type": "text" }, { "key": "scope", "value": "write read", "type": "text" }, { "key": "requested_token_type", "value": "urn:ietf:params:oauth:token-type:access_token", "type": "text" }, { "key": "actor_token", "value": "{{id_token_2}}", "type": "text" }, { "key": "actor_token_type", "value": "urn:ietf:params:oauth:token-type:id_token", "type": "text" }, { "key": "audience", "value": "{{tokenExchangeAudienceValue}}", "type": "text", "uuid": "f38a099c-613d-4d63-a433-7c5936d4794f" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/access_token", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "access_token" ] }, "description": "Request a delegation token so that Demo User can delegate to Demo User 2." }, "response": [] }, { "name": "Step 2: Introspect the Delegation Token", "event": [ { "listen": "test", "script": { "exec": [ "var jsonData = JSON.parse(responseBody);", "", "// TESTS", "", "pm.test(\"Status code is 200.\", () => {", " pm.expect(pm.response.code).to.eql(200);", "});", "", "pm.test(\"Subject is postmanDemoUsername\", function () {", " pm.expect(jsonData.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername\"));", "});", "", "pm.test(\"Response contains may_act\", function () {", " pm.expect(jsonData.may_act).to.be.an(\"object\");", "});", "", "pm.test(\"Act as postmanDemoUsername2\", function () {", " pm.expect(jsonData.act.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername2\"));", "});", "", "pm.test(\"Response contains act\", function () {", " pm.expect(jsonData.act).to.be.an(\"object\");", "});", "", "pm.test(\"May Act as serviceRelatedClientId\", function () {", " pm.expect(jsonData.may_act.client_id).to.eql(pm.collectionVariables.get(\"serviceRelatedClientId\"));", "});", "", "pm.test(\"May Act as postmanDemoUsername2\", function () {", " pm.expect(jsonData.may_act.sub).to.include(pm.collectionVariables.get(\"postmanDemoUsername2\"));", "});" ], "type": "text/javascript", "packages": {}, "requests": {} } } ], "request": { "method": "POST", "header": [], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{delegation_token_1}}", "type": "text" }, { "key": "client_id", "value": "{{serviceRelatedClientId}}", "type": "text" }, { "key": "client_secret", "value": "{{postmanClientSecret}}", "type": "text" } ] }, "url": { "raw": "{{amUrl}}/oauth2{{realm}}/introspect", "host": [ "{{amUrl}}" ], "path": [ "oauth2{{realm}}", "introspect" ] } }, "response": [] } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] } ], "description": "Token Exchange flows for access tokens and ID tokens." } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "requests": {}, "exec": [ "frUtils = {", " detectCallbacks: function(JSONResponse) {", " var parsedJSON = JSON.parse(JSONResponse);", " // Default to halting the collection", " postman.setNextRequest(null);", " _.each(parsedJSON.callbacks, (auth_callback) => {", " // NameCallback", " if(auth_callback.type == \"NameCallback\" || auth_callback.type == \"PasswordCallback\") {", " postman.setNextRequest(\"Step 2a: Handle Username / Password Callback\");", " }", " // ValidatedCreateUsernameCallback", " if(auth_callback.type == \"ValidatedCreateUsernameCallback\" || auth_callback.type == \"ValidatedCreatePasswordCallback\") {", " postman.setNextRequest(\"Step 2b: Handle Validated Username / Password Callback\");", " }", " // BooleanAttributeInputCallback", " if(auth_callback.type == \"BooleanAttributeInputCallback\") {", " postman.setNextRequest(\"Step 2f: Handle Progressive Profile Callback\");", " }", " // ChoiceCallback", " if(auth_callback.type == \"ChoiceCallback\") {", " postman.setNextRequest(\"Step 2c: Handle Choice Callback\");", " }", " // TextInputCallback", " if(auth_callback.type == \"TextInputCallback\") {", " postman.setNextRequest(\"Step 2d: Handle Text Input Callback\");", " ", " }", " // DeviceProfileCallback", " if(auth_callback.type == \"DeviceProfileCallback\") {", " postman.setNextRequest(\"Step 2e: Handle Device Profile Callback\");", " }", " });", " },", " getSessionCookieName: function(allResponseHeaders) {", " // Fallback to default cookie name from AM", " var customCookieName = \"iPlanetDirectoryPro\";", " for (const [key, value] of Object.entries(allResponseHeaders)) {", "", " var headerName = allResponseHeaders[key].key.toString();", " var headerString = allResponseHeaders[key].value.toString();", " ", " if(headerName === \"set-cookie\")", " {", " var cookieSettings = headerString.split(\";\");", " var cookieName = cookieSettings[0].split(\"=\");", " if(cookieName[0] != \"amlbcookie\"){", " customCookieName = cookieName[0];", " }", " }", " }", " return customCookieName;", " }", "}; ", "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "requests": {}, "exec": [ "if(pm.response.headers.get('x-forgerock-transactionid') && pm.response.headers.get('x-forgerock-transactionid') != \"\"){", " pm.globals.set(\"lastForgeRockTransactionId\", pm.response.headers.get('x-forgerock-transactionid').split('='));", "} else {", " pm.globals.set(\"lastForgeRockTransactionId\", \"None found\");", "}", "", "" ] } } ], "variable": [ { "key": "platformUrl", "value": "https://.forgeblocks.com" }, { "key": "amUrl", "value": "https://.forgeblocks.com/am" }, { "key": "idmUrl", "value": "https://.forgeblocks.com/openidm" }, { "key": "realm", "value": "/realms/root/realms/alpha" }, { "key": "cookieName", "value": "" }, { "key": "loginJourney", "value": "Login" }, { "key": "redirectUri", "value": "https://httpbin.org/anything" }, { "key": "postmanConfidentialClientId", "value": "postmanConfidentialClient" }, { "key": "postmanPublicClientId", "value": "postmanPublicClient" }, { "key": "postmanClientSecret", "value": "" }, { "key": "postmanDemoUsername", "value": "postmanDemoUser" }, { "key": "postmanDemoPassword", "value": "" }, { "key": "postmanDemoEmail", "value": "demo.user@postman.example.com" }, { "key": "logApiKey", "value": "" }, { "key": "logApiSecret", "value": "" }, { "key": "postmanServiceAccountJWK", "value": "", "type": "string" }, { "key": "postmanServiceAccountID", "value": "", "type": "string" }, { "key": "postmanUtilLib", "value": "/*\nMIT License\n\nCopyright (c) 2019 joolfe\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n*/\n!function(t){if(\"object\"==typeof exports&&\"undefined\"!=typeof module)module.exports=t();else if(\"function\"==typeof define&&define.amd)define([],t);else{(\"undefined\"!=typeof window?window:\"undefined\"!=typeof global?global:\"undefined\"!=typeof self?self:this).pmlib=t()}}((function(){for(var t,e,r=(t=function(t,n){(function(t){(function(){\"use strict\";function t(t){if(t>2147483647)throw new RangeError('The value \"'+t+'\" is invalid for option \"size\"');var e=new Uint8Array(t);return e.__proto__=r.prototype,e}function r(t,e,r){if(\"number\"==typeof t){if(\"string\"==typeof e)throw new TypeError('The \"string\" argument must be of type string. Received type number');return o(t)}return s(t,e,r)}function s(e,i,n){if(\"string\"==typeof e)return function(e,i){if(\"string\"==typeof i&&\"\"!==i||(i=\"utf8\"),!r.isEncoding(i))throw new TypeError(\"Unknown encoding: \"+i);var n=0|c(e,i),s=t(n),a=s.write(e,i);return a!==n&&(s=s.slice(0,a)),s}(e,i);if(ArrayBuffer.isView(e))return h(e);if(null==e)throw TypeError(\"The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type \"+typeof e);if(V(e,ArrayBuffer)||e&&V(e.buffer,ArrayBuffer))return function(t,e,i){if(e<0||t.byteLength=2147483647)throw new RangeError(\"Attempt to allocate Buffer larger than maximum size: 0x\"+2147483647..toString(16)+\" bytes\");return 0|t}function c(t,e){if(r.isBuffer(t))return t.length;if(ArrayBuffer.isView(t)||V(t,ArrayBuffer))return t.byteLength;if(\"string\"!=typeof t)throw new TypeError('The \"string\" argument must be one of type string, Buffer, or ArrayBuffer. Received type '+typeof t);var i=t.length,n=arguments.length>2&&!0===arguments[2];if(!n&&0===i)return 0;for(var s=!1;;)switch(e){case\"ascii\":case\"latin1\":case\"binary\":return i;case\"utf8\":case\"utf-8\":return N(t).length;case\"ucs2\":case\"ucs-2\":case\"utf16le\":case\"utf-16le\":return 2*i;case\"hex\":return i>>>1;case\"base64\":return O(t).length;default:if(s)return n?-1:N(t).length;e=(\"\"+e).toLowerCase(),s=!0}}function l(t,e,r){var i=t[e];t[e]=t[r],t[r]=i}function g(t,e,i,n,s){if(0===t.length)return-1;if(\"string\"==typeof i?(n=i,i=0):i>2147483647?i=2147483647:i<-2147483648&&(i=-2147483648),L(i=+i)&&(i=s?0:t.length-1),i<0&&(i=t.length+i),i>=t.length){if(s)return-1;i=t.length-1}else if(i<0){if(!s)return-1;i=0}if(\"string\"==typeof e&&(e=r.from(e,n)),r.isBuffer(e))return 0===e.length?-1:p(t,e,i,n,s);if(\"number\"==typeof e)return e&=255,\"function\"==typeof Uint8Array.prototype.indexOf?s?Uint8Array.prototype.indexOf.call(t,e,i):Uint8Array.prototype.lastIndexOf.call(t,e,i):p(t,[e],i,n,s);throw new TypeError(\"val must be string, number or Buffer\")}function p(t,e,r,i,n){var s,a=1,o=t.length,h=e.length;if(void 0!==i&&(\"ucs2\"===(i=String(i).toLowerCase())||\"ucs-2\"===i||\"utf16le\"===i||\"utf-16le\"===i)){if(t.length<2||e.length<2)return-1;a=2,o/=2,h/=2,r/=2}function u(t,e){return 1===a?t[e]:t.readUInt16BE(e*a)}if(n){var c=-1;for(s=r;so&&(r=o-h),s=r;s>=0;s--){for(var l=!0,f=0;fn&&(i=n):i=n;var s=e.length;i>s/2&&(i=s/2);for(var a=0;a>8,n=r%256,s.push(n),s.push(i);return s}(e,t.length-r),t,r,i)}function E(t,e,r){return 0===e&&r===t.length?i.fromByteArray(t):i.fromByteArray(t.slice(e,r))}function w(t,e,r){r=Math.min(t.length,r);for(var i=[],n=e;n239?4:u>223?3:u>191?2:1;if(n+l<=r)switch(l){case 1:u<128&&(c=u);break;case 2:128==(192&(s=t[n+1]))&&(h=(31&u)<<6|63&s)>127&&(c=h);break;case 3:s=t[n+1],a=t[n+2],128==(192&s)&&128==(192&a)&&(h=(15&u)<<12|(63&s)<<6|63&a)>2047&&(h<55296||h>57343)&&(c=h);break;case 4:s=t[n+1],a=t[n+2],o=t[n+3],128==(192&s)&&128==(192&a)&&128==(192&o)&&(h=(15&u)<<18|(63&s)<<12|(63&a)<<6|63&o)>65535&&h<1114112&&(c=h)}null===c?(c=65533,l=1):c>65535&&(c-=65536,i.push(c>>>10&1023|55296),c=56320|1023&c),i.push(c),n+=l}return function(t){var e=t.length;if(e<=b)return String.fromCharCode.apply(String,t);for(var r=\"\",i=0;ithis.length)return\"\";if((void 0===r||r>this.length)&&(r=this.length),r<=0)return\"\";if((r>>>=0)<=(e>>>=0))return\"\";for(t||(t=\"utf8\");;)switch(t){case\"hex\":return D(this,e,r);case\"utf8\":case\"utf-8\":return w(this,e,r);case\"ascii\":return F(this,e,r);case\"latin1\":case\"binary\":return A(this,e,r);case\"base64\":return E(this,e,r);case\"ucs2\":case\"ucs-2\":case\"utf16le\":case\"utf-16le\":return I(this,e,r);default:if(i)throw new TypeError(\"Unknown encoding: \"+t);t=(t+\"\").toLowerCase(),i=!0}}.apply(this,arguments)},r.prototype.toLocaleString=r.prototype.toString,r.prototype.equals=function(t){if(!r.isBuffer(t))throw new TypeError(\"Argument must be a Buffer\");return this===t||0===r.compare(this,t)},r.prototype.inspect=function(){var t=\"\",e=n.INSPECT_MAX_BYTES;return t=this.toString(\"hex\",0,e).replace(/(.{2})/g,\"$1 \").trim(),this.length>e&&(t+=\" ... \"),\"\"},r.prototype.compare=function(t,e,i,n,s){if(V(t,Uint8Array)&&(t=r.from(t,t.offset,t.byteLength)),!r.isBuffer(t))throw new TypeError('The \"target\" argument must be one of type Buffer or Uint8Array. Received type '+typeof t);if(void 0===e&&(e=0),void 0===i&&(i=t?t.length:0),void 0===n&&(n=0),void 0===s&&(s=this.length),e<0||i>t.length||n<0||s>this.length)throw new RangeError(\"out of range index\");if(n>=s&&e>=i)return 0;if(n>=s)return-1;if(e>=i)return 1;if(this===t)return 0;for(var a=(s>>>=0)-(n>>>=0),o=(i>>>=0)-(e>>>=0),h=Math.min(a,o),u=this.slice(n,s),c=t.slice(e,i),l=0;l>>=0,isFinite(r)?(r>>>=0,void 0===i&&(i=\"utf8\")):(i=r,r=void 0)}var n=this.length-e;if((void 0===r||r>n)&&(r=n),t.length>0&&(r<0||e<0)||e>this.length)throw new RangeError(\"Attempt to write outside buffer bounds\");i||(i=\"utf8\");for(var s=!1;;)switch(i){case\"hex\":return d(this,t,e,r);case\"utf8\":case\"utf-8\":return v(this,t,e,r);case\"ascii\":return y(this,t,e,r);case\"latin1\":case\"binary\":return m(this,t,e,r);case\"base64\":return S(this,t,e,r);case\"ucs2\":case\"ucs-2\":case\"utf16le\":case\"utf-16le\":return x(this,t,e,r);default:if(s)throw new TypeError(\"Unknown encoding: \"+i);i=(\"\"+i).toLowerCase(),s=!0}},r.prototype.toJSON=function(){return{type:\"Buffer\",data:Array.prototype.slice.call(this._arr||this,0)}};var b=4096;function F(t,e,r){var i=\"\";r=Math.min(t.length,r);for(var n=e;nn)&&(r=n);for(var s=\"\",a=e;ar)throw new RangeError(\"Trying to access beyond buffer length\")}function P(t,e,i,n,s,a){if(!r.isBuffer(t))throw new TypeError('\"buffer\" argument must be a Buffer instance');if(e>s||et.length)throw new RangeError(\"Index out of range\")}function R(t,e,r,i,n,s){if(r+i>t.length)throw new RangeError(\"Index out of range\");if(r<0)throw new RangeError(\"Index out of range\")}function T(t,e,r,i,n){return e=+e,r>>>=0,n||R(t,0,r,4),f.write(t,e,r,i,23,4),r+4}function B(t,e,r,i,n){return e=+e,r>>>=0,n||R(t,0,r,8),f.write(t,e,r,i,52,8),r+8}r.prototype.slice=function(t,e){var i=this.length;(t=~~t)<0?(t+=i)<0&&(t=0):t>i&&(t=i),(e=void 0===e?i:~~e)<0?(e+=i)<0&&(e=0):e>i&&(e=i),e>>=0,e>>>=0,r||C(t,e,this.length);for(var i=this[t],n=1,s=0;++s>>=0,e>>>=0,r||C(t,e,this.length);for(var i=this[t+--e],n=1;e>0&&(n*=256);)i+=this[t+--e]*n;return i},r.prototype.readUInt8=function(t,e){return t>>>=0,e||C(t,1,this.length),this[t]},r.prototype.readUInt16LE=function(t,e){return t>>>=0,e||C(t,2,this.length),this[t]|this[t+1]<<8},r.prototype.readUInt16BE=function(t,e){return t>>>=0,e||C(t,2,this.length),this[t]<<8|this[t+1]},r.prototype.readUInt32LE=function(t,e){return t>>>=0,e||C(t,4,this.length),(this[t]|this[t+1]<<8|this[t+2]<<16)+16777216*this[t+3]},r.prototype.readUInt32BE=function(t,e){return t>>>=0,e||C(t,4,this.length),16777216*this[t]+(this[t+1]<<16|this[t+2]<<8|this[t+3])},r.prototype.readIntLE=function(t,e,r){t>>>=0,e>>>=0,r||C(t,e,this.length);for(var i=this[t],n=1,s=0;++s=(n*=128)&&(i-=Math.pow(2,8*e)),i},r.prototype.readIntBE=function(t,e,r){t>>>=0,e>>>=0,r||C(t,e,this.length);for(var i=e,n=1,s=this[t+--i];i>0&&(n*=256);)s+=this[t+--i]*n;return s>=(n*=128)&&(s-=Math.pow(2,8*e)),s},r.prototype.readInt8=function(t,e){return t>>>=0,e||C(t,1,this.length),128&this[t]?-1*(255-this[t]+1):this[t]},r.prototype.readInt16LE=function(t,e){t>>>=0,e||C(t,2,this.length);var r=this[t]|this[t+1]<<8;return 32768&r?4294901760|r:r},r.prototype.readInt16BE=function(t,e){t>>>=0,e||C(t,2,this.length);var r=this[t+1]|this[t]<<8;return 32768&r?4294901760|r:r},r.prototype.readInt32LE=function(t,e){return t>>>=0,e||C(t,4,this.length),this[t]|this[t+1]<<8|this[t+2]<<16|this[t+3]<<24},r.prototype.readInt32BE=function(t,e){return t>>>=0,e||C(t,4,this.length),this[t]<<24|this[t+1]<<16|this[t+2]<<8|this[t+3]},r.prototype.readFloatLE=function(t,e){return t>>>=0,e||C(t,4,this.length),f.read(this,t,!0,23,4)},r.prototype.readFloatBE=function(t,e){return t>>>=0,e||C(t,4,this.length),f.read(this,t,!1,23,4)},r.prototype.readDoubleLE=function(t,e){return t>>>=0,e||C(t,8,this.length),f.read(this,t,!0,52,8)},r.prototype.readDoubleBE=function(t,e){return t>>>=0,e||C(t,8,this.length),f.read(this,t,!1,52,8)},r.prototype.writeUIntLE=function(t,e,r,i){t=+t,e>>>=0,r>>>=0,i||P(this,t,e,r,Math.pow(2,8*r)-1,0);var n=1,s=0;for(this[e]=255&t;++s>>=0,r>>>=0,i||P(this,t,e,r,Math.pow(2,8*r)-1,0);var n=r-1,s=1;for(this[e+n]=255&t;--n>=0&&(s*=256);)this[e+n]=t/s&255;return e+r},r.prototype.writeUInt8=function(t,e,r){return t=+t,e>>>=0,r||P(this,t,e,1,255,0),this[e]=255&t,e+1},r.prototype.writeUInt16LE=function(t,e,r){return t=+t,e>>>=0,r||P(this,t,e,2,65535,0),this[e]=255&t,this[e+1]=t>>>8,e+2},r.prototype.writeUInt16BE=function(t,e,r){return t=+t,e>>>=0,r||P(this,t,e,2,65535,0),this[e]=t>>>8,this[e+1]=255&t,e+2},r.prototype.writeUInt32LE=function(t,e,r){return t=+t,e>>>=0,r||P(this,t,e,4,4294967295,0),this[e+3]=t>>>24,this[e+2]=t>>>16,this[e+1]=t>>>8,this[e]=255&t,e+4},r.prototype.writeUInt32BE=function(t,e,r){return t=+t,e>>>=0,r||P(this,t,e,4,4294967295,0),this[e]=t>>>24,this[e+1]=t>>>16,this[e+2]=t>>>8,this[e+3]=255&t,e+4},r.prototype.writeIntLE=function(t,e,r,i){if(t=+t,e>>>=0,!i){var n=Math.pow(2,8*r-1);P(this,t,e,r,n-1,-n)}var s=0,a=1,o=0;for(this[e]=255&t;++s>0)-o&255;return e+r},r.prototype.writeIntBE=function(t,e,r,i){if(t=+t,e>>>=0,!i){var n=Math.pow(2,8*r-1);P(this,t,e,r,n-1,-n)}var s=r-1,a=1,o=0;for(this[e+s]=255&t;--s>=0&&(a*=256);)t<0&&0===o&&0!==this[e+s+1]&&(o=1),this[e+s]=(t/a>>0)-o&255;return e+r},r.prototype.writeInt8=function(t,e,r){return t=+t,e>>>=0,r||P(this,t,e,1,127,-128),t<0&&(t=255+t+1),this[e]=255&t,e+1},r.prototype.writeInt16LE=function(t,e,r){return t=+t,e>>>=0,r||P(this,t,e,2,32767,-32768),this[e]=255&t,this[e+1]=t>>>8,e+2},r.prototype.writeInt16BE=function(t,e,r){return t=+t,e>>>=0,r||P(this,t,e,2,32767,-32768),this[e]=t>>>8,this[e+1]=255&t,e+2},r.prototype.writeInt32LE=function(t,e,r){return t=+t,e>>>=0,r||P(this,t,e,4,2147483647,-2147483648),this[e]=255&t,this[e+1]=t>>>8,this[e+2]=t>>>16,this[e+3]=t>>>24,e+4},r.prototype.writeInt32BE=function(t,e,r){return t=+t,e>>>=0,r||P(this,t,e,4,2147483647,-2147483648),t<0&&(t=4294967295+t+1),this[e]=t>>>24,this[e+1]=t>>>16,this[e+2]=t>>>8,this[e+3]=255&t,e+4},r.prototype.writeFloatLE=function(t,e,r){return T(this,t,e,!0,r)},r.prototype.writeFloatBE=function(t,e,r){return T(this,t,e,!1,r)},r.prototype.writeDoubleLE=function(t,e,r){return B(this,t,e,!0,r)},r.prototype.writeDoubleBE=function(t,e,r){return B(this,t,e,!1,r)},r.prototype.copy=function(t,e,i,n){if(!r.isBuffer(t))throw new TypeError(\"argument should be a Buffer\");if(i||(i=0),n||0===n||(n=this.length),e>=t.length&&(e=t.length),e||(e=0),n>0&&n=this.length)throw new RangeError(\"Index out of range\");if(n<0)throw new RangeError(\"sourceEnd out of bounds\");n>this.length&&(n=this.length),t.length-e=0;--a)t[a+e]=this[a+i];else Uint8Array.prototype.set.call(t,this.subarray(i,n),e);return s},r.prototype.fill=function(t,e,i,n){if(\"string\"==typeof t){if(\"string\"==typeof e?(n=e,e=0,i=this.length):\"string\"==typeof i&&(n=i,i=this.length),void 0!==n&&\"string\"!=typeof n)throw new TypeError(\"encoding must be a string\");if(\"string\"==typeof n&&!r.isEncoding(n))throw new TypeError(\"Unknown encoding: \"+n);if(1===t.length){var s=t.charCodeAt(0);(\"utf8\"===n&&s<128||\"latin1\"===n)&&(t=s)}}else\"number\"==typeof t&&(t&=255);if(e<0||this.length>>=0,i=void 0===i?this.length:i>>>0,t||(t=0),\"number\"==typeof t)for(a=e;a55295&&r<57344){if(!n){if(r>56319){(e-=3)>-1&&s.push(239,191,189);continue}if(a+1===i){(e-=3)>-1&&s.push(239,191,189);continue}n=r;continue}if(r<56320){(e-=3)>-1&&s.push(239,191,189),n=r;continue}r=65536+(n-55296<<10|r-56320)}else n&&(e-=3)>-1&&s.push(239,191,189);if(n=null,r<128){if((e-=1)<0)break;s.push(r)}else if(r<2048){if((e-=2)<0)break;s.push(r>>6|192,63&r|128)}else if(r<65536){if((e-=3)<0)break;s.push(r>>12|224,r>>6&63|128,63&r|128)}else{if(!(r<1114112))throw new Error(\"Invalid code point\");if((e-=4)<0)break;s.push(r>>18|240,r>>12&63|128,r>>6&63|128,63&r|128)}}return s}function O(t){return i.toByteArray(function(t){if((t=(t=t.split(\"=\")[0]).trim().replace(H,\"\")).length<2)return\"\";for(;t.length%4!=0;)t+=\"=\";return t}(t))}function j(t,e,r,i){for(var n=0;n=e.length||n>=t.length);++n)e[n+r]=t[n];return n}function V(t,e){return t instanceof e||null!=t&&null!=t.constructor&&null!=t.constructor.name&&t.constructor.name===e.name}function L(t){return t!=t}}).call(this)}).call(this,r({}).Buffer)},function(r){return e||t(e={exports:{},parent:r},e.exports),e.exports}),i={toByteArray:function(t){var e,r,i=c(t),n=i[0],o=i[1],h=new a(function(t,e,r){return 3*(e+r)/4-r}(0,n,o)),u=0,l=o>0?n-4:n;for(r=0;r>16&255,h[u++]=e>>8&255,h[u++]=255&e;return 2===o&&(e=s[t.charCodeAt(r)]<<2|s[t.charCodeAt(r+1)]>>4,h[u++]=255&e),1===o&&(e=s[t.charCodeAt(r)]<<10|s[t.charCodeAt(r+1)]<<4|s[t.charCodeAt(r+2)]>>2,h[u++]=e>>8&255,h[u++]=255&e),h},fromByteArray:function(t){for(var e,r=t.length,i=r%3,s=[],a=0,o=r-i;ao?o:a+16383));return 1===i?(e=t[r-1],s.push(n[e>>2]+n[e<<4&63]+\"==\")):2===i&&(e=(t[r-2]<<8)+t[r-1],s.push(n[e>>10]+n[e>>4&63]+n[e<<2&63]+\"=\")),s.join(\"\")}},n=[],s=[],a=\"undefined\"!=typeof Uint8Array?Uint8Array:Array,o=\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/\",h=0,u=o.length;h0)throw new Error(\"Invalid string. Length must be a multiple of 4\");var r=t.indexOf(\"=\");return-1===r&&(r=e),[r,r===e?0:4-r%4]}function l(t,e,r){for(var i,s,a=[],o=e;o>18&63]+n[s>>12&63]+n[s>>6&63]+n[63&s]);return a.join(\"\")}s[\"-\".charCodeAt(0)]=62,s[\"_\".charCodeAt(0)]=63;var f={read:function(t,e,r,i,n){var s,a,o=8*n-i-1,h=(1<>1,c=-7,l=r?n-1:0,f=r?-1:1,g=t[e+l];for(l+=f,s=g&(1<<-c)-1,g>>=-c,c+=o;c>0;s=256*s+t[e+l],l+=f,c-=8);for(a=s&(1<<-c)-1,s>>=-c,c+=i;c>0;a=256*a+t[e+l],l+=f,c-=8);if(0===s)s=1-u;else{if(s===h)return a?NaN:1/0*(g?-1:1);a+=Math.pow(2,i),s-=u}return(g?-1:1)*a*Math.pow(2,s-i)},write:function(t,e,r,i,n,s){var a,o,h,u=8*s-n-1,c=(1<>1,f=23===n?Math.pow(2,-24)-Math.pow(2,-77):0,g=i?0:s-1,p=i?1:-1,d=e<0||0===e&&1/e<0?1:0;for(e=Math.abs(e),isNaN(e)||e===1/0?(o=isNaN(e)?1:0,a=c):(a=Math.floor(Math.log(e)/Math.LN2),e*(h=Math.pow(2,-a))<1&&(a--,h*=2),(e+=a+l>=1?f/h:f*Math.pow(2,1-l))*h>=2&&(a++,h/=2),a+l>=c?(o=0,a=c):a+l>=1?(o=(e*h-1)*Math.pow(2,n),a+=l):(o=e*Math.pow(2,l-1)*Math.pow(2,n),a=0));n>=8;t[r+g]=255&o,g+=p,o/=256,n-=8);for(a=a<0;t[r+g]=255&a,g+=p,a/=256,u-=8);t[r+g-p]|=128*d}},g={};(function(t){(function(){var e,r,i,n,s,a,o,h,u,c,l,f={userAgent:!1},p={},d=d||(e=Math,i=(r={}).lib={},n=i.Base=function(){function t(){}return{extend:function(e){t.prototype=this;var r=new t;return e&&r.mixIn(e),r.hasOwnProperty(\"init\")||(r.init=function(){r.$super.init.apply(this,arguments)}),r.init.prototype=r,r.$super=this,r},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var e in t)t.hasOwnProperty(e)&&(this[e]=t[e]);t.hasOwnProperty(\"toString\")&&(this.toString=t.toString)},clone:function(){return this.init.prototype.extend(this)}}}(),s=i.WordArray=n.extend({init:function(t,e){t=this.words=t||[],this.sigBytes=null!=e?e:4*t.length},toString:function(t){return(t||o).stringify(this)},concat:function(t){var e=this.words,r=t.words,i=this.sigBytes,n=t.sigBytes;if(this.clamp(),i%4)for(var s=0;s>>2]>>>24-s%4*8&255;e[i+s>>>2]|=a<<24-(i+s)%4*8}else for(s=0;s>>2]=r[s>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,r=this.sigBytes;t[r>>>2]&=4294967295<<32-r%4*8,t.length=e.ceil(r/4)},clone:function(){var t=n.clone.call(this);return t.words=this.words.slice(0),t},random:function(t){for(var r=[],i=0;i>>2]>>>24-n%4*8&255;i.push((s>>>4).toString(16)),i.push((15&s).toString(16))}return i.join(\"\")},parse:function(t){for(var e=t.length,r=[],i=0;i>>3]|=parseInt(t.substr(i,2),16)<<24-i%8*4;return new s.init(r,e/2)}},h=a.Latin1={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n>>2]>>>24-n%4*8&255;i.push(String.fromCharCode(s))}return i.join(\"\")},parse:function(t){for(var e=t.length,r=[],i=0;i>>2]|=(255&t.charCodeAt(i))<<24-i%4*8;return new s.init(r,e)}},u=a.Utf8={stringify:function(t){try{return decodeURIComponent(escape(h.stringify(t)))}catch(e){throw new Error(\"Malformed UTF-8 data\")}},parse:function(t){return h.parse(unescape(encodeURIComponent(t)))}},c=i.BufferedBlockAlgorithm=n.extend({reset:function(){this._data=new s.init,this._nDataBytes=0},_append:function(t){\"string\"==typeof t&&(t=u.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var r=this._data,i=r.words,n=r.sigBytes,a=this.blockSize,o=n/(4*a),h=(o=t?e.ceil(o):e.max((0|o)-this._minBufferSize,0))*a,u=e.min(4*h,n);if(h){for(var c=0;c>>2]}},e.BlockCipher=o.extend({cfg:o.cfg.extend({mode:h,padding:c}),reset:function(){o.reset.call(this);var t=(e=this.cfg).iv,e=e.mode;if(this._xformMode==this._ENC_XFORM_MODE)var r=e.createEncryptor;else r=e.createDecryptor,this._minBufferSize=1;this._mode=r.call(e,this,t&&t.words)},_doProcessBlock:function(t,e){this._mode.processBlock(t,e)},_doFinalize:function(){var t=this.cfg.padding;if(this._xformMode==this._ENC_XFORM_MODE){t.pad(this._data,this.blockSize);var e=this._process(!0)}else e=this._process(!0),t.unpad(e);return e},blockSize:4});var l=e.CipherParams=r.extend({init:function(t){this.mixIn(t)},toString:function(t){return(t||this.formatter).stringify(this)}}),f=(h=(g.format={}).OpenSSL={stringify:function(t){var e=t.ciphertext;return((t=t.salt)?i.create([1398893684,1701076831]).concat(t).concat(e):e).toString(s)},parse:function(t){var e=(t=s.parse(t)).words;if(1398893684==e[0]&&1701076831==e[1]){var r=i.create(e.slice(2,4));e.splice(0,4),t.sigBytes-=16}return l.create({ciphertext:t,salt:r})}},e.SerializableCipher=r.extend({cfg:r.extend({format:h}),encrypt:function(t,e,r,i){i=this.cfg.extend(i);var n=t.createEncryptor(r,i);return e=n.finalize(e),n=n.cfg,l.create({ciphertext:e,key:r,iv:n.iv,algorithm:t,mode:n.mode,padding:n.padding,blockSize:t.blockSize,formatter:i.format})},decrypt:function(t,e,r,i){return i=this.cfg.extend(i),e=this._parse(e,i.format),t.createDecryptor(r,i).finalize(e.ciphertext)},_parse:function(t,e){return\"string\"==typeof t?e.parse(t,this):t}})),g=(g.kdf={}).OpenSSL={execute:function(t,e,r,n){return n||(n=i.random(8)),t=a.create({keySize:e+r}).compute(t,n),r=i.create(t.words.slice(e),4*r),t.sigBytes=4*e,l.create({key:t,iv:r,salt:n})}},p=e.PasswordBasedCipher=f.extend({cfg:f.cfg.extend({kdf:g}),encrypt:function(t,e,r,i){return r=(i=this.cfg.extend(i)).kdf.execute(r,t.keySize,t.ivSize),i.iv=r.iv,(t=f.encrypt.call(this,t,e,r.key,i)).mixIn(r),t},decrypt:function(t,e,r,i){return i=this.cfg.extend(i),e=this._parse(e,i.format),r=i.kdf.execute(r,t.keySize,t.ivSize,e.salt),i.iv=r.iv,f.decrypt.call(this,t,e,r.key,i)}})}(),function(){for(var t=d,e=t.lib.BlockCipher,r=t.algo,i=[],n=[],s=[],a=[],o=[],h=[],u=[],c=[],l=[],f=[],g=[],p=0;256>p;p++)g[p]=128>p?p<<1:p<<1^283;var v=0,y=0;for(p=0;256>p;p++){var m=(m=y^y<<1^y<<2^y<<3^y<<4)>>>8^255&m^99;i[v]=m,n[m]=v;var S=g[v],x=g[S],E=g[x],w=257*g[m]^16843008*m;s[v]=w<<24|w>>>8,a[v]=w<<16|w>>>16,o[v]=w<<8|w>>>24,h[v]=w,w=16843009*E^65537*x^257*S^16843008*v,u[m]=w<<24|w>>>8,c[m]=w<<16|w>>>16,l[m]=w<<8|w>>>24,f[m]=w,v?(v=S^g[g[g[E^S]]],y^=g[g[y]]):v=y=1}var b=[0,1,2,4,8,16,32,64,128,27,54];r=r.AES=e.extend({_doReset:function(){for(var t=(r=this._key).words,e=r.sigBytes/4,r=4*((this._nRounds=e+6)+1),n=this._keySchedule=[],s=0;s>>24]<<24|i[a>>>16&255]<<16|i[a>>>8&255]<<8|i[255&a]):(a=i[(a=a<<8|a>>>24)>>>24]<<24|i[a>>>16&255]<<16|i[a>>>8&255]<<8|i[255&a],a^=b[s/e|0]<<24),n[s]=n[s-e]^a}for(t=this._invKeySchedule=[],e=0;ee||4>=s?a:u[i[a>>>24]]^c[i[a>>>16&255]]^l[i[a>>>8&255]]^f[i[255&a]]},encryptBlock:function(t,e){this._doCryptBlock(t,e,this._keySchedule,s,a,o,h,i)},decryptBlock:function(t,e){var r=t[e+1];t[e+1]=t[e+3],t[e+3]=r,this._doCryptBlock(t,e,this._invKeySchedule,u,c,l,f,n),r=t[e+1],t[e+1]=t[e+3],t[e+3]=r},_doCryptBlock:function(t,e,r,i,n,s,a,o){for(var h=this._nRounds,u=t[e]^r[0],c=t[e+1]^r[1],l=t[e+2]^r[2],f=t[e+3]^r[3],g=4,p=1;p>>24]^n[c>>>16&255]^s[l>>>8&255]^a[255&f]^r[g++],v=i[c>>>24]^n[l>>>16&255]^s[f>>>8&255]^a[255&u]^r[g++],y=i[l>>>24]^n[f>>>16&255]^s[u>>>8&255]^a[255&c]^r[g++];f=i[f>>>24]^n[u>>>16&255]^s[c>>>8&255]^a[255&l]^r[g++],u=d,c=v,l=y}d=(o[u>>>24]<<24|o[c>>>16&255]<<16|o[l>>>8&255]<<8|o[255&f])^r[g++],v=(o[c>>>24]<<24|o[l>>>16&255]<<16|o[f>>>8&255]<<8|o[255&u])^r[g++],y=(o[l>>>24]<<24|o[f>>>16&255]<<16|o[u>>>8&255]<<8|o[255&c])^r[g++],f=(o[f>>>24]<<24|o[u>>>16&255]<<16|o[c>>>8&255]<<8|o[255&l])^r[g++],t[e]=d,t[e+1]=v,t[e+2]=y,t[e+3]=f},keySize:8}),t.AES=e._createHelper(r)}(),function(){function t(t,e){var r=(this._lBlock>>>t^this._rBlock)&e;this._rBlock^=r,this._lBlock^=r<>>t^this._lBlock)&e;this._lBlock^=r,this._rBlock^=r<r;r++){var i=a[r]-1;e[r]=t[i>>>5]>>>31-i%32&1}for(t=this._subKeys=[],i=0;16>i;i++){var n=t[i]=[],s=h[i];for(r=0;24>r;r++)n[r/6|0]|=e[(o[r]-1+s)%28]<<31-r%6,n[4+(r/6|0)]|=e[28+(o[r+24]-1+s)%28]<<31-r%6;for(n[0]=n[0]<<1|n[0]>>>31,r=1;7>r;r++)n[r]>>>=4*(r-1)+3;n[7]=n[7]<<5|n[7]>>>27}for(e=this._invSubKeys=[],r=0;16>r;r++)e[r]=t[15-r]},encryptBlock:function(t,e){this._doCryptBlock(t,e,this._subKeys)},decryptBlock:function(t,e){this._doCryptBlock(t,e,this._invSubKeys)},_doCryptBlock:function(r,i,n){this._lBlock=r[i],this._rBlock=r[i+1],t.call(this,4,252645135),t.call(this,16,65535),e.call(this,2,858993459),e.call(this,8,16711935),t.call(this,1,1431655765);for(var s=0;16>s;s++){for(var a=n[s],o=this._lBlock,h=this._rBlock,l=0,f=0;8>f;f++)l|=u[f][((h^a[f])&c[f])>>>0];this._lBlock=h,this._rBlock=o^l}n=this._lBlock,this._lBlock=this._rBlock,this._rBlock=n,t.call(this,1,1431655765),e.call(this,8,16711935),e.call(this,2,858993459),t.call(this,16,65535),t.call(this,4,252645135),r[i]=this._lBlock,r[i+1]=this._rBlock},keySize:2,ivSize:2,blockSize:2});r.DES=n._createHelper(l),s=s.TripleDES=n.extend({_doReset:function(){var t=this._key.words;this._des1=l.createEncryptor(i.create(t.slice(0,2))),this._des2=l.createEncryptor(i.create(t.slice(2,4))),this._des3=l.createEncryptor(i.create(t.slice(4,6)))},encryptBlock:function(t,e){this._des1.encryptBlock(t,e),this._des2.decryptBlock(t,e),this._des3.encryptBlock(t,e)},decryptBlock:function(t,e){this._des3.decryptBlock(t,e),this._des2.encryptBlock(t,e),this._des1.decryptBlock(t,e)},keySize:6,ivSize:2,blockSize:2}),r.TripleDES=n._createHelper(s)}(),function(){var t=d,e=t.lib.WordArray;t.enc.Base64={stringify:function(t){var e=t.words,r=t.sigBytes,i=this._map;t.clamp(),t=[];for(var n=0;n>>2]>>>24-n%4*8&255)<<16|(e[n+1>>>2]>>>24-(n+1)%4*8&255)<<8|e[n+2>>>2]>>>24-(n+2)%4*8&255,a=0;4>a&&n+.75*a>>6*(3-a)&63));if(e=i.charAt(64))for(;t.length%4;)t.push(e);return t.join(\"\")},parse:function(t){var r=t.length,i=this._map;(n=i.charAt(64))&&-1!=(n=t.indexOf(n))&&(r=n);for(var n=[],s=0,a=0;a>>6-a%4*2;n[s>>>2]|=(o|h)<<24-s%4*8,s++}return e.create(n,s)},_map:\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=\"}}(),function(t){function e(t,e,r,i,n,s,a){return((t=t+(e&r|~e&i)+n+a)<>>32-s)+e}function r(t,e,r,i,n,s,a){return((t=t+(e&i|r&~i)+n+a)<>>32-s)+e}function i(t,e,r,i,n,s,a){return((t=t+(e^r^i)+n+a)<>>32-s)+e}function n(t,e,r,i,n,s,a){return((t=t+(r^(e|~i))+n+a)<>>32-s)+e}for(var s=d,a=(h=s.lib).WordArray,o=h.Hasher,h=s.algo,u=[],c=0;64>c;c++)u[c]=4294967296*t.abs(t.sin(c+1))|0;h=h.MD5=o.extend({_doReset:function(){this._hash=new a.init([1732584193,4023233417,2562383102,271733878])},_doProcessBlock:function(t,s){for(var a=0;16>a;a++){var o=t[h=s+a];t[h]=16711935&(o<<8|o>>>24)|4278255360&(o<<24|o>>>8)}a=this._hash.words;var h=t[s+0],c=(o=t[s+1],t[s+2]),l=t[s+3],f=t[s+4],g=t[s+5],p=t[s+6],d=t[s+7],v=t[s+8],y=t[s+9],m=t[s+10],S=t[s+11],x=t[s+12],E=t[s+13],w=t[s+14],b=t[s+15],F=e(F=a[0],I=a[1],D=a[2],A=a[3],h,7,u[0]),A=e(A,F,I,D,o,12,u[1]),D=e(D,A,F,I,c,17,u[2]),I=e(I,D,A,F,l,22,u[3]);F=e(F,I,D,A,f,7,u[4]),A=e(A,F,I,D,g,12,u[5]),D=e(D,A,F,I,p,17,u[6]),I=e(I,D,A,F,d,22,u[7]),F=e(F,I,D,A,v,7,u[8]),A=e(A,F,I,D,y,12,u[9]),D=e(D,A,F,I,m,17,u[10]),I=e(I,D,A,F,S,22,u[11]),F=e(F,I,D,A,x,7,u[12]),A=e(A,F,I,D,E,12,u[13]),D=e(D,A,F,I,w,17,u[14]),F=r(F,I=e(I,D,A,F,b,22,u[15]),D,A,o,5,u[16]),A=r(A,F,I,D,p,9,u[17]),D=r(D,A,F,I,S,14,u[18]),I=r(I,D,A,F,h,20,u[19]),F=r(F,I,D,A,g,5,u[20]),A=r(A,F,I,D,m,9,u[21]),D=r(D,A,F,I,b,14,u[22]),I=r(I,D,A,F,f,20,u[23]),F=r(F,I,D,A,y,5,u[24]),A=r(A,F,I,D,w,9,u[25]),D=r(D,A,F,I,l,14,u[26]),I=r(I,D,A,F,v,20,u[27]),F=r(F,I,D,A,E,5,u[28]),A=r(A,F,I,D,c,9,u[29]),D=r(D,A,F,I,d,14,u[30]),F=i(F,I=r(I,D,A,F,x,20,u[31]),D,A,g,4,u[32]),A=i(A,F,I,D,v,11,u[33]),D=i(D,A,F,I,S,16,u[34]),I=i(I,D,A,F,w,23,u[35]),F=i(F,I,D,A,o,4,u[36]),A=i(A,F,I,D,f,11,u[37]),D=i(D,A,F,I,d,16,u[38]),I=i(I,D,A,F,m,23,u[39]),F=i(F,I,D,A,E,4,u[40]),A=i(A,F,I,D,h,11,u[41]),D=i(D,A,F,I,l,16,u[42]),I=i(I,D,A,F,p,23,u[43]),F=i(F,I,D,A,y,4,u[44]),A=i(A,F,I,D,x,11,u[45]),D=i(D,A,F,I,b,16,u[46]),F=n(F,I=i(I,D,A,F,c,23,u[47]),D,A,h,6,u[48]),A=n(A,F,I,D,d,10,u[49]),D=n(D,A,F,I,w,15,u[50]),I=n(I,D,A,F,g,21,u[51]),F=n(F,I,D,A,x,6,u[52]),A=n(A,F,I,D,l,10,u[53]),D=n(D,A,F,I,m,15,u[54]),I=n(I,D,A,F,o,21,u[55]),F=n(F,I,D,A,v,6,u[56]),A=n(A,F,I,D,b,10,u[57]),D=n(D,A,F,I,p,15,u[58]),I=n(I,D,A,F,E,21,u[59]),F=n(F,I,D,A,f,6,u[60]),A=n(A,F,I,D,S,10,u[61]),D=n(D,A,F,I,c,15,u[62]),I=n(I,D,A,F,y,21,u[63]),a[0]=a[0]+F|0,a[1]=a[1]+I|0,a[2]=a[2]+D|0,a[3]=a[3]+A|0},_doFinalize:function(){var e=this._data,r=e.words,i=8*this._nDataBytes,n=8*e.sigBytes;r[n>>>5]|=128<<24-n%32;var s=t.floor(i/4294967296);for(r[15+(n+64>>>9<<4)]=16711935&(s<<8|s>>>24)|4278255360&(s<<24|s>>>8),r[14+(n+64>>>9<<4)]=16711935&(i<<8|i>>>24)|4278255360&(i<<24|i>>>8),e.sigBytes=4*(r.length+1),this._process(),r=(e=this._hash).words,i=0;4>i;i++)n=r[i],r[i]=16711935&(n<<8|n>>>24)|4278255360&(n<<24|n>>>8);return e},clone:function(){var t=o.clone.call(this);return t._hash=this._hash.clone(),t}}),s.MD5=o._createHelper(h),s.HmacMD5=o._createHmacHelper(h)}(Math),function(){var t=d,e=(n=t.lib).WordArray,r=n.Hasher,i=[],n=t.algo.SHA1=r.extend({_doReset:function(){this._hash=new e.init([1732584193,4023233417,2562383102,271733878,3285377520])},_doProcessBlock:function(t,e){for(var r=this._hash.words,n=r[0],s=r[1],a=r[2],o=r[3],h=r[4],u=0;80>u;u++){if(16>u)i[u]=0|t[e+u];else{var c=i[u-3]^i[u-8]^i[u-14]^i[u-16];i[u]=c<<1|c>>>31}c=(n<<5|n>>>27)+h+i[u],c=20>u?c+(1518500249+(s&a|~s&o)):40>u?c+(1859775393+(s^a^o)):60>u?c+((s&a|s&o|a&o)-1894007588):c+((s^a^o)-899497514),h=o,o=a,a=s<<30|s>>>2,s=n,n=c}r[0]=r[0]+n|0,r[1]=r[1]+s|0,r[2]=r[2]+a|0,r[3]=r[3]+o|0,r[4]=r[4]+h|0},_doFinalize:function(){var t=this._data,e=t.words,r=8*this._nDataBytes,i=8*t.sigBytes;return e[i>>>5]|=128<<24-i%32,e[14+(i+64>>>9<<4)]=Math.floor(r/4294967296),e[15+(i+64>>>9<<4)]=r,t.sigBytes=4*e.length,this._process(),this._hash},clone:function(){var t=r.clone.call(this);return t._hash=this._hash.clone(),t}});t.SHA1=r._createHelper(n),t.HmacSHA1=r._createHmacHelper(n)}(),function(t){for(var e=d,r=(n=e.lib).WordArray,i=n.Hasher,n=e.algo,s=[],a=[],o=function(t){return 4294967296*(t-(0|t))|0},h=2,u=0;64>u;){var c;t:{c=h;for(var l=t.sqrt(c),f=2;f<=l;f++)if(!(c%f)){c=!1;break t}c=!0}c&&(8>u&&(s[u]=o(t.pow(h,.5))),a[u]=o(t.pow(h,1/3)),u++),h++}var g=[];n=n.SHA256=i.extend({_doReset:function(){this._hash=new r.init(s.slice(0))},_doProcessBlock:function(t,e){for(var r=this._hash.words,i=r[0],n=r[1],s=r[2],o=r[3],h=r[4],u=r[5],c=r[6],l=r[7],f=0;64>f;f++){if(16>f)g[f]=0|t[e+f];else{var p=g[f-15],d=g[f-2];g[f]=((p<<25|p>>>7)^(p<<14|p>>>18)^p>>>3)+g[f-7]+((d<<15|d>>>17)^(d<<13|d>>>19)^d>>>10)+g[f-16]}p=l+((h<<26|h>>>6)^(h<<21|h>>>11)^(h<<7|h>>>25))+(h&u^~h&c)+a[f]+g[f],d=((i<<30|i>>>2)^(i<<19|i>>>13)^(i<<10|i>>>22))+(i&n^i&s^n&s),l=c,c=u,u=h,h=o+p|0,o=s,s=n,n=i,i=p+d|0}r[0]=r[0]+i|0,r[1]=r[1]+n|0,r[2]=r[2]+s|0,r[3]=r[3]+o|0,r[4]=r[4]+h|0,r[5]=r[5]+u|0,r[6]=r[6]+c|0,r[7]=r[7]+l|0},_doFinalize:function(){var e=this._data,r=e.words,i=8*this._nDataBytes,n=8*e.sigBytes;return r[n>>>5]|=128<<24-n%32,r[14+(n+64>>>9<<4)]=t.floor(i/4294967296),r[15+(n+64>>>9<<4)]=i,e.sigBytes=4*r.length,this._process(),this._hash},clone:function(){var t=i.clone.call(this);return t._hash=this._hash.clone(),t}}),e.SHA256=i._createHelper(n),e.HmacSHA256=i._createHmacHelper(n)}(Math),function(){var t=d,e=t.lib.WordArray,r=(i=t.algo).SHA256,i=i.SHA224=r.extend({_doReset:function(){this._hash=new e.init([3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428])},_doFinalize:function(){var t=r._doFinalize.call(this);return t.sigBytes-=4,t}});t.SHA224=r._createHelper(i),t.HmacSHA224=r._createHmacHelper(i)}(),function(){function t(){return i.create.apply(i,arguments)}for(var e=d,r=e.lib.Hasher,i=(s=e.x64).Word,n=s.WordArray,s=e.algo,a=[t(1116352408,3609767458),t(1899447441,602891725),t(3049323471,3964484399),t(3921009573,2173295548),t(961987163,4081628472),t(1508970993,3053834265),t(2453635748,2937671579),t(2870763221,3664609560),t(3624381080,2734883394),t(310598401,1164996542),t(607225278,1323610764),t(1426881987,3590304994),t(1925078388,4068182383),t(2162078206,991336113),t(2614888103,633803317),t(3248222580,3479774868),t(3835390401,2666613458),t(4022224774,944711139),t(264347078,2341262773),t(604807628,2007800933),t(770255983,1495990901),t(1249150122,1856431235),t(1555081692,3175218132),t(1996064986,2198950837),t(2554220882,3999719339),t(2821834349,766784016),t(2952996808,2566594879),t(3210313671,3203337956),t(3336571891,1034457026),t(3584528711,2466948901),t(113926993,3758326383),t(338241895,168717936),t(666307205,1188179964),t(773529912,1546045734),t(1294757372,1522805485),t(1396182291,2643833823),t(1695183700,2343527390),t(1986661051,1014477480),t(2177026350,1206759142),t(2456956037,344077627),t(2730485921,1290863460),t(2820302411,3158454273),t(3259730800,3505952657),t(3345764771,106217008),t(3516065817,3606008344),t(3600352804,1432725776),t(4094571909,1467031594),t(275423344,851169720),t(430227734,3100823752),t(506948616,1363258195),t(659060556,3750685593),t(883997877,3785050280),t(958139571,3318307427),t(1322822218,3812723403),t(1537002063,2003034995),t(1747873779,3602036899),t(1955562222,1575990012),t(2024104815,1125592928),t(2227730452,2716904306),t(2361852424,442776044),t(2428436474,593698344),t(2756734187,3733110249),t(3204031479,2999351573),t(3329325298,3815920427),t(3391569614,3928383900),t(3515267271,566280711),t(3940187606,3454069534),t(4118630271,4000239992),t(116418474,1914138554),t(174292421,2731055270),t(289380356,3203993006),t(460393269,320620315),t(685471733,587496836),t(852142971,1086792851),t(1017036298,365543100),t(1126000580,2618297676),t(1288033470,3409855158),t(1501505948,4234509866),t(1607167915,987167468),t(1816402316,1246189591)],o=[],h=0;80>h;h++)o[h]=t();s=s.SHA512=r.extend({_doReset:function(){this._hash=new n.init([new i.init(1779033703,4089235720),new i.init(3144134277,2227873595),new i.init(1013904242,4271175723),new i.init(2773480762,1595750129),new i.init(1359893119,2917565137),new i.init(2600822924,725511199),new i.init(528734635,4215389547),new i.init(1541459225,327033209)])},_doProcessBlock:function(t,e){for(var r=(l=this._hash.words)[0],i=l[1],n=l[2],s=l[3],h=l[4],u=l[5],c=l[6],l=l[7],f=r.high,g=r.low,p=i.high,d=i.low,v=n.high,y=n.low,m=s.high,S=s.low,x=h.high,E=h.low,w=u.high,b=u.low,F=c.high,A=c.low,D=l.high,I=l.low,C=f,P=g,R=p,T=d,B=v,H=y,N=m,O=S,j=x,V=E,L=w,K=b,k=F,M=A,_=D,q=I,U=0;80>U;U++){var z=o[U];if(16>U)var G=z.high=0|t[e+2*U],W=z.low=0|t[e+2*U+1];else{G=((W=(G=o[U-15]).high)>>>1|(J=G.low)<<31)^(W>>>8|J<<24)^W>>>7;var J=(J>>>1|W<<31)^(J>>>8|W<<24)^(J>>>7|W<<25),X=((W=(X=o[U-2]).high)>>>19|($=X.low)<<13)^(W<<3|$>>>29)^W>>>6,$=($>>>19|W<<13)^($<<3|W>>>29)^($>>>6|W<<26),Y=(W=o[U-7]).high,Z=(Q=o[U-16]).high,Q=Q.low;G=(G=(G=G+Y+((W=J+W.low)>>>0>>0?1:0))+X+((W+=$)>>>0<$>>>0?1:0))+Z+((W+=Q)>>>0>>0?1:0),z.high=G,z.low=W}Y=j&L^~j&k,Q=V&K^~V&M,z=C&R^C&B^R&B;var tt=P&T^P&H^T&H,et=(J=(C>>>28|P<<4)^(C<<30|P>>>2)^(C<<25|P>>>7),X=(P>>>28|C<<4)^(P<<30|C>>>2)^(P<<25|C>>>7),($=a[U]).high),rt=$.low;Z=_+((j>>>14|V<<18)^(j>>>18|V<<14)^(j<<23|V>>>9))+(($=q+((V>>>14|j<<18)^(V>>>18|j<<14)^(V<<23|j>>>9)))>>>0>>0?1:0),_=k,q=M,k=L,M=K,L=j,K=V,j=N+(Z=(Z=(Z=Z+Y+(($+=Q)>>>0>>0?1:0))+et+(($+=rt)>>>0>>0?1:0))+G+(($+=W)>>>0>>0?1:0))+((V=O+$|0)>>>0>>0?1:0)|0,N=B,O=H,B=R,H=T,R=C,T=P,C=Z+(z=J+z+((W=X+tt)>>>0>>0?1:0))+((P=$+W|0)>>>0<$>>>0?1:0)|0}g=r.low=g+P,r.high=f+C+(g>>>0

>>0?1:0),d=i.low=d+T,i.high=p+R+(d>>>0>>0?1:0),y=n.low=y+H,n.high=v+B+(y>>>0>>0?1:0),S=s.low=S+O,s.high=m+N+(S>>>0>>0?1:0),E=h.low=E+V,h.high=x+j+(E>>>0>>0?1:0),b=u.low=b+K,u.high=w+L+(b>>>0>>0?1:0),A=c.low=A+M,c.high=F+k+(A>>>0>>0?1:0),I=l.low=I+q,l.high=D+_+(I>>>0>>0?1:0)},_doFinalize:function(){var t=this._data,e=t.words,r=8*this._nDataBytes,i=8*t.sigBytes;return e[i>>>5]|=128<<24-i%32,e[30+(i+128>>>10<<5)]=Math.floor(r/4294967296),e[31+(i+128>>>10<<5)]=r,t.sigBytes=4*e.length,this._process(),this._hash.toX32()},clone:function(){var t=r.clone.call(this);return t._hash=this._hash.clone(),t},blockSize:32}),e.SHA512=r._createHelper(s),e.HmacSHA512=r._createHmacHelper(s)}(),function(){var t=d,e=(n=t.x64).Word,r=n.WordArray,i=(n=t.algo).SHA512,n=n.SHA384=i.extend({_doReset:function(){this._hash=new r.init([new e.init(3418070365,3238371032),new e.init(1654270250,914150663),new e.init(2438529370,812702999),new e.init(355462360,4144912697),new e.init(1731405415,4290775857),new e.init(2394180231,1750603025),new e.init(3675008525,1694076839),new e.init(1203062813,3204075428)])},_doFinalize:function(){var t=i._doFinalize.call(this);return t.sigBytes-=16,t}});t.SHA384=i._createHelper(n),t.HmacSHA384=i._createHmacHelper(n)}(),function(){var t=d,e=(i=t.lib).WordArray,r=i.Hasher,i=t.algo,n=e.create([0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13]),s=e.create([5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11]),a=e.create([11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6]),o=e.create([8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11]),h=e.create([0,1518500249,1859775393,2400959708,2840853838]),u=e.create([1352829926,1548603684,1836072691,2053994217,0]);i=i.RIPEMD160=r.extend({_doReset:function(){this._hash=e.create([1732584193,4023233417,2562383102,271733878,3285377520])},_doProcessBlock:function(t,e){for(var r=0;16>r;r++){var i=t[E=e+r];t[E]=16711935&(i<<8|i>>>24)|4278255360&(i<<24|i>>>8)}var c,l,f,g,p,d,v,y,m,S,x,E=this._hash.words,w=(i=h.words,u.words),b=n.words,F=s.words,A=a.words,D=o.words;for(d=c=E[0],v=l=E[1],y=f=E[2],m=g=E[3],S=p=E[4],r=0;80>r;r+=1)x=c+t[e+b[r]]|0,x=16>r?x+((l^f^g)+i[0]):32>r?x+((l&f|~l&g)+i[1]):48>r?x+(((l|~f)^g)+i[2]):64>r?x+((l&g|f&~g)+i[3]):x+((l^(f|~g))+i[4]),x=(x=(x|=0)<>>32-A[r])+p|0,c=p,p=g,g=f<<10|f>>>22,f=l,l=x,x=d+t[e+F[r]]|0,x=16>r?x+((v^(y|~m))+w[0]):32>r?x+((v&m|y&~m)+w[1]):48>r?x+(((v|~y)^m)+w[2]):64>r?x+((v&y|~v&m)+w[3]):x+((v^y^m)+w[4]),x=(x=(x|=0)<>>32-D[r])+S|0,d=S,S=m,m=y<<10|y>>>22,y=v,v=x;x=E[1]+f+m|0,E[1]=E[2]+g+S|0,E[2]=E[3]+p+d|0,E[3]=E[4]+c+v|0,E[4]=E[0]+l+y|0,E[0]=x},_doFinalize:function(){var t=this._data,e=t.words,r=8*this._nDataBytes,i=8*t.sigBytes;for(e[i>>>5]|=128<<24-i%32,e[14+(i+64>>>9<<4)]=16711935&(r<<8|r>>>24)|4278255360&(r<<24|r>>>8),t.sigBytes=4*(e.length+1),this._process(),e=(t=this._hash).words,r=0;5>r;r++)i=e[r],e[r]=16711935&(i<<8|i>>>24)|4278255360&(i<<24|i>>>8);return t},clone:function(){var t=r.clone.call(this);return t._hash=this._hash.clone(),t}}),t.RIPEMD160=r._createHelper(i),t.HmacRIPEMD160=r._createHmacHelper(i)}(Math),function(){var t=d,e=t.enc.Utf8;t.algo.HMAC=t.lib.Base.extend({init:function(t,r){t=this._hasher=new t.init,\"string\"==typeof r&&(r=e.parse(r));var i=t.blockSize,n=4*i;r.sigBytes>n&&(r=t.finalize(r)),r.clamp();for(var s=this._oKey=r.clone(),a=this._iKey=r.clone(),o=s.words,h=a.words,u=0;u>6)+y.charAt(63&r);for(e+1==t.length?(r=parseInt(t.substring(e,e+1),16),i+=y.charAt(r<<2)):e+2==t.length&&(r=parseInt(t.substring(e,e+2),16),i+=y.charAt(r>>2)+y.charAt((3&r)<<4)),\"=\";(3&i.length)>0;)i+=\"=\";return i}function S(t){var e,r,i,n=\"\",s=0;for(e=0;e>2),r=3&i,s=1):1==s?(n+=D(r<<2|i>>4),r=15&i,s=2):2==s?(n+=D(r),n+=D(i>>2),r=3&i,s=3):(n+=D(r<<2|i>>4),n+=D(15&i),s=0));return 1==s&&(n+=D(r<<2)),n}function x(t){var e,r=S(t),i=new Array;for(e=0;2*e>15;--s>=0;){var h=32767&this[t],u=this[t++]>>15,c=o*h+u*a;n=((h=a*h+((32767&c)<<15)+r[i]+(1073741823&n))>>>30)+(c>>>15)+o*u+(n>>>30),r[i++]=1073741823&h}return n},v=30):\"Netscape\"!=f.appName?(E.prototype.am=function(t,e,r,i,n,s){for(;--s>=0;){var a=e*this[t++]+r[i]+n;n=Math.floor(a/67108864),r[i++]=67108863&a}return n},v=26):(E.prototype.am=function(t,e,r,i,n,s){for(var a=16383&e,o=e>>14;--s>=0;){var h=16383&this[t],u=this[t++]>>14,c=o*h+u*a;n=((h=a*h+((16383&c)<<14)+r[i]+n)>>28)+(c>>14)+o*u,r[i++]=268435455&h}return n},v=28),E.prototype.DB=v,E.prototype.DM=(1<>>16)&&(t=e,r+=16),0!=(e=t>>8)&&(t=e,r+=8),0!=(e=t>>4)&&(t=e,r+=4),0!=(e=t>>2)&&(t=e,r+=2),0!=(e=t>>1)&&(t=e,r+=1),r}function R(t){this.m=t}function T(t){this.m=t,this.mp=t.invDigit(),this.mpl=32767&this.mp,this.mph=this.mp>>15,this.um=(1<>=16,e+=16),0==(255&t)&&(t>>=8,e+=8),0==(15&t)&&(t>>=4,e+=4),0==(3&t)&&(t>>=2,e+=2),0==(1&t)&&++e,e}function V(t){for(var e=0;0!=t;)t&=t-1,++e;return e}function L(){}function K(t){return t}function k(t){this.r2=w(),this.q3=w(),E.ONE.dlShiftTo(2*t.t,this.r2),this.mu=this.r2.divide(t),this.m=t}R.prototype.convert=function(t){return t.s<0||t.compareTo(this.m)>=0?t.mod(this.m):t},R.prototype.revert=function(t){return t},R.prototype.reduce=function(t){t.divRemTo(this.m,null,t)},R.prototype.mulTo=function(t,e,r){t.multiplyTo(e,r),this.reduce(r)},R.prototype.sqrTo=function(t,e){t.squareTo(e),this.reduce(e)},T.prototype.convert=function(t){var e=w();return t.abs().dlShiftTo(this.m.t,e),e.divRemTo(this.m,null,e),t.s<0&&e.compareTo(E.ZERO)>0&&this.m.subTo(e,e),e},T.prototype.revert=function(t){var e=w();return t.copyTo(e),this.reduce(e),e},T.prototype.reduce=function(t){for(;t.t<=this.mt2;)t[t.t++]=0;for(var e=0;e>15)*this.mpl&this.um)<<15)&t.DM;for(t[r=e+this.m.t]+=this.m.am(0,i,t,e,0,this.m.t);t[r]>=t.DV;)t[r]-=t.DV,t[++r]++}t.clamp(),t.drShiftTo(this.m.t,t),t.compareTo(this.m)>=0&&t.subTo(this.m,t)},T.prototype.mulTo=function(t,e,r){t.multiplyTo(e,r),this.reduce(r)},T.prototype.sqrTo=function(t,e){t.squareTo(e),this.reduce(e)},E.prototype.copyTo=function(t){for(var e=this.t-1;e>=0;--e)t[e]=this[e];t.t=this.t,t.s=this.s},E.prototype.fromInt=function(t){this.t=1,this.s=t<0?-1:0,t>0?this[0]=t:t<-1?this[0]=t+this.DV:this.t=0},E.prototype.fromString=function(t,e){var r;if(16==e)r=4;else if(8==e)r=3;else if(256==e)r=8;else if(2==e)r=1;else if(32==e)r=5;else{if(4!=e)return void this.fromRadix(t,e);r=2}this.t=0,this.s=0;for(var i=t.length,n=!1,s=0;--i>=0;){var a=8==r?255&t[i]:I(t,i);a<0?\"-\"==t.charAt(i)&&(n=!0):(n=!1,0==s?this[this.t++]=a:s+r>this.DB?(this[this.t-1]|=(a&(1<>this.DB-s):this[this.t-1]|=a<=this.DB&&(s-=this.DB))}8==r&&0!=(128&t[0])&&(this.s=-1,s>0&&(this[this.t-1]|=(1<0&&this[this.t-1]==t;)--this.t},E.prototype.dlShiftTo=function(t,e){var r;for(r=this.t-1;r>=0;--r)e[r+t]=this[r];for(r=t-1;r>=0;--r)e[r]=0;e.t=this.t+t,e.s=this.s},E.prototype.drShiftTo=function(t,e){for(var r=t;r=0;--r)e[r+a+1]=this[r]>>n|o,o=(this[r]&s)<=0;--r)e[r]=0;e[a]=o,e.t=this.t+a+1,e.s=this.s,e.clamp()},E.prototype.rShiftTo=function(t,e){e.s=this.s;var r=Math.floor(t/this.DB);if(r>=this.t)e.t=0;else{var i=t%this.DB,n=this.DB-i,s=(1<>i;for(var a=r+1;a>i;i>0&&(e[this.t-r-1]|=(this.s&s)<>=this.DB;if(t.t>=this.DB;i+=this.s}else{for(i+=this.s;r>=this.DB;i-=t.s}e.s=i<0?-1:0,i<-1?e[r++]=this.DV+i:i>0&&(e[r++]=i),e.t=r,e.clamp()},E.prototype.multiplyTo=function(t,e){var r=this.abs(),i=t.abs(),n=r.t;for(e.t=n+i.t;--n>=0;)e[n]=0;for(n=0;n=0;)t[r]=0;for(r=0;r=e.DV&&(t[r+e.t]-=e.DV,t[r+e.t+1]=1)}t.t>0&&(t[t.t-1]+=e.am(r,e[r],t,2*r,0,1)),t.s=0,t.clamp()},E.prototype.divRemTo=function(t,e,r){var i=t.abs();if(!(i.t<=0)){var n=this.abs();if(n.t0?(i.lShiftTo(h,s),n.lShiftTo(h,r)):(i.copyTo(s),n.copyTo(r));var u=s.t,c=s[u-1];if(0!=c){var l=c*(1<1?s[u-2]>>this.F2:0),f=this.FV/l,g=(1<=0&&(r[r.t++]=1,r.subTo(y,r)),E.ONE.dlShiftTo(u,y),y.subTo(s,s);s.t=0;){var m=r[--d]==c?this.DM:Math.floor(r[d]*f+(r[d-1]+p)*g);if((r[d]+=s.am(0,m,r,v,0,u))0&&r.rShiftTo(h,r),a<0&&E.ZERO.subTo(r,r)}}},E.prototype.invDigit=function(){if(this.t<1)return 0;var t=this[0];if(0==(1&t))return 0;var e=3&t;return(e=(e=(e=(e=e*(2-(15&t)*e)&15)*(2-(255&t)*e)&255)*(2-((65535&t)*e&65535))&65535)*(2-t*e%this.DV)%this.DV)>0?this.DV-e:-e},E.prototype.isEven=function(){return 0==(this.t>0?1&this[0]:this.s)},E.prototype.exp=function(t,e){if(t>4294967295||t<1)return E.ONE;var r=w(),i=w(),n=e.convert(this),s=P(t)-1;for(n.copyTo(r);--s>=0;)if(e.sqrTo(r,i),(t&1<0)e.mulTo(i,n,r);else{var a=r;r=i,i=a}return e.revert(r)},E.prototype.toString=function(t){if(this.s<0)return\"-\"+this.negate().toString(t);var e;if(16==t)e=4;else if(8==t)e=3;else if(2==t)e=1;else if(32==t)e=5;else{if(4!=t)return this.toRadix(t);e=2}var r,i=(1<0)for(o>o)>0&&(n=!0,s=D(r));a>=0;)o>(o+=this.DB-e)):(r=this[a]>>(o-=e)&i,o<=0&&(o+=this.DB,--a)),r>0&&(n=!0),n&&(s+=D(r));return n?s:\"0\"},E.prototype.negate=function(){var t=w();return E.ZERO.subTo(this,t),t},E.prototype.abs=function(){return this.s<0?this.negate():this},E.prototype.compareTo=function(t){var e=this.s-t.s;if(0!=e)return e;var r=this.t;if(0!=(e=r-t.t))return this.s<0?-e:e;for(;--r>=0;)if(0!=(e=this[r]-t[r]))return e;return 0},E.prototype.bitLength=function(){return this.t<=0?0:this.DB*(this.t-1)+P(this[this.t-1]^this.s&this.DM)},E.prototype.mod=function(t){var e=w();return this.abs().divRemTo(t,null,e),this.s<0&&e.compareTo(E.ZERO)>0&&t.subTo(e,e),e},E.prototype.modPowInt=function(t,e){var r;return r=t<256||e.isEven()?new R(e):new T(e),this.exp(t,r)},E.ZERO=C(0),E.ONE=C(1),L.prototype.convert=K,L.prototype.revert=K,L.prototype.mulTo=function(t,e,r){t.multiplyTo(e,r)},L.prototype.sqrTo=function(t,e){t.squareTo(e)},k.prototype.convert=function(t){if(t.s<0||t.t>2*this.m.t)return t.mod(this.m);if(t.compareTo(this.m)<0)return t;var e=w();return t.copyTo(e),this.reduce(e),e},k.prototype.revert=function(t){return t},k.prototype.reduce=function(t){for(t.drShiftTo(this.m.t-1,this.r2),t.t>this.m.t+1&&(t.t=this.m.t+1,t.clamp()),this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3),this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);t.compareTo(this.r2)<0;)t.dAddOffset(1,this.m.t+1);for(t.subTo(this.r2,t);t.compareTo(this.m)>=0;)t.subTo(this.m,t)},k.prototype.mulTo=function(t,e,r){t.multiplyTo(e,r),this.reduce(r)},k.prototype.sqrTo=function(t,e){t.squareTo(e),this.reduce(e)};var M=[2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997],_=(1<<26)/M[M.length-1];function q(){this.i=0,this.j=0,this.S=new Array}E.prototype.chunkSize=function(t){return Math.floor(Math.LN2*this.DB/Math.log(t))},E.prototype.toRadix=function(t){if(null==t&&(t=10),0==this.signum()||t<2||t>36)return\"0\";var e=this.chunkSize(t),r=Math.pow(t,e),i=C(r),n=w(),s=w(),a=\"\";for(this.divRemTo(i,n,s);n.signum()>0;)a=(r+s.intValue()).toString(t).substr(1)+a,n.divRemTo(i,n,s);return s.intValue().toString(t)+a},E.prototype.fromRadix=function(t,e){this.fromInt(0),null==e&&(e=10);for(var r=this.chunkSize(e),i=Math.pow(e,r),n=!1,s=0,a=0,o=0;o=r&&(this.dMultiply(i),this.dAddOffset(a,0),s=0,a=0))}s>0&&(this.dMultiply(Math.pow(e,s)),this.dAddOffset(a,0)),n&&E.ZERO.subTo(this,this)},E.prototype.fromNumber=function(t,e,r){if(\"number\"==typeof e)if(t<2)this.fromInt(1);else for(this.fromNumber(t,r),this.testBit(t-1)||this.bitwiseTo(E.ONE.shiftLeft(t-1),H,this),this.isEven()&&this.dAddOffset(1,0);!this.isProbablePrime(e);)this.dAddOffset(2,0),this.bitLength()>t&&this.subTo(E.ONE.shiftLeft(t-1),this);else{var i=new Array,n=7&t;i.length=1+(t>>3),e.nextBytes(i),n>0?i[0]&=(1<>=this.DB;if(t.t>=this.DB;i+=this.s}else{for(i+=this.s;r>=this.DB;i+=t.s}e.s=i<0?-1:0,i>0?e[r++]=i:i<-1&&(e[r++]=this.DV+i),e.t=r,e.clamp()},E.prototype.dMultiply=function(t){this[this.t]=this.am(0,t-1,this,0,0,this.t),++this.t,this.clamp()},E.prototype.dAddOffset=function(t,e){if(0!=t){for(;this.t<=e;)this[this.t++]=0;for(this[e]+=t;this[e]>=this.DV;)this[e]-=this.DV,++e>=this.t&&(this[this.t++]=0),++this[e]}},E.prototype.multiplyLowerTo=function(t,e,r){var i,n=Math.min(this.t+t.t,e);for(r.s=0,r.t=n;n>0;)r[--n]=0;for(i=r.t-this.t;n=0;)r[i]=0;for(i=Math.max(e-this.t,0);i0)if(0==e)r=this[0]%t;else for(var i=this.t-1;i>=0;--i)r=(e*r+this[i])%t;return r},E.prototype.millerRabin=function(t){var e=this.subtract(E.ONE),r=e.getLowestSetBit();if(r<=0)return!1;var i=e.shiftRight(r);(t=t+1>>1)>M.length&&(t=M.length);for(var n=w(),s=0;s>24},E.prototype.shortValue=function(){return 0==this.t?this.s:this[0]<<16>>16},E.prototype.signum=function(){return this.s<0?-1:this.t<=0||1==this.t&&this[0]<=0?0:1},E.prototype.toByteArray=function(){var t=this.t,e=new Array;e[0]=this.s;var r,i=this.DB-t*this.DB%8,n=0;if(t-- >0)for(i>i)!=(this.s&this.DM)>>i&&(e[n++]=r|this.s<=0;)i<8?(r=(this[t]&(1<>(i+=this.DB-8)):(r=this[t]>>(i-=8)&255,i<=0&&(i+=this.DB,--t)),0!=(128&r)&&(r|=-256),0==n&&(128&this.s)!=(128&r)&&++n,(n>0||r!=this.s)&&(e[n++]=r);return e},E.prototype.equals=function(t){return 0==this.compareTo(t)},E.prototype.min=function(t){return this.compareTo(t)<0?this:t},E.prototype.max=function(t){return this.compareTo(t)>0?this:t},E.prototype.and=function(t){var e=w();return this.bitwiseTo(t,B,e),e},E.prototype.or=function(t){var e=w();return this.bitwiseTo(t,H,e),e},E.prototype.xor=function(t){var e=w();return this.bitwiseTo(t,N,e),e},E.prototype.andNot=function(t){var e=w();return this.bitwiseTo(t,O,e),e},E.prototype.not=function(){for(var t=w(),e=0;e=this.t?0!=this.s:0!=(this[e]&1<1){var c=w();for(i.sqrTo(a[1],c);o<=u;)a[o]=w(),i.mulTo(c,a[o-2],a[o]),o+=2}var l,f,g=t.t-1,p=!0,d=w();for(n=P(t[g])-1;g>=0;){for(n>=h?l=t[g]>>n-h&u:(l=(t[g]&(1<0&&(l|=t[g-1]>>this.DB+n-h)),o=r;0==(1&l);)l>>=1,--o;if((n-=o)<0&&(n+=this.DB,--g),p)a[l].copyTo(s),p=!1;else{for(;o>1;)i.sqrTo(s,d),i.sqrTo(d,s),o-=2;o>0?i.sqrTo(s,d):(f=s,s=d,d=f),i.mulTo(d,a[l],s)}for(;g>=0&&0==(t[g]&1<=0?(r.subTo(i,r),e&&n.subTo(a,n),s.subTo(o,s)):(i.subTo(r,i),e&&a.subTo(n,a),o.subTo(s,o))}return 0!=i.compareTo(E.ONE)?E.ZERO:o.compareTo(t)>=0?o.subtract(t):o.signum()<0?(o.addTo(t,o),o.signum()<0?o.add(t):o):o},E.prototype.pow=function(t){return this.exp(t,new L)},E.prototype.gcd=function(t){var e=this.s<0?this.negate():this.clone(),r=t.s<0?t.negate():t.clone();if(e.compareTo(r)<0){var i=e;e=r,r=i}var n=e.getLowestSetBit(),s=r.getLowestSetBit();if(s<0)return e;for(n0&&(e.rShiftTo(s,e),r.rShiftTo(s,r));e.signum()>0;)(n=e.getLowestSetBit())>0&&e.rShiftTo(n,e),(n=r.getLowestSetBit())>0&&r.rShiftTo(n,r),e.compareTo(r)>=0?(e.subTo(r,e),e.rShiftTo(1,e)):(r.subTo(e,r),r.rShiftTo(1,r));return s>0&&r.lShiftTo(s,r),r},E.prototype.isProbablePrime=function(t){var e,r=this.abs();if(1==r.t&&r[0]<=M[M.length-1]){for(e=0;e>8&255,z[G++]^=t>>16&255,z[G++]^=t>>24&255,G>=256&&(G-=256)}if(null==z){var J;if(z=new Array,G=0,void 0!==p&&(void 0!==p.crypto||void 0!==p.msCrypto)){var X=p.crypto||p.msCrypto;if(X.getRandomValues){var $=new Uint8Array(32);for(X.getRandomValues($),J=0;J<32;++J)z[G++]=$[J]}else if(\"Netscape\"==f.appName&&f.appVersion<\"5\"){var Y=p.crypto.random(32);for(J=0;J>>8,z[G++]=255&J;G=0,W()}function Z(){if(null==U){for(W(),(U=new q).init(z),G=0;G>24,(16711680&n)>>16,(65280&n)>>8,255&n]))),n+=1;return i}function rt(){this.n=null,this.e=0,this.d=null,this.p=null,this.q=null,this.dmp1=null,this.dmq1=null,this.coeff=null}function it(t,e,r){for(var i=\"\",n=0;i.length>24,(16711680&n)>>16,(65280&n)>>8,255&n])),n+=1;return i}function nt(t,e){this.x=e,this.q=t}function st(t,e,r,i){this.curve=t,this.x=e,this.y=r,this.z=null==i?E.ONE:i,this.zinv=null}function at(t,e,r){this.q=t,this.a=this.fromBigInteger(e),this.b=this.fromBigInteger(r),this.infinity=new st(this,null,null)}Q.prototype.nextBytes=function(t){var e;for(e=0;e0&&e.length>0))throw\"Invalid RSA public key\";this.n=tt(t,16),this.e=parseInt(e,16)}},rt.prototype.encrypt=function(t){var e=function(t,e){if(e=0&&e>0;){var n=t.charCodeAt(i--);n<128?r[--e]=n:n>127&&n<2048?(r[--e]=63&n|128,r[--e]=n>>6|192):(r[--e]=63&n|128,r[--e]=n>>6&63|128,r[--e]=n>>12|224)}r[--e]=0;for(var s=new Q,a=new Array;e>2;){for(a[0]=0;0==a[0];)s.nextBytes(a);r[--e]=a[0]}return r[--e]=2,r[--e]=0,new E(r)}(t,this.n.bitLength()+7>>3);if(null==e)return null;var r=this.doPublic(e);if(null==r)return null;var i=r.toString(16);return 0==(1&i.length)?i:\"0\"+i},rt.prototype.encryptOAEP=function(t,e,r){var i=function(t,e,r,i){var n=ht.crypto.MessageDigest,s=ht.crypto.Util,a=null;if(r||(r=\"sha1\"),\"string\"==typeof r&&(a=n.getCanonicalAlgName(r),i=n.getHashLength(a),r=function(t){return wt(s.hashHex(bt(t),a))}),t.length+2*i+2>e)throw\"Message too long for RSA\";var o,h=\"\";for(o=0;o>3,e,r);if(null==i)return null;var n=this.doPublic(i);if(null==n)return null;var s=n.toString(16);return 0==(1&s.length)?s:\"0\"+s},rt.prototype.type=\"RSA\",rt.prototype.doPrivate=function(t){if(null==this.p||null==this.q)return t.modPow(this.d,this.n);for(var e=t.mod(this.p).modPow(this.dmp1,this.p),r=t.mod(this.q).modPow(this.dmq1,this.q);e.compareTo(r)<0;)e=e.add(this.p);return e.subtract(r).multiply(this.coeff).mod(this.p).multiply(this.q).add(r)},rt.prototype.setPrivate=function(t,e,r){if(this.isPrivate=!0,\"string\"!=typeof t)this.n=t,this.e=e,this.d=r;else{if(!(null!=t&&null!=e&&t.length>0&&e.length>0))throw\"Invalid RSA private key\";this.n=tt(t,16),this.e=parseInt(e,16),this.d=tt(r,16)}},rt.prototype.setPrivateEx=function(t,e,r,i,n,s,a,o){if(this.isPrivate=!0,this.isPublic=!1,null==t)throw\"RSASetPrivateEx N == null\";if(null==e)throw\"RSASetPrivateEx E == null\";if(0==t.length)throw\"RSASetPrivateEx N.length == 0\";if(0==e.length)throw\"RSASetPrivateEx E.length == 0\";if(!(null!=t&&null!=e&&t.length>0&&e.length>0))throw\"Invalid RSA private key in RSASetPrivateEx\";this.n=tt(t,16),this.e=parseInt(e,16),this.d=tt(r,16),this.p=tt(i,16),this.q=tt(n,16),this.dmp1=tt(s,16),this.dmq1=tt(a,16),this.coeff=tt(o,16)},rt.prototype.generate=function(t,e){var r=new Q,i=t>>1;this.e=parseInt(e,16);for(var n=new E(e,16);;){for(;this.p=new E(t-i,1,r),0!=this.p.subtract(E.ONE).gcd(n).compareTo(E.ONE)||!this.p.isProbablePrime(10););for(;this.q=new E(i,1,r),0!=this.q.subtract(E.ONE).gcd(n).compareTo(E.ONE)||!this.q.isProbablePrime(10););if(this.p.compareTo(this.q)<=0){var s=this.p;this.p=this.q,this.q=s}var a=this.p.subtract(E.ONE),o=this.q.subtract(E.ONE),h=a.multiply(o);if(0==h.gcd(n).compareTo(E.ONE)&&(this.n=this.p.multiply(this.q),this.n.bitLength()==t)){this.d=n.modInverse(h),this.dmp1=this.d.mod(a),this.dmq1=this.d.mod(o),this.coeff=this.q.modInverse(this.p);break}}this.isPrivate=!0},rt.prototype.decrypt=function(t){if(t.length!=Math.ceil(this.n.bitLength()/4))throw new Error(\"wrong ctext length\");var e=tt(t,16),r=this.doPrivate(e);return null==r?null:function(t,e){for(var r=t.toByteArray(),i=0;i=r.length)return null;for(var n=\"\";++i191&&s<224?(n+=String.fromCharCode((31&s)<<6|63&r[i+1]),++i):(n+=String.fromCharCode((15&s)<<12|(63&r[i+1])<<6|63&r[i+2]),i+=2)}return n}(r,this.n.bitLength()+7>>3)},rt.prototype.decryptOAEP=function(t,e,r){if(t.length!=Math.ceil(this.n.bitLength()/4))throw new Error(\"wrong ctext length\");var i=tt(t,16),n=this.doPrivate(i);return null==n?null:function(t,e,r,i){var n=ht.crypto.MessageDigest,s=ht.crypto.Util,a=null;for(r||(r=\"sha1\"),\"string\"==typeof r&&(a=n.getCanonicalAlgName(r),i=n.getHashLength(a),r=function(t){return wt(s.hashHex(bt(t),a))}),t=t.toByteArray(),o=0;o>3,e,r)},nt.prototype.equals=function(t){return t==this||this.q.equals(t.q)&&this.x.equals(t.x)},nt.prototype.toBigInteger=function(){return this.x},nt.prototype.negate=function(){return new nt(this.q,this.x.negate().mod(this.q))},nt.prototype.add=function(t){return new nt(this.q,this.x.add(t.toBigInteger()).mod(this.q))},nt.prototype.subtract=function(t){return new nt(this.q,this.x.subtract(t.toBigInteger()).mod(this.q))},nt.prototype.multiply=function(t){return new nt(this.q,this.x.multiply(t.toBigInteger()).mod(this.q))},nt.prototype.square=function(){return new nt(this.q,this.x.square().mod(this.q))},nt.prototype.divide=function(t){return new nt(this.q,this.x.multiply(t.toBigInteger().modInverse(this.q)).mod(this.q))},st.prototype.getX=function(){return null==this.zinv&&(this.zinv=this.z.modInverse(this.curve.q)),this.curve.fromBigInteger(this.x.toBigInteger().multiply(this.zinv).mod(this.curve.q))},st.prototype.getY=function(){return null==this.zinv&&(this.zinv=this.z.modInverse(this.curve.q)),this.curve.fromBigInteger(this.y.toBigInteger().multiply(this.zinv).mod(this.curve.q))},st.prototype.equals=function(t){return t==this||(this.isInfinity()?t.isInfinity():t.isInfinity()?this.isInfinity():!!t.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(t.z)).mod(this.curve.q).equals(E.ZERO)&&t.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(t.z)).mod(this.curve.q).equals(E.ZERO))},st.prototype.isInfinity=function(){return null==this.x&&null==this.y||this.z.equals(E.ZERO)&&!this.y.toBigInteger().equals(E.ZERO)},st.prototype.negate=function(){return new st(this.curve,this.x,this.y.negate(),this.z)},st.prototype.add=function(t){if(this.isInfinity())return t;if(t.isInfinity())return this;var e=t.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(t.z)).mod(this.curve.q),r=t.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(t.z)).mod(this.curve.q);if(E.ZERO.equals(r))return E.ZERO.equals(e)?this.twice():this.curve.getInfinity();var i=new E(\"3\"),n=this.x.toBigInteger(),s=this.y.toBigInteger(),a=(t.x.toBigInteger(),t.y.toBigInteger(),r.square()),o=a.multiply(r),h=n.multiply(a),u=e.square().multiply(this.z),c=u.subtract(h.shiftLeft(1)).multiply(t.z).subtract(o).multiply(r).mod(this.curve.q),l=h.multiply(i).multiply(e).subtract(s.multiply(o)).subtract(u.multiply(e)).multiply(t.z).add(e.multiply(o)).mod(this.curve.q),f=o.multiply(this.z).multiply(t.z).mod(this.curve.q);return new st(this.curve,this.curve.fromBigInteger(c),this.curve.fromBigInteger(l),f)},st.prototype.twice=function(){if(this.isInfinity())return this;if(0==this.y.toBigInteger().signum())return this.curve.getInfinity();var t=new E(\"3\"),e=this.x.toBigInteger(),r=this.y.toBigInteger(),i=r.multiply(this.z),n=i.multiply(r).mod(this.curve.q),s=this.curve.a.toBigInteger(),a=e.square().multiply(t);E.ZERO.equals(s)||(a=a.add(this.z.square().multiply(s)));var o=(a=a.mod(this.curve.q)).square().subtract(e.shiftLeft(3).multiply(n)).shiftLeft(1).multiply(i).mod(this.curve.q),h=a.multiply(t).multiply(e).subtract(n.shiftLeft(1)).shiftLeft(2).multiply(n).subtract(a.square().multiply(a)).mod(this.curve.q),u=i.square().multiply(i).shiftLeft(3).mod(this.curve.q);return new st(this.curve,this.curve.fromBigInteger(o),this.curve.fromBigInteger(h),u)},st.prototype.multiply=function(t){if(this.isInfinity())return this;if(0==t.signum())return this.curve.getInfinity();var e,r=t,i=r.multiply(new E(\"3\")),n=this.negate(),s=this,a=this.curve.q.subtract(t),o=a.multiply(new E(\"3\")),h=new st(this.curve,this.x,this.y),u=h.negate();for(e=i.bitLength()-2;e>0;--e){s=s.twice();var c=i.testBit(e);c!=r.testBit(e)&&(s=s.add(c?this:n))}for(e=o.bitLength()-2;e>0;--e){h=h.twice();var l=o.testBit(e);l!=a.testBit(e)&&(h=h.add(l?h:u))}return s},st.prototype.multiplyTwo=function(t,e,r){var i;i=t.bitLength()>r.bitLength()?t.bitLength()-1:r.bitLength()-1;for(var n=this.curve.getInfinity(),s=this.add(e);i>=0;)n=n.twice(),t.testBit(i)?n=r.testBit(i)?n.add(s):n.add(this):r.testBit(i)&&(n=n.add(e)),--i;return n},at.prototype.getQ=function(){return this.q},at.prototype.getA=function(){return this.a},at.prototype.getB=function(){return this.b},at.prototype.equals=function(t){return t==this||this.q.equals(t.q)&&this.a.equals(t.a)&&this.b.equals(t.b)},at.prototype.getInfinity=function(){return this.infinity},at.prototype.fromBigInteger=function(t){return new nt(this.q,t)},at.prototype.decodePointHex=function(t){switch(parseInt(t.substr(0,2),16)){case 0:return this.infinity;case 2:case 3:return null;case 4:case 6:case 7:var e=(t.length-2)/2,r=t.substr(2,e),i=t.substr(e+2,e);return new st(this,this.fromBigInteger(new E(r,16)),this.fromBigInteger(new E(i,16)));default:return null}},nt.prototype.getByteLength=function(){return Math.floor((this.toBigInteger().bitLength()+7)/8)},st.prototype.getEncoded=function(t){var e=function(t,e){var r=t.toByteArrayUnsigned();if(er.length;)r.unshift(0);return r},r=this.getX().toBigInteger(),i=this.getY().toBigInteger(),n=e(r,32);return t?i.isEven()?n.unshift(2):n.unshift(3):(n.unshift(4),n=n.concat(e(i,32))),n},st.decodeFrom=function(t,e){e[0];var r=e.length-1,i=e.slice(1,1+r/2),n=e.slice(1+r/2,1+r);i.unshift(0),n.unshift(0);var s=new E(i),a=new E(n);return new st(t,t.fromBigInteger(s),t.fromBigInteger(a))},st.decodeFromHex=function(t,e){e.substr(0,2);var r=e.length-2,i=e.substr(2,r/2),n=e.substr(2+r/2,r/2),s=new E(i,16),a=new E(n,16);return new st(t,t.fromBigInteger(s),t.fromBigInteger(a))},st.prototype.add2D=function(t){if(this.isInfinity())return t;if(t.isInfinity())return this;if(this.x.equals(t.x))return this.y.equals(t.y)?this.twice():this.curve.getInfinity();var e=t.x.subtract(this.x),r=t.y.subtract(this.y).divide(e),i=r.square().subtract(this.x).subtract(t.x),n=r.multiply(this.x.subtract(i)).subtract(this.y);return new st(this.curve,i,n)},st.prototype.twice2D=function(){if(this.isInfinity())return this;if(0==this.y.toBigInteger().signum())return this.curve.getInfinity();var t=this.curve.fromBigInteger(E.valueOf(2)),e=this.curve.fromBigInteger(E.valueOf(3)),r=this.x.square().multiply(e).add(this.curve.a).divide(this.y.multiply(t)),i=r.square().subtract(this.x.multiply(t)),n=r.multiply(this.x.subtract(i)).subtract(this.y);return new st(this.curve,i,n)},st.prototype.multiply2D=function(t){if(this.isInfinity())return this;if(0==t.signum())return this.curve.getInfinity();var e,r=t,i=r.multiply(new E(\"3\")),n=this.negate(),s=this;for(e=i.bitLength()-2;e>0;--e){s=s.twice();var a=i.testBit(e);a!=r.testBit(e)&&(s=s.add2D(a?this:n))}return s},st.prototype.isOnCurve=function(){var t=this.getX().toBigInteger(),e=this.getY().toBigInteger(),r=this.curve.getA().toBigInteger(),i=this.curve.getB().toBigInteger(),n=this.curve.getQ(),s=e.multiply(e).mod(n),a=t.multiply(t).multiply(t).add(r.multiply(t)).add(i).mod(n);return s.equals(a)},st.prototype.toString=function(){return\"(\"+this.getX().toBigInteger().toString()+\",\"+this.getY().toBigInteger().toString()+\")\"},st.prototype.validate=function(){var t=this.curve.getQ();if(this.isInfinity())throw new Error(\"Point is at infinity.\");var e=this.getX().toBigInteger(),r=this.getY().toBigInteger();if(e.compareTo(E.ONE)<0||e.compareTo(t.subtract(E.ONE))>0)throw new Error(\"x coordinate out of bounds\");if(r.compareTo(E.ONE)<0||r.compareTo(t.subtract(E.ONE))>0)throw new Error(\"y coordinate out of bounds\");if(!this.isOnCurve())throw new Error(\"Point is not on the curve.\");if(this.multiply(t).isInfinity())throw new Error(\"Point is not a scalar multiple of G.\");return!0};var ot=function(){var t=new RegExp('(?:false|true|null|[\\\\{\\\\}\\\\[\\\\]]|(?:-?\\\\b(?:0|[1-9][0-9]*)(?:\\\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\\\b)|(?:\"(?:[^\\\\0-\\\\x08\\\\x0a-\\\\x1f\"\\\\\\\\]|\\\\\\\\(?:[\"/\\\\\\\\bfnrt]|u[0-9A-Fa-f]{4}))*\"))',\"g\"),e=new RegExp(\"\\\\\\\\(?:([^u])|u(.{4}))\",\"g\"),r={'\"':'\"',\"/\":\"/\",\"\\\\\":\"\\\\\",b:\"\\b\",f:\"\\f\",n:\"\\n\",r:\"\\r\",t:\"\\t\"};function i(t,e,i){return e?r[e]:String.fromCharCode(parseInt(i,16))}var n=new String(\"\"),s=Object.hasOwnProperty;return function(r,a){var o,h,u=r.match(t),c=u[0],l=!1;\"{\"===c?o={}:\"[\"===c?o=[]:(o=[],l=!0);for(var f=[o],g=1-l,p=u.length;g=0;)delete r[i[h]]}return a.call(t,e,r)};o=v({\"\":o},\"\")}return o}}();void 0!==ht&&ht||(ht={}),void 0!==ht.asn1&&ht.asn1||(ht.asn1={}),ht.asn1.ASN1Util=new function(){this.integerToByteHex=function(t){var e=t.toString(16);return e.length%2==1&&(e=\"0\"+e),e},this.bigIntToMinTwosComplementsHex=function(t){var e=t.toString(16);if(\"-\"!=e.substr(0,1))e.length%2==1?e=\"0\"+e:e.match(/^[0-7]/)||(e=\"00\"+e);else{var r=e.substr(1).length;r%2==1?r+=1:e.match(/^[0-7]/)||(r+=2);for(var i=\"\",n=0;n15)throw\"ASN.1 length too long to represent by 8x: n = \"+t.toString(16);return(128+r).toString(16)+e},this.getEncodedHex=function(){return(null==this.hTLV||this.isModified)&&(this.hV=this.getFreshValueHex(),this.hL=this.getLengthHexFromValue(),this.hTLV=this.hT+this.hL+this.hV,this.isModified=!1),this.hTLV},this.getValueHex=function(){return this.getEncodedHex(),this.hV},this.getFreshValueHex=function(){return\"\"},this.setByParam=function(t){this.params=t},null!=t&&null!=t.tlv&&(this.hTLV=t.tlv,this.isModified=!1)},ht.asn1.DERAbstractString=function(t){ht.asn1.DERAbstractString.superclass.constructor.call(this),this.getString=function(){return this.s},this.setString=function(t){this.hTLV=null,this.isModified=!0,this.s=t,this.hV=xt(this.s).toLowerCase()},this.setStringHex=function(t){this.hTLV=null,this.isModified=!0,this.s=null,this.hV=t},this.getFreshValueHex=function(){return this.hV},void 0!==t&&(\"string\"==typeof t?this.setString(t):void 0!==t.str?this.setString(t.str):void 0!==t.hex&&this.setStringHex(t.hex))},zt(ht.asn1.DERAbstractString,ht.asn1.ASN1Object),ht.asn1.DERAbstractTime=function(t){ht.asn1.DERAbstractTime.superclass.constructor.call(this),this.localDateToUTC=function(t){var e=t.getTime()+6e4*t.getTimezoneOffset();return new Date(e)},this.formatDate=function(t,e,r){var i=this.zeroPadding,n=this.localDateToUTC(t),s=String(n.getFullYear());\"utc\"==e&&(s=s.substr(2,2));var a=s+i(String(n.getMonth()+1),2)+i(String(n.getDate()),2)+i(String(n.getHours()),2)+i(String(n.getMinutes()),2)+i(String(n.getSeconds()),2);if(!0===r){var o=n.getMilliseconds();if(0!=o){var h=i(String(o),3);a=a+\".\"+(h=h.replace(/[0]+$/,\"\"))}}return a+\"Z\"},this.zeroPadding=function(t,e){return t.length>=e?t:new Array(e-t.length+1).join(\"0\")+t},this.setByParam=function(t){this.hV=null,this.hTLV=null,this.params=t},this.getString=function(){},this.setString=function(t){this.hTLV=null,this.isModified=!0,null==this.params&&(this.params={}),this.params.str=t},this.setByDate=function(t){this.hTLV=null,this.isModified=!0,null==this.params&&(this.params={}),this.params.date=t},this.setByDateValue=function(t,e,r,i,n,s){var a=new Date(Date.UTC(t,e-1,r,i,n,s,0));this.setByDate(a)},this.getFreshValueHex=function(){return this.hV}},zt(ht.asn1.DERAbstractTime,ht.asn1.ASN1Object),ht.asn1.DERAbstractStructured=function(t){ht.asn1.DERAbstractString.superclass.constructor.call(this),this.setByASN1ObjectArray=function(t){this.hTLV=null,this.isModified=!0,this.asn1Array=t},this.appendASN1Object=function(t){this.hTLV=null,this.isModified=!0,this.asn1Array.push(t)},this.asn1Array=new Array,void 0!==t&&void 0!==t.array&&(this.asn1Array=t.array)},zt(ht.asn1.DERAbstractStructured,ht.asn1.ASN1Object),ht.asn1.DERBoolean=function(t){ht.asn1.DERBoolean.superclass.constructor.call(this),this.hT=\"01\",this.hTLV=0==t?\"010100\":\"0101ff\"},zt(ht.asn1.DERBoolean,ht.asn1.ASN1Object),ht.asn1.DERInteger=function(t){ht.asn1.DERInteger.superclass.constructor.call(this),this.hT=\"02\",this.setByBigInteger=function(t){this.hTLV=null,this.isModified=!0,this.hV=ht.asn1.ASN1Util.bigIntToMinTwosComplementsHex(t)},this.setByInteger=function(t){var e=new E(String(t),10);this.setByBigInteger(e)},this.setValueHex=function(t){this.hV=t},this.getFreshValueHex=function(){return this.hV},void 0!==t&&(void 0!==t.bigint?this.setByBigInteger(t.bigint):void 0!==t.int?this.setByInteger(t.int):\"number\"==typeof t?this.setByInteger(t):void 0!==t.hex&&this.setValueHex(t.hex))},zt(ht.asn1.DERInteger,ht.asn1.ASN1Object),ht.asn1.DERBitString=function(t){if(void 0!==t&&void 0!==t.obj){var e=ht.asn1.ASN1Util.newObject(t.obj);t.hex=\"00\"+e.getEncodedHex()}ht.asn1.DERBitString.superclass.constructor.call(this),this.hT=\"03\",this.setHexValueIncludingUnusedBits=function(t){this.hTLV=null,this.isModified=!0,this.hV=t},this.setUnusedBitsAndHexValue=function(t,e){if(t<0||7n.length&&(n=i[r]);return(t=t.replace(n,\"::\")).slice(1,-1)}function Ot(t){var e=\"malformed hex value\";if(!t.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/))throw e;if(8!=t.length)return 32==t.length?Nt(t):t;try{return parseInt(t.substr(0,2),16)+\".\"+parseInt(t.substr(2,2),16)+\".\"+parseInt(t.substr(4,2),16)+\".\"+parseInt(t.substr(6,2),16)}catch(r){throw e}}function jt(t){return t.match(/.{4}/g).map((function(t){var e=parseInt(t.substr(0,2),16),r=parseInt(t.substr(2),16);if(0==e&r<128)return String.fromCharCode(r);if(e<8){var i=128|63&r;return Et((192|(7&e)<<3|(192&r)>>6).toString(16)+i.toString(16))}i=128|(15&e)<<2|(192&r)>>6;var n=128|63&r;return Et((224|(240&e)>>4).toString(16)+i.toString(16)+n.toString(16))})).join(\"\")}function Vt(t){for(var e=encodeURIComponent(t),r=\"\",i=0;i\"7\"?\"00\"+t:t}function kt(t){t=(t=(t=t.replace(/^\\s*\\[\\s*/,\"\")).replace(/\\s*\\]\\s*$/,\"\")).replace(/\\s*/g,\"\");try{return t.split(/,/).map((function(t,e,r){var i=parseInt(t);if(i<0||2550&&(c=c+\".\"+h.join(\".\")),c}catch(n){return null}}lt.getLblen=function(t,e){if(\"8\"!=t.substr(e+2,1))return 1;var r=parseInt(t.substr(e+3,1));return 0==r?-1:0=i)break}return a},lt.getNthChildIdx=function(t,e,r){return lt.getChildIdx(t,e)[r]},lt.getIdxbyList=function(t,e,r,i){var n,s,a=lt;return 0==r.length?void 0!==i&&t.substr(e,2)!==i?-1:e:(n=r.shift())>=(s=a.getChildIdx(t,e)).length?-1:a.getIdxbyList(t,s[n],r,i)},lt.getIdxbyListEx=function(t,e,r,i){var n,s,a=lt;if(0==r.length)return void 0!==i&&t.substr(e,2)!==i?-1:e;n=r.shift(),s=a.getChildIdx(t,e);for(var o=0,h=0;h=t.length?null:n.getTLV(t,s)},lt.getTLVbyListEx=function(t,e,r,i){var n=lt,s=n.getIdxbyListEx(t,e,r,i);return-1==s?null:n.getTLV(t,s)},lt.getVbyList=function(t,e,r,i,n){var s,a,o=lt;return-1==(s=o.getIdxbyList(t,e,r,i))||s>=t.length?null:(a=o.getV(t,s),!0===n&&(a=a.substr(2)),a)},lt.getVbyListEx=function(t,e,r,i,n){var s,a,o=lt;return-1==(s=o.getIdxbyListEx(t,e,r,i))?null:(a=o.getV(t,s),\"03\"==t.substr(s,2)&&!1!==n&&(a=a.substr(2)),a)},lt.getInt=function(t,e,r){null==r&&(r=-1);try{var i=t.substr(e,2);if(\"02\"!=i&&\"03\"!=i)return r;var n=lt.getV(t,e);return\"02\"==i?parseInt(n,16):Ut(n)}catch(h){return r}},lt.getOID=function(t,e,r){null==r&&(r=null);try{return\"06\"!=t.substr(e,2)?r:_t(lt.getV(t,e))}catch(i){return r}},lt.getOIDName=function(t,e,r){null==r&&(r=null);try{var i=lt.getOID(t,e,r);if(i==r)return r;var n=ht.asn1.x509.OID.oid2name(i);return\"\"==n?i:n}catch(u){return r}},lt.getString=function(t,e,r){null==r&&(r=null);try{return wt(lt.getV(t,e))}catch(u){return r}},lt.hextooidstr=function(t){var e=function(t,e){return t.length>=e?t:new Array(e-t.length+1).join(\"0\")+t},r=[],i=t.substr(0,2),n=parseInt(i,16);r[0]=new String(Math.floor(n/40)),r[1]=new String(n%40);for(var s=t.substr(2),a=[],o=0;o0&&(c=c+\".\"+h.join(\".\")),c},lt.dump=function(t,e,r,i){var n=lt,s=n.getV,a=n.dump,o=n.getChildIdx,h=t;t instanceof ht.asn1.ASN1Object&&(h=t.getEncodedHex());var u=function(t,e){return t.length<=2*e?t:t.substr(0,e)+\"..(total \"+t.length/2+\"bytes)..\"+t.substr(t.length-e,e)};void 0===e&&(e={ommit_long_octet:32}),void 0===r&&(r=0),void 0===i&&(i=\"\");var c,l=e.ommit_long_octet;if(\"01\"==(c=h.substr(r,2)))return\"00\"==(f=s(h,r))?i+\"BOOLEAN FALSE\\n\":i+\"BOOLEAN TRUE\\n\";if(\"02\"==c)return i+\"INTEGER \"+u(f=s(h,r),l)+\"\\n\";if(\"03\"==c){var f=s(h,r);return n.isASN1HEX(f.substr(2))?(E=i+\"BITSTRING, encapsulates\\n\")+a(f.substr(2),e,0,i+\" \"):i+\"BITSTRING \"+u(f,l)+\"\\n\"}if(\"04\"==c)return f=s(h,r),n.isASN1HEX(f)?(E=i+\"OCTETSTRING, encapsulates\\n\")+a(f,e,0,i+\" \"):i+\"OCTETSTRING \"+u(f,l)+\"\\n\";if(\"05\"==c)return i+\"NULL\\n\";if(\"06\"==c){var g=s(h,r),p=ht.asn1.ASN1Util.oidHexToInt(g),d=ht.asn1.x509.OID.oid2name(p),v=p.replace(/\\./g,\" \");return\"\"!=d?i+\"ObjectIdentifier \"+d+\" (\"+v+\")\\n\":i+\"ObjectIdentifier (\"+v+\")\\n\"}if(\"0a\"==c)return i+\"ENUMERATED \"+parseInt(s(h,r))+\"\\n\";if(\"0c\"==c)return i+\"UTF8String '\"+Et(s(h,r))+\"'\\n\";if(\"13\"==c)return i+\"PrintableString '\"+Et(s(h,r))+\"'\\n\";if(\"14\"==c)return i+\"TeletexString '\"+Et(s(h,r))+\"'\\n\";if(\"16\"==c)return i+\"IA5String '\"+Et(s(h,r))+\"'\\n\";if(\"17\"==c)return i+\"UTCTime \"+Et(s(h,r))+\"\\n\";if(\"18\"==c)return i+\"GeneralizedTime \"+Et(s(h,r))+\"\\n\";if(\"1a\"==c)return i+\"VisualString '\"+Et(s(h,r))+\"'\\n\";if(\"1e\"==c)return i+\"BMPString '\"+jt(s(h,r))+\"'\\n\";if(\"30\"==c){if(\"3000\"==h.substr(r,4))return i+\"SEQUENCE {}\\n\";E=i+\"SEQUENCE\\n\";var y=e;if((2==(x=o(h,r)).length||3==x.length)&&\"06\"==h.substr(x[0],2)&&\"04\"==h.substr(x[x.length-1],2)){d=n.oidname(s(h,x[0]));var m=JSON.parse(JSON.stringify(e));m.x509ExtName=d,y=m}for(var S=0;S31)&&128==(192&r)&&(31&r)==i}catch(h){return!1}},lt.isASN1HEX=function(t){var e=lt;if(t.length%2==1)return!1;var r=e.getVblen(t,0),i=t.substr(0,2),n=e.getL(t,0);return t.length-i.length-n.length==2*r},lt.checkStrictDER=function(t,e,r,i,n){var s=lt;if(void 0===r){if(\"string\"!=typeof t)throw new Error(\"not hex string\");if(t=t.toLowerCase(),!ht.lang.String.isHex(t))throw new Error(\"not hex string\");r=t.length,n=(i=t.length/2)<128?1:Math.ceil(i.toString(16))+1}if(s.getL(t,e).length>2*n)throw new Error(\"L of TLV too long: idx=\"+e);var a=s.getVblen(t,e);if(a>i)throw new Error(\"value of L too long than hex: idx=\"+e);var o=s.getTLV(t,e),h=o.length-2-s.getL(t,e).length;if(h!==2*a)throw new Error(\"V string length and L's value not the same:\"+h+\"/\"+2*a);if(0===e&&t.length!=o.length)throw new Error(\"total length and TLV length unmatch:\"+t.length+\"!=\"+o.length);var u=t.substr(e,2);if(\"02\"===u){var c=s.getVidx(t,e);if(\"00\"==t.substr(c,2)&&t.charCodeAt(c+2)<56)throw new Error(\"not least zeros for DER INTEGER\")}if(32&parseInt(u,16)){for(var l=s.getVblen(t,e),f=0,g=s.getChildIdx(t,e),p=0;p0&&t.push(new i({tag:\"a3\",obj:new u(e.ext)})),new ht.asn1.DERSequence({array:t}).getEncodedHex()},void 0!==t&&this.setByParam(t)},zt(ht.asn1.x509.TBSCertificate,ht.asn1.ASN1Object),ht.asn1.x509.Extensions=function(t){ht.asn1.x509.Extensions.superclass.constructor.call(this);var e=ht.asn1,r=e.DERSequence,i=e.x509;this.aParam=[],this.setByParam=function(t){this.aParam=t},this.getEncodedHex=function(){for(var t=[],e=0;e-1&&t.push(new i({int:this.pathLen}));var e=new n({array:t});return this.asn1ExtnValue=e,this.asn1ExtnValue.getEncodedHex()},this.oid=\"2.5.29.19\",this.cA=!1,this.pathLen=-1,void 0!==t&&(void 0!==t.cA&&(this.cA=t.cA),void 0!==t.pathLen&&(this.pathLen=t.pathLen))},zt(ht.asn1.x509.BasicConstraints,ht.asn1.x509.Extension),ht.asn1.x509.CRLDistributionPoints=function(t){ht.asn1.x509.CRLDistributionPoints.superclass.constructor.call(this,t);var e=ht.asn1,r=e.x509;this.getExtnValueHex=function(){return this.asn1ExtnValue.getEncodedHex()},this.setByDPArray=function(t){for(var i=[],n=0;n0&&t.push(new r({array:e}))}return new r({array:t}).getEncodedHex()},void 0!==t&&(this.params=t)},zt(ht.asn1.x509.PolicyInformation,ht.asn1.ASN1Object),ht.asn1.x509.PolicyQualifierInfo=function(t){ht.asn1.x509.PolicyQualifierInfo.superclass.constructor.call(this,t);var e=ht.asn1,r=e.DERSequence,i=e.DERIA5String,n=e.DERObjectIdentifier,s=e.x509.UserNotice;this.params=null,this.getEncodedHex=function(){return void 0!==this.params.cps?new r({array:[new n({oid:\"1.3.6.1.5.5.7.2.1\"}),new i({str:this.params.cps})]}).getEncodedHex():null!=this.params.unotice?new r({array:[new n({oid:\"1.3.6.1.5.5.7.2.2\"}),new s(this.params.unotice)]}).getEncodedHex():void 0},void 0!==t&&(this.params=t)},zt(ht.asn1.x509.PolicyQualifierInfo,ht.asn1.ASN1Object),ht.asn1.x509.UserNotice=function(t){ht.asn1.x509.UserNotice.superclass.constructor.call(this,t);var e=ht.asn1.DERSequence,r=(ht.asn1.DERInteger,ht.asn1.x509.DisplayText),i=ht.asn1.x509.NoticeReference;this.params=null,this.getEncodedHex=function(){var t=[];return void 0!==this.params.noticeref&&t.push(new i(this.params.noticeref)),void 0!==this.params.exptext&&t.push(new r(this.params.exptext)),new e({array:t}).getEncodedHex()},void 0!==t&&(this.params=t)},zt(ht.asn1.x509.UserNotice,ht.asn1.ASN1Object),ht.asn1.x509.NoticeReference=function(t){ht.asn1.x509.NoticeReference.superclass.constructor.call(this,t);var e=ht.asn1.DERSequence,r=ht.asn1.DERInteger,i=ht.asn1.x509.DisplayText;this.params=null,this.getEncodedHex=function(){var t=[];if(void 0!==this.params.org&&t.push(new i(this.params.org)),void 0!==this.params.noticenum){for(var n=[],s=this.params.noticenum,a=0;a0)for(var t=0;t0;n++){var s=e.shift();if(!0===r){var a=(i.pop()+\",\"+s).replace(/\\\\,/g,\",\");i.push(a),r=!1}else i.push(s);\"\\\\\"===s.substr(-1,1)&&(r=!0)}return(i=i.map((function(t){return t.replace(\"/\",\"\\\\/\")}))).reverse(),\"/\"+i.join(\"/\")},ht.asn1.x509.X500Name.ldapToOneline=function(t){return ht.asn1.x509.X500Name.ldapToCompat(t)},ht.asn1.x509.RDN=function(t){ht.asn1.x509.RDN.superclass.constructor.call(this),this.asn1Array=[],this.paramArray=[],this.sRule=\"utf8\";var e=ht.asn1.x509.AttributeTypeAndValue;this.setByParam=function(t){void 0!==t.rule&&(this.sRule=t.rule),void 0!==t.str&&this.addByMultiValuedString(t.str),void 0!==t.array&&(this.paramArray=t.array)},this.addByString=function(t){this.asn1Array.push(new ht.asn1.x509.AttributeTypeAndValue({str:t,rule:this.sRule}))},this.addByMultiValuedString=function(t){for(var e=ht.asn1.x509.RDN.parseString(t),r=0;r0)for(var t=0;t0;n++){var s=e.shift();if(!0===r){var a=(i.pop()+\"+\"+s).replace(/\\\\\\+/g,\"+\");i.push(a),r=!1}else i.push(s);\"\\\\\"===s.substr(-1,1)&&(r=!0)}var o=!1,h=[];for(n=0;i.length>0;n++){if(s=i.shift(),!0===o){var u=h.pop();s.match(/\"$/)?(a=(u+\"+\"+s).replace(/^([^=]+)=\"(.*)\"$/,\"$1=$2\"),h.push(a),o=!1):h.push(u+\"+\"+s)}else h.push(s);s.match(/^[^=]+=\"/)&&(o=!0)}return h},ht.asn1.x509.AttributeTypeAndValue=function(t){ht.asn1.x509.AttributeTypeAndValue.superclass.constructor.call(this),this.sRule=\"utf8\",this.sType=null,this.sValue=null,this.dsType=null;var e=ht,r=e.asn1,i=r.DERSequence,n=r.DERUTF8String,s=r.DERPrintableString,a=r.DERTeletexString,o=r.DERIA5String,h=r.DERVisibleString,u=r.DERBMPString,c=e.lang.String.isMail,l=e.lang.String.isPrintable;this.setByParam=function(t){if(void 0!==t.rule&&(this.sRule=t.rule),void 0!==t.ds&&(this.dsType=t.ds),void 0===t.value&&void 0!==t.str){var e=t.str.match(/^([^=]+)=(.+)$/);if(!e)throw new Error(\"malformed attrTypeAndValueStr: \"+attrTypeAndValueStr);this.sType=e[1],this.sValue=e[2]}else this.sType=t.type,this.sValue=t.value},this.setByString=function(t,e){void 0!==e&&(this.sRule=e);var r=t.match(/^([^=]+)=(.+)$/);if(!r)throw new Error(\"malformed attrTypeAndValueStr: \"+attrTypeAndValueStr);this.setByAttrTypeAndValueStr(r[1],r[2])},this._getDsType=function(){var t=this.sType,e=this.sValue,r=this.sRule;return\"prn\"===r?\"CN\"==t&&c(e)?\"ia5\":l(e)?\"prn\":\"utf8\":\"utf8\"===r?\"CN\"==t&&c(e)?\"ia5\":\"C\"==t?\"prn\":\"utf8\":\"utf8\"},this.setByAttrTypeAndValueStr=function(t,e,r){void 0!==r&&(this.sRule=r),this.sType=t,this.sValue=e},this.getValueObj=function(t,e){if(\"utf8\"==t)return new n({str:e});if(\"prn\"==t)return new s({str:e});if(\"tel\"==t)return new a({str:e});if(\"ia5\"==t)return new o({str:e});if(\"vis\"==t)return new h({str:e});if(\"bmp\"==t)return new u({str:e});throw new Error(\"unsupported directory string type: type=\"+t+\" value=\"+e)},this.getEncodedHex=function(){null==this.dsType&&(this.dsType=this._getDsType());var t=ht.asn1.x509.OID.atype2obj(this.sType),e=this.getValueObj(this.dsType,this.sValue),r=new i({array:[t,e]});return this.TLV=r.getEncodedHex(),this.TLV},void 0!==t&&this.setByParam(t)},zt(ht.asn1.x509.AttributeTypeAndValue,ht.asn1.ASN1Object),ht.asn1.x509.SubjectPublicKeyInfo=function(t){ht.asn1.x509.SubjectPublicKeyInfo.superclass.constructor.call(this);var e=ht,r=e.asn1,i=r.DERInteger,n=r.DERBitString,s=r.DERObjectIdentifier,a=r.DERSequence,o=r.ASN1Util.newObject,h=r.x509.AlgorithmIdentifier,u=e.crypto;u.ECDSA,u.DSA,this.getASN1Object=function(){if(null==this.asn1AlgId||null==this.asn1SubjPKey)throw\"algId and/or subjPubKey not set\";return new a({array:[this.asn1AlgId,this.asn1SubjPKey]})},this.getEncodedHex=function(){var t=this.getASN1Object();return this.hTLV=t.getEncodedHex(),this.hTLV},this.setPubKey=function(t){try{if(t instanceof rt){var e=o({seq:[{int:{bigint:t.n}},{int:{int:t.e}}]}).getEncodedHex();this.asn1AlgId=new h({name:\"rsaEncryption\"}),this.asn1SubjPKey=new n({hex:\"00\"+e})}}catch(u){}try{if(t instanceof ht.crypto.ECDSA){var r=new s({name:t.curveName});this.asn1AlgId=new h({name:\"ecPublicKey\",asn1params:r}),this.asn1SubjPKey=new n({hex:\"00\"+t.pubKeyHex})}}catch(u){}try{if(t instanceof ht.crypto.DSA){r=new o({seq:[{int:{bigint:t.p}},{int:{bigint:t.q}},{int:{bigint:t.g}}]}),this.asn1AlgId=new h({name:\"dsa\",asn1params:r});var a=new i({bigint:t.y});this.asn1SubjPKey=new n({hex:\"00\"+a.getEncodedHex()})}}catch(u){}},void 0!==t&&this.setPubKey(t)},zt(ht.asn1.x509.SubjectPublicKeyInfo,ht.asn1.ASN1Object),ht.asn1.x509.Time=function(t){ht.asn1.x509.Time.superclass.constructor.call(this);var e=ht.asn1,r=e.DERUTCTime,i=e.DERGeneralizedTime;this.params=null,this.type=null,this.setTimeParams=function(t){this.timeParams=t},this.setByParam=function(t){this.params=t},this.getType=function(t){return t.match(/^[0-9]{12}Z$/)?\"utc\":t.match(/^[0-9]{14}Z$/)?\"gen\":t.match(/^[0-9]{12}\\.[0-9]+Z$/)?\"utc\":t.match(/^[0-9]{14}\\.[0-9]+Z$/)?\"gen\":null},this.getEncodedHex=function(){var t=this.params,e=null;if(\"string\"==typeof t&&(t={str:t}),null==t||!t.str||null!=t.type&&null!=t.type||(t.type=this.getType(t.str)),null!=t&&t.str?(\"utc\"==t.type&&(e=new r(t.str)),\"gen\"==t.type&&(e=new i(t.str))):e=\"gen\"==this.type?new i:new r,null==e)throw new Error(\"wrong setting for Time\");return this.TLV=e.getEncodedHex(),this.TLV},null!=t&&this.setByParam(t)},ht.asn1.x509.Time_bak=function(t){ht.asn1.x509.Time_bak.superclass.constructor.call(this);var e=ht.asn1,r=e.DERUTCTime,i=e.DERGeneralizedTime;this.setTimeParams=function(t){this.timeParams=t},this.getEncodedHex=function(){var t=null;return t=null!=this.timeParams?\"utc\"==this.type?new r(this.timeParams):new i(this.timeParams):\"utc\"==this.type?new r:new i,this.TLV=t.getEncodedHex(),this.TLV},this.type=\"utc\",void 0!==t&&(void 0!==t.type?this.type=t.type:void 0!==t.str&&(t.str.match(/^[0-9]{12}Z$/)&&(this.type=\"utc\"),t.str.match(/^[0-9]{14}Z$/)&&(this.type=\"gen\")),this.timeParams=t)},zt(ht.asn1.x509.Time,ht.asn1.ASN1Object),ht.asn1.x509.AlgorithmIdentifier=function(t){ht.asn1.x509.AlgorithmIdentifier.superclass.constructor.call(this),this.nameAlg=null,this.asn1Alg=null,this.asn1Params=null,this.paramEmpty=!1;var e=ht.asn1,r=e.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV;if(this.getEncodedHex=function(){if(null===this.nameAlg&&null===this.asn1Alg)throw new Error(\"algorithm not specified\");if(null!==this.nameAlg){var t=null;for(var i in r)i===this.nameAlg&&(t=r[i]);if(null!==t)return this.hTLV=t,this.hTLV}null!==this.nameAlg&&null===this.asn1Alg&&(this.asn1Alg=e.x509.OID.name2obj(this.nameAlg));var n=[this.asn1Alg];null!==this.asn1Params&&n.push(this.asn1Params);var s=new e.DERSequence({array:n});return this.hTLV=s.getEncodedHex(),this.hTLV},void 0!==t&&(void 0!==t.name&&(this.nameAlg=t.name),void 0!==t.asn1params&&(this.asn1Params=t.asn1params),void 0!==t.paramempty&&(this.paramEmpty=t.paramempty)),null===this.asn1Params&&!1===this.paramEmpty&&null!==this.nameAlg){void 0!==this.nameAlg.name&&(this.nameAlg=this.nameAlg.name);var i=this.nameAlg.toLowerCase();\"withdsa\"!==i.substr(-7,7)&&\"withecdsa\"!==i.substr(-9,9)&&(this.asn1Params=new e.DERNull)}},zt(ht.asn1.x509.AlgorithmIdentifier,ht.asn1.ASN1Object),ht.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV={SHAwithRSAandMGF1:\"300d06092a864886f70d01010a3000\",SHA256withRSAandMGF1:\"303d06092a864886f70d01010a3030a00d300b0609608648016503040201a11a301806092a864886f70d010108300b0609608648016503040201a203020120\",SHA384withRSAandMGF1:\"303d06092a864886f70d01010a3030a00d300b0609608648016503040202a11a301806092a864886f70d010108300b0609608648016503040202a203020130\",SHA512withRSAandMGF1:\"303d06092a864886f70d01010a3030a00d300b0609608648016503040203a11a301806092a864886f70d010108300b0609608648016503040203a203020140\"},ht.asn1.x509.GeneralName=function(t){ht.asn1.x509.GeneralName.superclass.constructor.call(this);var e={rfc822:\"81\",dns:\"82\",dn:\"a4\",uri:\"86\",ip:\"87\"},r=ht.asn1,i=(r.DERSequence,r.DEROctetString),n=r.DERIA5String,s=r.DERTaggedObject,a=r.ASN1Object,o=r.x509.X500Name,h=Ct;this.explicit=!1,this.setByParam=function(t){var r=null;if(void 0!==t){if(void 0!==t.rfc822&&(this.type=\"rfc822\",r=new n({str:t[this.type]})),void 0!==t.dns&&(this.type=\"dns\",r=new n({str:t[this.type]})),void 0!==t.uri&&(this.type=\"uri\",r=new n({str:t[this.type]})),void 0!==t.dn&&(this.type=\"dn\",this.explicit=!0,r=\"string\"==typeof t.dn?new o({str:t.dn}):t.dn instanceof ht.asn1.x509.X500Name?t.dn:new o(t.dn)),void 0!==t.ldapdn&&(this.type=\"dn\",this.explicit=!0,r=new o({ldapstr:t.ldapdn})),void 0!==t.certissuer){this.type=\"dn\",this.explicit=!0;var u=null;if((l=t.certissuer).match(/^[0-9A-Fa-f]+$/),-1!=l.indexOf(\"-----BEGIN \")&&(u=h(l)),null==u)throw\"certissuer param not cert\";(f=new $t).hex=u;var c=f.getIssuerHex();(r=new a).hTLV=c}if(void 0!==t.certsubj){var l,f;if(this.type=\"dn\",this.explicit=!0,u=null,(l=t.certsubj).match(/^[0-9A-Fa-f]+$/),-1!=l.indexOf(\"-----BEGIN \")&&(u=h(l)),null==u)throw\"certsubj param not cert\";(f=new $t).hex=u,c=f.getSubjectHex(),(r=new a).hTLV=c}if(void 0!==t.ip){this.type=\"ip\",this.explicit=!1;var g,p=t.ip,d=\"malformed IP address\";if(p.match(/^[0-9.]+[.][0-9.]+$/)){if(8!==(g=kt(\"[\"+p.split(\".\").join(\",\")+\"]\")).length)throw d}else if(p.match(/^[0-9A-Fa-f:]+:[0-9A-Fa-f:]+$/))g=Ht(p);else{if(!p.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/))throw d;g=p}r=new i({hex:g})}if(null==this.type)throw\"unsupported type in params=\"+t;this.asn1Obj=new s({explicit:this.explicit,tag:e[this.type],obj:r})}},this.getEncodedHex=function(){return this.asn1Obj.getEncodedHex()},void 0!==t&&this.setByParam(t)},zt(ht.asn1.x509.GeneralName,ht.asn1.ASN1Object),ht.asn1.x509.GeneralNames=function(t){ht.asn1.x509.GeneralNames.superclass.constructor.call(this);var e=ht.asn1;this.setByParamArray=function(t){for(var r=0;r0){for(var r=s(t.valhex,e[0]),i=c(r,0),n=[],a=0;a1){var u=s(t.valhex,e[1]);t.polhex=u}delete t.valhex},this.setSignaturePolicyIdentifier=function(t){var r=c(t.valhex,0);if(r.length>0){var a=i.getOID(t.valhex,r[0]);t.oid=a}if(r.length>1){var o=new e,h=c(t.valhex,r[1]),u=s(t.valhex,h[0]),l=o.getAlgorithmIdentifierName(u);t.alg=l;var f=n(t.valhex,h[1]);t.hash=f}delete t.valhex},this.setSigningCertificateV2=function(t){var e=c(t.valhex,0);if(e.length>0){for(var r=s(t.valhex,e[0]),i=c(r,0),n=[],a=0;a1){var u=s(t.valhex,e[1]);t.polhex=u}delete t.valhex},this.getESSCertID=function(t){var e={},r=c(t,0);if(r.length>0){var i=n(t,r[0]);e.hash=i}if(r.length>1){var a=s(t,r[1]),o=this.getIssuerSerial(a);null!=o.serial&&(e.serial=o.serial),null!=o.issuer&&(e.issuer=o.issuer)}return e},this.getESSCertIDv2=function(e){var i={},a=c(e,0);if(a.length<1||3o+1){var l=s(e,a[o+1]),f=this.getIssuerSerial(l);i.issuer=f.issuer,i.serial=f.serial}return i},this.getIssuerSerial=function(t){var e={},i=c(t,0),a=s(t,i[0]),o=r.getGeneralNames(a)[0].dn;e.issuer=o;var h=n(t,i[1]);return e.serial={hex:h},e},this.getCertificateSet=function(t){for(var e=c(t,0),r=[],i=0;i1){var r=this.getPKIStatusInfo(i(t,e[0])),n=i(t,e[1]),a=this.getToken(n);return a.statusinfo=r,a}},this.getToken=function(t){var e=(new ht.asn1.cms.CMSParser).getCMSSignedData(t);return this.setTSTInfo(e),e},this.setTSTInfo=function(t){var e=t.econtent;if(\"tstinfo\"==e.type){var r=e.content.hex,i=this.getTSTInfo(r);e.content=i}},this.getTSTInfo=function(e){var n={},a=s(e,0),o=r(e,a[1]);n.policy=_t(o);var h=i(e,a[2]);n.messageImprint=this.getMessageImprint(h);var u=r(e,a[3]);n.serial={hex:u};var c=r(e,a[4]);n.genTime={str:Et(c)};var l=0;if(a.length>5&&\"30\"==e.substr(a[5],2)){var f=i(e,a[5]);n.accuracy=this.getAccuracy(f),l++}if(a.length>5+l&&\"01\"==e.substr(a[5+l],2)&&(\"ff\"==r(e,a[5+l])&&(n.ordering=!0),l++),a.length>5+l&&\"02\"==e.substr(a[5+l],2)){var g=r(e,a[5+l]);n.nonce={hex:g},l++}if(a.length>5+l&&\"a0\"==e.substr(a[5+l],2)){var p=i(e,a[5+l]);p=\"30\"+p.substr(2),pGeneralNames=t.getGeneralNames(p);var d=pGeneralNames[0].dn;n.tsa=d,l++}if(a.length>5+l&&\"a1\"==e.substr(a[5+l],2)){var v=i(e,a[5+l]);v=\"30\"+v.substr(2);var y=t.getExtParamArray(v);n.ext=y,l++}return n},this.getAccuracy=function(t){for(var e={},i=s(t,0),n=0;n1&&\"30\"==t.substr(n[1],2)){var c=i(t,n[1]);e.statusstr=this.getPKIFreeText(c),o++}if(n.length>o&&\"03\"==t.substr(n[1+o],2)){var l=i(t,n[1+o]);e.failinfo=this.getPKIFailureInfo(l)}return e},this.getPKIFreeText=function(t){for(var r=[],i=s(t,0),n=0;n=e?t:new Array(e-t.length+1).join(r)+t};function Ut(t){try{var e=t.substr(0,2);if(\"00\"==e)return parseInt(t.substr(2),16);var r=parseInt(e,16),i=t.substr(2),n=parseInt(i,16).toString(2);return\"0\"==n&&(n=\"00000000\"),n=n.slice(0,0-r),parseInt(n,2)}catch(u){return-1}}function zt(t,e){var r=function(){};r.prototype=e.prototype,t.prototype=new r,t.prototype.constructor=t,t.superclass=e.prototype,e.prototype.constructor==Object.prototype.constructor&&(e.prototype.constructor=e)}void 0!==ht&&ht||(ht={}),void 0!==ht.crypto&&ht.crypto||(ht.crypto={}),ht.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:\"3021300906052b0e03021a05000414\",sha224:\"302d300d06096086480165030402040500041c\",sha256:\"3031300d060960864801650304020105000420\",sha384:\"3041300d060960864801650304020205000430\",sha512:\"3051300d060960864801650304020305000440\",md2:\"3020300c06082a864886f70d020205000410\",md5:\"3020300c06082a864886f70d020505000410\",ripemd160:\"3021300906052b2403020105000414\"},this.DEFAULTPROVIDER={md5:\"cryptojs\",sha1:\"cryptojs\",sha224:\"cryptojs\",sha256:\"cryptojs\",sha384:\"cryptojs\",sha512:\"cryptojs\",ripemd160:\"cryptojs\",hmacmd5:\"cryptojs\",hmacsha1:\"cryptojs\",hmacsha224:\"cryptojs\",hmacsha256:\"cryptojs\",hmacsha384:\"cryptojs\",hmacsha512:\"cryptojs\",hmacripemd160:\"cryptojs\",MD5withRSA:\"cryptojs/jsrsa\",SHA1withRSA:\"cryptojs/jsrsa\",SHA224withRSA:\"cryptojs/jsrsa\",SHA256withRSA:\"cryptojs/jsrsa\",SHA384withRSA:\"cryptojs/jsrsa\",SHA512withRSA:\"cryptojs/jsrsa\",RIPEMD160withRSA:\"cryptojs/jsrsa\",MD5withECDSA:\"cryptojs/jsrsa\",SHA1withECDSA:\"cryptojs/jsrsa\",SHA224withECDSA:\"cryptojs/jsrsa\",SHA256withECDSA:\"cryptojs/jsrsa\",SHA384withECDSA:\"cryptojs/jsrsa\",SHA512withECDSA:\"cryptojs/jsrsa\",RIPEMD160withECDSA:\"cryptojs/jsrsa\",SHA1withDSA:\"cryptojs/jsrsa\",SHA224withDSA:\"cryptojs/jsrsa\",SHA256withDSA:\"cryptojs/jsrsa\",MD5withRSAandMGF1:\"cryptojs/jsrsa\",SHAwithRSAandMGF1:\"cryptojs/jsrsa\",SHA1withRSAandMGF1:\"cryptojs/jsrsa\",SHA224withRSAandMGF1:\"cryptojs/jsrsa\",SHA256withRSAandMGF1:\"cryptojs/jsrsa\",SHA384withRSAandMGF1:\"cryptojs/jsrsa\",SHA512withRSAandMGF1:\"cryptojs/jsrsa\",RIPEMD160withRSAandMGF1:\"cryptojs/jsrsa\"},this.CRYPTOJSMESSAGEDIGESTNAME={md5:d.algo.MD5,sha1:d.algo.SHA1,sha224:d.algo.SHA224,sha256:d.algo.SHA256,sha384:d.algo.SHA384,sha512:d.algo.SHA512,ripemd160:d.algo.RIPEMD160},this.getDigestInfoHex=function(t,e){if(void 0===this.DIGESTINFOHEAD[e])throw\"alg not supported in Util.DIGESTINFOHEAD: \"+e;return this.DIGESTINFOHEAD[e]+t},this.getPaddedDigestInfoHex=function(t,e,r){var i=this.getDigestInfoHex(t,e),n=r/4;if(i.length+22>n)throw\"key is too short for SigAlg: keylen=\"+r+\",\"+e;for(var s=\"0001\",a=\"00\"+i,o=\"\",h=n-s.length-a.length,u=0;u=0)return!1;if(i.compareTo(r.ONE)<0||i.compareTo(s)>=0)return!1;var o=i.modInverse(s),h=t.multiply(o).mod(s),u=e.multiply(o).mod(s);return a.multiply(h).add(n.multiply(u)).getX().toBigInteger().mod(s).equals(e)},this.serializeSig=function(t,e){var r=t.toByteArraySigned(),i=e.toByteArraySigned(),n=[];return n.push(2),n.push(r.length),(n=n.concat(r)).push(2),n.push(i.length),(n=n.concat(i)).unshift(n.length),n.unshift(48),n},this.parseSig=function(t){var e;if(48!=t[0])throw new Error(\"Signature not a valid DERSequence\");if(2!=t[e=2])throw new Error(\"First element in signature must be a DERInteger\");var i=t.slice(e+2,e+2+t[e+1]);if(2!=t[e+=2+t[e+1]])throw new Error(\"Second element in signature must be a DERInteger\");var n=t.slice(e+2,e+2+t[e+1]);return e+=2+t[e+1],{r:r.fromByteArrayUnsigned(i),s:r.fromByteArrayUnsigned(n)}},this.parseSigCompact=function(t){if(65!==t.length)throw\"Signature has the wrong length\";var e=t[0]-27;if(e<0||e>7)throw\"Invalid signature type\";var i=this.ecparams.n;return{r:r.fromByteArrayUnsigned(t.slice(1,33)).mod(i),s:r.fromByteArrayUnsigned(t.slice(33,65)).mod(i),i:e}},this.readPKCS5PrvKeyHex=function(t){if(!1===u(t))throw new Error(\"not ASN.1 hex string\");var e,r,i;try{e=h(t,0,[\"[0]\",0],\"06\"),r=h(t,0,[1],\"04\");try{i=h(t,0,[\"[1]\",0],\"03\")}catch(n){}}catch(n){throw new Error(\"malformed PKCS#1/5 plain ECC private key\")}if(this.curveName=a(e),void 0===this.curveName)throw\"unsupported curve name\";this.setNamedCurve(this.curveName),this.setPublicKeyHex(i),this.setPrivateKeyHex(r),this.isPublic=!1},this.readPKCS8PrvKeyHex=function(t){if(!1===u(t))throw new e(\"not ASN.1 hex string\");var r,i,n;try{h(t,0,[1,0],\"06\"),r=h(t,0,[1,1],\"06\"),i=h(t,0,[2,0,1],\"04\");try{n=h(t,0,[2,0,\"[1]\",0],\"03\")}catch(s){}}catch(s){throw new e(\"malformed PKCS#8 plain ECC private key\")}if(this.curveName=a(r),void 0===this.curveName)throw new e(\"unsupported curve name\");this.setNamedCurve(this.curveName),this.setPublicKeyHex(n),this.setPrivateKeyHex(i),this.isPublic=!1},this.readPKCS8PubKeyHex=function(t){if(!1===u(t))throw new e(\"not ASN.1 hex string\");var r,i;try{h(t,0,[0,0],\"06\"),r=h(t,0,[0,1],\"06\"),i=h(t,0,[1],\"03\")}catch(n){throw new e(\"malformed PKCS#8 ECC public key\")}if(this.curveName=a(r),null===this.curveName)throw new e(\"unsupported curve name\");this.setNamedCurve(this.curveName),this.setPublicKeyHex(i)},this.readCertPubKeyHex=function(t,r){if(!1===u(t))throw new e(\"not ASN.1 hex string\");var i,n;try{i=h(t,0,[0,5,0,1],\"06\"),n=h(t,0,[0,5,1],\"03\")}catch(s){throw new e(\"malformed X.509 certificate ECC public key\")}if(this.curveName=a(i),null===this.curveName)throw new e(\"unsupported curve name\");this.setNamedCurve(this.curveName),this.setPublicKeyHex(n)},void 0!==t&&void 0!==t.curve&&(this.curveName=t.curve),void 0===this.curveName&&(this.curveName=\"secp256r1\"),this.setNamedCurve(this.curveName),void 0!==t&&(void 0!==t.prv&&this.setPrivateKeyHex(t.prv),void 0!==t.pub&&this.setPublicKeyHex(t.pub))},ht.crypto.ECDSA.parseSigHex=function(t){var e=ht.crypto.ECDSA.parseSigHexInHexRS(t);return{r:new E(e.r,16),s:new E(e.s,16)}},ht.crypto.ECDSA.parseSigHexInHexRS=function(t){var e=lt,r=e.getChildIdx,i=e.getV;if(e.checkStrictDER(t,0),\"30\"!=t.substr(0,2))throw new Error(\"signature is not a ASN.1 sequence\");var n=r(t,0);if(2!=n.length)throw new Error(\"signature shall have two elements\");var s=n[0],a=n[1];if(\"02\"!=t.substr(s,2))throw new Error(\"1st item not ASN.1 integer\");if(\"02\"!=t.substr(a,2))throw new Error(\"2nd item not ASN.1 integer\");return{r:i(t,s),s:i(t,a)}},ht.crypto.ECDSA.asn1SigToConcatSig=function(t){var e=ht.crypto.ECDSA.parseSigHexInHexRS(t),r=e.r,i=e.s;if(r.length>=130&&r.length<=134){if(r.length%2!=0)throw Error(\"unknown ECDSA sig r length error\");if(i.length%2!=0)throw Error(\"unknown ECDSA sig s length error\");\"00\"==r.substr(0,2)&&(r=r.substr(2)),\"00\"==i.substr(0,2)&&(i=i.substr(2));var n=Math.max(r.length,i.length);return(r=(\"000000\"+r).slice(-n))+(\"000000\"+i).slice(-n)}if(\"00\"==r.substr(0,2)&&r.length%32==2&&(r=r.substr(2)),\"00\"==i.substr(0,2)&&i.length%32==2&&(i=i.substr(2)),r.length%32==30&&(r=\"00\"+r),i.length%32==30&&(i=\"00\"+i),r.length%32!=0)throw Error(\"unknown ECDSA sig r length error\");if(i.length%32!=0)throw Error(\"unknown ECDSA sig s length error\");return r+i},ht.crypto.ECDSA.concatSigToASN1Sig=function(t){if(t.length%4!=0)throw Error(\"unknown ECDSA concatinated r-s sig length error\");var e=t.substr(0,t.length/2),r=t.substr(t.length/2);return ht.crypto.ECDSA.hexRSSigToASN1Sig(e,r)},ht.crypto.ECDSA.hexRSSigToASN1Sig=function(t,e){var r=new E(t,16),i=new E(e,16);return ht.crypto.ECDSA.biRSSigToASN1Sig(r,i)},ht.crypto.ECDSA.biRSSigToASN1Sig=function(t,e){var r=ht.asn1,i=new r.DERInteger({bigint:t}),n=new r.DERInteger({bigint:e});return new r.DERSequence({array:[i,n]}).getEncodedHex()},ht.crypto.ECDSA.getName=function(t){return\"2b8104001f\"===t?\"secp192k1\":\"2a8648ce3d030107\"===t?\"secp256r1\":\"2b8104000a\"===t?\"secp256k1\":\"2b81040021\"===t?\"secp224r1\":\"2b81040022\"===t?\"secp384r1\":\"2b81040023\"===t?\"secp521r1\":-1!==\"|secp256r1|NIST P-256|P-256|prime256v1|\".indexOf(t)?\"secp256r1\":-1!==\"|secp256k1|\".indexOf(t)?\"secp256k1\":-1!==\"|secp224r1|NIST P-224|P-224|\".indexOf(t)?\"secp224r1\":-1!==\"|secp384r1|NIST P-384|P-384|\".indexOf(t)?\"secp384r1\":-1!==\"|secp521r1|NIST P-521|P-521|\".indexOf(t)?\"secp521r1\":null},void 0!==ht&&ht||(ht={}),void 0!==ht.crypto&&ht.crypto||(ht.crypto={}),ht.crypto.ECParameterDB=new function(){var t={},e={};function r(t){return new E(t,16)}this.getByName=function(r){var i=r;if(void 0!==e[i]&&(i=e[r]),void 0!==t[i])return t[i];throw\"unregistered EC curve name: \"+i},this.regist=function(i,n,s,a,o,h,u,c,l,f,g,p){t[i]={};var d=r(s),v=r(a),y=r(o),m=r(h),S=r(u),x=new at(d,v,y),E=x.decodePointHex(\"04\"+c+l);t[i].name=i,t[i].keylen=n,t[i].keycharlen=2*Math.ceil(n/8),t[i].curve=x,t[i].G=E,t[i].n=m,t[i].h=S,t[i].oid=g,t[i].info=p;for(var w=0;w1?new E(i,16):null,u=new E(n,16),this.setPrivate(s,a,o,h,u)},this.setPublic=function(t,e,r,i){this.isPublic=!0,this.p=t,this.q=e,this.g=r,this.y=i,this.x=null},this.setPublicHex=function(t,e,r,i){var n,s,a,o;n=new E(t,16),s=new E(e,16),a=new E(r,16),o=new E(i,16),this.setPublic(n,s,a,o)},this.signWithMessageHash=function(t){var e=this.p,r=this.q,i=this.g,n=(this.y,this.x),s=ht.crypto.Util.getRandomBigIntegerMinToMax(E.ONE.add(E.ONE),r.subtract(E.ONE)),a=new E(t.substr(0,r.bitLength()/4),16),o=i.modPow(s,e).mod(r),h=s.modInverse(r).multiply(a.add(n.multiply(o))).mod(r);return ht.asn1.ASN1Util.jsonToASN1HEX({seq:[{int:{bigint:o}},{int:{bigint:h}}]})},this.verifyWithMessageHash=function(t,e){var r=this.p,i=this.q,n=this.g,s=this.y,a=this.parseASN1Signature(e),o=a[0],h=a[1],u=new E(t.substr(0,i.bitLength()/4),16);if(E.ZERO.compareTo(o)>0||o.compareTo(i)>0)throw\"invalid DSA signature\";if(E.ZERO.compareTo(h)>=0||h.compareTo(i)>0)throw\"invalid DSA signature\";var c=h.modInverse(i),l=u.multiply(c).mod(i),f=o.multiply(c).mod(i);return 0==n.modPow(l,r).multiply(s.modPow(f,r)).mod(r).mod(i).compareTo(o)},this.parseASN1Signature=function(t){try{return[new i(e(t,0,[0],\"02\"),16),new i(e(t,0,[1],\"02\"),16)]}catch(r){throw new Error(\"malformed ASN.1 DSA signature\")}},this.readPKCS5PrvKeyHex=function(t){var i,n,s,a,o;if(!1===r(t))throw new Error(\"not ASN.1 hex string\");try{i=e(t,0,[1],\"02\"),n=e(t,0,[2],\"02\"),s=e(t,0,[3],\"02\"),a=e(t,0,[4],\"02\"),o=e(t,0,[5],\"02\")}catch(h){throw new Error(\"malformed PKCS#1/5 plain DSA private key\")}this.setPrivateHex(i,n,s,a,o)},this.readPKCS8PrvKeyHex=function(t){var i,n,s,a;if(!1===r(t))throw new Error(\"not ASN.1 hex string\");try{i=e(t,0,[1,1,0],\"02\"),n=e(t,0,[1,1,1],\"02\"),s=e(t,0,[1,1,2],\"02\"),a=e(t,0,[2,0],\"02\")}catch(o){throw new Error(\"malformed PKCS#8 plain DSA private key\")}this.setPrivateHex(i,n,s,null,a)},this.readPKCS8PubKeyHex=function(t){var i,n,s,a;if(!1===r(t))throw new Error(\"not ASN.1 hex string\");try{i=e(t,0,[0,1,0],\"02\"),n=e(t,0,[0,1,1],\"02\"),s=e(t,0,[0,1,2],\"02\"),a=e(t,0,[1,0],\"02\")}catch(o){throw new Error(\"malformed PKCS#8 DSA public key\")}this.setPublicHex(i,n,s,a)},this.readCertPubKeyHex=function(t,i){var n,s,a,o;if(!1===r(t))throw new Error(\"not ASN.1 hex string\");try{n=e(t,0,[0,5,0,1,0],\"02\"),s=e(t,0,[0,5,0,1,1],\"02\"),a=e(t,0,[0,5,0,1,2],\"02\"),o=e(t,0,[0,5,1,0],\"02\")}catch(h){throw new Error(\"malformed X.509 certificate DSA public key\")}this.setPublicHex(n,s,a,o)}};var Gt=function(){var t=function(t,r,i){return e(d.AES,t,r,i)},e=function(t,e,r,i){var n=d.enc.Hex.parse(e),s=d.enc.Hex.parse(r),a=d.enc.Hex.parse(i),o={};o.key=s,o.iv=a,o.ciphertext=n;var h=t.decrypt(o,s,{iv:a});return d.enc.Hex.stringify(h)},r=function(t,e,r){return i(d.AES,t,e,r)},i=function(t,e,r,i){var n=d.enc.Hex.parse(e),s=d.enc.Hex.parse(r),a=d.enc.Hex.parse(i),o=t.encrypt(n,s,{iv:a}),h=d.enc.Hex.parse(o.toString());return d.enc.Base64.stringify(h)},n={\"AES-256-CBC\":{proc:t,eproc:r,keylen:32,ivlen:16},\"AES-192-CBC\":{proc:t,eproc:r,keylen:24,ivlen:16},\"AES-128-CBC\":{proc:t,eproc:r,keylen:16,ivlen:16},\"DES-EDE3-CBC\":{proc:function(t,r,i){return e(d.TripleDES,t,r,i)},eproc:function(t,e,r){return i(d.TripleDES,t,e,r)},keylen:24,ivlen:8},\"DES-CBC\":{proc:function(t,r,i){return e(d.DES,t,r,i)},eproc:function(t,e,r){return i(d.DES,t,e,r)},keylen:8,ivlen:8}},s=function(t){var e={},r=t.match(new RegExp(\"DEK-Info: ([^,]+),([0-9A-Fa-f]+)\",\"m\"));r&&(e.cipher=r[1],e.ivsalt=r[2]);var i=t.match(new RegExp(\"-----BEGIN ([A-Z]+) PRIVATE KEY-----\"));i&&(e.type=i[1]);var n=-1,s=0;-1!=t.indexOf(\"\\r\\n\\r\\n\")&&(n=t.indexOf(\"\\r\\n\\r\\n\"),s=2),-1!=t.indexOf(\"\\n\\n\")&&(n=t.indexOf(\"\\n\\n\"),s=1);var a=t.indexOf(\"-----END\");if(-1!=n&&-1!=a){var o=t.substring(n+2*s,a-s);o=o.replace(/\\s+/g,\"\"),e.data=o}return e},a=function(t,e,r){for(var i=r.substring(0,16),s=d.enc.Hex.parse(i),a=d.enc.Utf8.parse(e),o=n[t].keylen+n[t].ivlen,h=\"\",u=null;;){var c=d.algo.MD5.create();if(null!=u&&c.update(u),c.update(a),c.update(s),u=c.finalize(),(h+=d.enc.Hex.stringify(u)).length>=2*o)break}var l={};return l.keyhex=h.substr(0,2*n[t].keylen),l.ivhex=h.substr(2*n[t].keylen,2*n[t].ivlen),l},o=function(t,e,r,i){var s=d.enc.Base64.parse(t),a=d.enc.Hex.stringify(s);return(0,n[e].proc)(a,r,i)};return{version:\"1.0.0\",parsePKCS5PEM:function(t){return s(t)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(t,e,r){return a(t,e,r)},decryptKeyB64:function(t,e,r,i){return o(t,e,r,i)},getDecryptedKeyHex:function(t,e){var r=s(t),i=(r.type,r.cipher),n=r.ivsalt,h=r.data,u=a(i,e,n).keyhex;return o(h,i,u,n)},getEncryptedPKCS5PEMFromPrvKeyHex:function(t,e,r,i,s){var o=\"\";if(void 0!==i&&null!=i||(i=\"AES-256-CBC\"),void 0===n[i])throw new Error(\"KEYUTIL unsupported algorithm: \"+i);void 0!==s&&null!=s||(s=function(t){var e=d.lib.WordArray.random(t);return d.enc.Hex.stringify(e)}(n[i].ivlen).toUpperCase());var h=function(t,e,r,i){return(0,n[e].eproc)(t,r,i)}(e,i,a(i,r,s).keyhex,s);return o=\"-----BEGIN \"+t+\" PRIVATE KEY-----\\r\\n\",o+=\"Proc-Type: 4,ENCRYPTED\\r\\n\",o+=\"DEK-Info: \"+i+\",\"+s+\"\\r\\n\",o+=\"\\r\\n\",(o+=h.replace(/(.{64})/g,\"$1\\r\\n\"))+\"\\r\\n-----END \"+t+\" PRIVATE KEY-----\\r\\n\"},parseHexOfEncryptedPKCS8:function(t){var e=lt,r=e.getChildIdx,i=e.getV,n={},s=r(t,0);if(2!=s.length)throw new Error(\"malformed format: SEQUENCE(0).items != 2: \"+s.length);n.ciphertext=i(t,s[1]);var a=r(t,s[0]);if(2!=a.length)throw new Error(\"malformed format: SEQUENCE(0.0).items != 2: \"+a.length);if(\"2a864886f70d01050d\"!=i(t,a[0]))throw new Error(\"this only supports pkcs5PBES2\");var o=r(t,a[1]);if(2!=a.length)throw new Error(\"malformed format: SEQUENCE(0.0.1).items != 2: \"+o.length);var h=r(t,o[1]);if(2!=h.length)throw new Error(\"malformed format: SEQUENCE(0.0.1.1).items != 2: \"+h.length);if(\"2a864886f70d0307\"!=i(t,h[0]))throw\"this only supports TripleDES\";n.encryptionSchemeAlg=\"TripleDES\",n.encryptionSchemeIV=i(t,h[1]);var u=r(t,o[0]);if(2!=u.length)throw new Error(\"malformed format: SEQUENCE(0.0.1.0).items != 2: \"+u.length);if(\"2a864886f70d01050c\"!=i(t,u[0]))throw new Error(\"this only supports pkcs5PBKDF2\");var c=r(t,u[1]);if(c.length<2)throw new Error(\"malformed format: SEQUENCE(0.0.1.0.1).items < 2: \"+c.length);n.pbkdf2Salt=i(t,c[0]);var l=i(t,c[1]);try{n.pbkdf2Iter=parseInt(l,16)}catch(f){throw new Error(\"malformed format pbkdf2Iter: \"+l)}return n},getPBKDF2KeyHexFromParam:function(t,e){var r=d.enc.Hex.parse(t.pbkdf2Salt),i=t.pbkdf2Iter,n=d.PBKDF2(e,r,{keySize:6,iterations:i});return d.enc.Hex.stringify(n)},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(t,e){var r=Ct(t,\"ENCRYPTED PRIVATE KEY\"),i=this.parseHexOfEncryptedPKCS8(r),n=Gt.getPBKDF2KeyHexFromParam(i,e),s={};s.ciphertext=d.enc.Hex.parse(i.ciphertext);var a=d.enc.Hex.parse(n),o=d.enc.Hex.parse(i.encryptionSchemeIV),h=d.TripleDES.decrypt(s,a,{iv:o});return d.enc.Hex.stringify(h)},getKeyFromEncryptedPKCS8PEM:function(t,e){var r=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(t,e);return this.getKeyFromPlainPrivatePKCS8Hex(r)},parsePlainPrivatePKCS8Hex:function(t){var e=lt,r=e.getChildIdx,i=e.getV,n={algparam:null};if(\"30\"!=t.substr(0,2))throw new Error(\"malformed plain PKCS8 private key(code:001)\");var s=r(t,0);if(s.length<3)throw new Error(\"malformed plain PKCS8 private key(code:002)\");if(\"30\"!=t.substr(s[1],2))throw new Error(\"malformed PKCS8 private key(code:003)\");var a=r(t,s[1]);if(2!=a.length)throw new Error(\"malformed PKCS8 private key(code:004)\");if(\"06\"!=t.substr(a[0],2))throw new Error(\"malformed PKCS8 private key(code:005)\");if(n.algoid=i(t,a[0]),\"06\"==t.substr(a[1],2)&&(n.algparam=i(t,a[1])),\"04\"!=t.substr(s[2],2))throw new Error(\"malformed PKCS8 private key(code:006)\");return n.keyidx=e.getVidx(t,s[2]),n},getKeyFromPlainPrivatePKCS8PEM:function(t){var e=Ct(t,\"PRIVATE KEY\");return this.getKeyFromPlainPrivatePKCS8Hex(e)},getKeyFromPlainPrivatePKCS8Hex:function(t){var e,r=this.parsePlainPrivatePKCS8Hex(t);if(\"2a864886f70d010101\"==r.algoid)e=new rt;else if(\"2a8648ce380401\"==r.algoid)e=new ht.crypto.DSA;else{if(\"2a8648ce3d0201\"!=r.algoid)throw new Error(\"unsupported private key algorithm\");e=new ht.crypto.ECDSA}return e.readPKCS8PrvKeyHex(t),e},_getKeyFromPublicPKCS8Hex:function(t){var e,r=lt.getVbyList(t,0,[0,0],\"06\");if(\"2a864886f70d010101\"===r)e=new rt;else if(\"2a8648ce380401\"===r)e=new ht.crypto.DSA;else{if(\"2a8648ce3d0201\"!==r)throw new Error(\"unsupported PKCS#8 public key hex\");e=new ht.crypto.ECDSA}return e.readPKCS8PubKeyHex(t),e},parsePublicRawRSAKeyHex:function(t){var e=lt,r=e.getChildIdx,i=e.getV,n={};if(\"30\"!=t.substr(0,2))throw new Error(\"malformed RSA key(code:001)\");var s=r(t,0);if(2!=s.length)throw new Error(\"malformed RSA key(code:002)\");if(\"02\"!=t.substr(s[0],2))throw new Error(\"malformed RSA key(code:003)\");if(n.n=i(t,s[0]),\"02\"!=t.substr(s[1],2))throw new Error(\"malformed RSA key(code:004)\");return n.e=i(t,s[1]),n},parsePublicPKCS8Hex:function(t){var e=lt,r=e.getChildIdx,i=e.getV,n={algparam:null},s=r(t,0);if(2!=s.length)throw new Error(\"outer DERSequence shall have 2 elements: \"+s.length);var a=s[0];if(\"30\"!=t.substr(a,2))throw new Error(\"malformed PKCS8 public key(code:001)\");var o=r(t,a);if(2!=o.length)throw new Error(\"malformed PKCS8 public key(code:002)\");if(\"06\"!=t.substr(o[0],2))throw new Error(\"malformed PKCS8 public key(code:003)\");if(n.algoid=i(t,o[0]),\"06\"==t.substr(o[1],2)?n.algparam=i(t,o[1]):\"30\"==t.substr(o[1],2)&&(n.algparam={},n.algparam.p=e.getVbyList(t,o[1],[0],\"02\"),n.algparam.q=e.getVbyList(t,o[1],[1],\"02\"),n.algparam.g=e.getVbyList(t,o[1],[2],\"02\")),\"03\"!=t.substr(s[1],2))throw new Error(\"malformed PKCS8 public key(code:004)\");return n.key=i(t,s[1]).substr(2),n}}}();function Wt(t,e){for(var r=\"\",i=e/4-t.length,n=0;n>24,(16711680&n)>>16,(65280&n)>>8,255&n])))),n+=1;return i}function Xt(t){for(var e in ht.crypto.Util.DIGESTINFOHEAD){var r=ht.crypto.Util.DIGESTINFOHEAD[e],i=r.length;if(t.substring(0,i)==r)return[e,t.substring(i)]}return[]}function $t(t){var e,r=lt,i=r.getChildIdx,n=r.getV,s=r.getTLV,a=r.getVbyList,o=r.getVbyListEx,h=r.getTLVbyList,u=r.getTLVbyListEx,c=r.getIdxbyList,l=r.getIdxbyListEx,f=r.getVidx,g=r.getInt,p=r.oidname,d=r.hextooidstr,v=Ct;try{e=ht.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV}catch(y){}this.HEX2STAG={\"0c\":\"utf8\",13:\"prn\",16:\"ia5\",\"1a\":\"vis\",\"1e\":\"bmp\"},this.hex=null,this.version=0,this.foffset=0,this.aExtInfo=null,this.getVersion=function(){if(null===this.hex||0!==this.version)return this.version;var t=h(this.hex,0,[0,0]);if(\"a0\"==t.substr(0,2)){var e=h(t,0,[0]),r=g(e,0);if(r<0||21){var o=s(t,a[1]),h=this.getGeneralName(o);null!=h.uri&&(n.uri=h.uri)}if(a.length>2){var u=s(t,a[2]);\"0101ff\"==u&&(n.reqauth=!0),\"010100\"==u&&(n.reqauth=!1)}return n},this.getX500NameRule=function(t){for(var e=null,r=[],i=0;i0&&(t.ext=this.getExtParamArray()),t.sighex=this.getSignatureValueHex(),t},this.getExtParamArray=function(t){null==t&&-1!=l(this.hex,0,[0,\"[3]\"])&&(t=u(this.hex,0,[0,\"[3]\",0],\"30\"));for(var e=[],r=i(t,0),n=0;n2&&\"04\"===v.substr(d[1],2)))throw new Error(\"unsupported PKCS#1/5 hexadecimal key\");(P=new o).readPKCS5PrvKeyHex(v)}return P}if(\"pkcs8prv\"===r)return l.getKeyFromPlainPrivatePKCS8Hex(t);if(\"pkcs8pub\"===r)return l._getKeyFromPublicPKCS8Hex(t);if(\"x509pub\"===r)return $t.getPublicKeyFromCertHex(t);if(-1!=t.indexOf(\"-END CERTIFICATE-\",0)||-1!=t.indexOf(\"-END X509 CERTIFICATE-\",0)||-1!=t.indexOf(\"-END TRUSTED CERTIFICATE-\",0))return $t.getPublicKeyFromCertPEM(t);if(-1!=t.indexOf(\"-END PUBLIC KEY-\")){var m=Ct(t,\"PUBLIC KEY\");return l._getKeyFromPublicPKCS8Hex(m)}if(-1!=t.indexOf(\"-END RSA PRIVATE KEY-\")&&-1==t.indexOf(\"4,ENCRYPTED\")){var S=c(t,\"RSA PRIVATE KEY\");return l.getKey(S,null,\"pkcs5prv\")}if(-1!=t.indexOf(\"-END DSA PRIVATE KEY-\")&&-1==t.indexOf(\"4,ENCRYPTED\")){var x=s(i=c(t,\"DSA PRIVATE KEY\"),0,[1],\"02\"),w=s(i,0,[2],\"02\"),b=s(i,0,[3],\"02\"),F=s(i,0,[4],\"02\"),A=s(i,0,[5],\"02\");return(P=new h).setPrivate(new E(x,16),new E(w,16),new E(b,16),new E(F,16),new E(A,16)),P}if(-1!=t.indexOf(\"-END EC PRIVATE KEY-\")&&-1==t.indexOf(\"4,ENCRYPTED\"))return S=c(t,\"EC PRIVATE KEY\"),l.getKey(S,null,\"pkcs5prv\");if(-1!=t.indexOf(\"-END PRIVATE KEY-\"))return l.getKeyFromPlainPrivatePKCS8PEM(t);if(-1!=t.indexOf(\"-END RSA PRIVATE KEY-\")&&-1!=t.indexOf(\"4,ENCRYPTED\")){var D=l.getDecryptedKeyHex(t,e),I=new rt;return I.readPKCS5PrvKeyHex(D),I}if(-1!=t.indexOf(\"-END EC PRIVATE KEY-\")&&-1!=t.indexOf(\"4,ENCRYPTED\")){var C,P=s(i=l.getDecryptedKeyHex(t,e),0,[1],\"04\"),R=s(i,0,[2,0],\"06\"),T=s(i,0,[3,0],\"03\").substr(2);if(void 0===ht.crypto.OID.oidhex2name[R])throw new Error(\"undefined OID(hex) in KJUR.crypto.OID: \"+R);return(C=new o({curve:ht.crypto.OID.oidhex2name[R]})).setPublicKeyHex(T),C.setPrivateKeyHex(P),C.isPublic=!1,C}if(-1!=t.indexOf(\"-END DSA PRIVATE KEY-\")&&-1!=t.indexOf(\"4,ENCRYPTED\"))return x=s(i=l.getDecryptedKeyHex(t,e),0,[1],\"02\"),w=s(i,0,[2],\"02\"),b=s(i,0,[3],\"02\"),F=s(i,0,[4],\"02\"),A=s(i,0,[5],\"02\"),(P=new h).setPrivate(new E(x,16),new E(w,16),new E(b,16),new E(F,16),new E(A,16)),P;if(-1!=t.indexOf(\"-END ENCRYPTED PRIVATE KEY-\"))return l.getKeyFromEncryptedPKCS8PEM(t,e);throw new Error(\"not supported argument\")},Gt.generateKeypair=function(t,e){if(\"RSA\"==t){var r=e;(a=new rt).generate(r,\"10001\"),a.isPrivate=!0,a.isPublic=!0;var i=new rt,n=a.n.toString(16),s=a.e.toString(16);return i.setPublic(n,s),i.isPrivate=!1,i.isPublic=!0,(o={}).prvKeyObj=a,o.pubKeyObj=i,o}if(\"EC\"==t){var a,o,h=e,u=new ht.crypto.ECDSA({curve:h}).generateKeyPairHex();return(a=new ht.crypto.ECDSA({curve:h})).setPublicKeyHex(u.ecpubhex),a.setPrivateKeyHex(u.ecprvhex),a.isPrivate=!0,a.isPublic=!1,(i=new ht.crypto.ECDSA({curve:h})).setPublicKeyHex(u.ecpubhex),i.isPrivate=!1,i.isPublic=!0,(o={}).prvKeyObj=a,o.pubKeyObj=i,o}throw new Error(\"unknown algorithm: \"+t)},Gt.getPEM=function(t,e,r,i,n,s){var a=ht,o=a.asn1,h=o.DERObjectIdentifier,u=o.DERInteger,c=o.ASN1Util.newObject,l=o.x509.SubjectPublicKeyInfo,f=a.crypto,g=f.DSA,p=f.ECDSA,v=rt;function y(t){return c({seq:[{int:0},{int:{bigint:t.n}},{int:t.e},{int:{bigint:t.d}},{int:{bigint:t.p}},{int:{bigint:t.q}},{int:{bigint:t.dmp1}},{int:{bigint:t.dmq1}},{int:{bigint:t.coeff}}]})}function m(t){return c({seq:[{int:1},{octstr:{hex:t.prvKeyHex}},{tag:[\"a0\",!0,{oid:{name:t.curveName}}]},{tag:[\"a1\",!0,{bitstr:{hex:\"00\"+t.pubKeyHex}}]}]})}function S(t){return c({seq:[{int:0},{int:{bigint:t.p}},{int:{bigint:t.q}},{int:{bigint:t.g}},{int:{bigint:t.y}},{int:{bigint:t.x}}]})}if((void 0!==v&&t instanceof v||void 0!==g&&t instanceof g||void 0!==p&&t instanceof p)&&1==t.isPublic&&(void 0===e||\"PKCS8PUB\"==e))return It(b=new l(t).getEncodedHex(),\"PUBLIC KEY\");if(\"PKCS1PRV\"==e&&void 0!==v&&t instanceof v&&(void 0===r||null==r)&&1==t.isPrivate)return It(b=y(t).getEncodedHex(),\"RSA PRIVATE KEY\");if(\"PKCS1PRV\"==e&&void 0!==p&&t instanceof p&&(void 0===r||null==r)&&1==t.isPrivate){var x=new h({name:t.curveName}).getEncodedHex(),E=m(t).getEncodedHex(),w=\"\";return(w+=It(x,\"EC PARAMETERS\"))+It(E,\"EC PRIVATE KEY\")}if(\"PKCS1PRV\"==e&&void 0!==g&&t instanceof g&&(void 0===r||null==r)&&1==t.isPrivate)return It(b=S(t).getEncodedHex(),\"DSA PRIVATE KEY\");if(\"PKCS5PRV\"==e&&void 0!==v&&t instanceof v&&void 0!==r&&null!=r&&1==t.isPrivate){var b=y(t).getEncodedHex();return void 0===i&&(i=\"DES-EDE3-CBC\"),this.getEncryptedPKCS5PEMFromPrvKeyHex(\"RSA\",b,r,i,s)}if(\"PKCS5PRV\"==e&&void 0!==p&&t instanceof p&&void 0!==r&&null!=r&&1==t.isPrivate)return b=m(t).getEncodedHex(),void 0===i&&(i=\"DES-EDE3-CBC\"),this.getEncryptedPKCS5PEMFromPrvKeyHex(\"EC\",b,r,i,s);if(\"PKCS5PRV\"==e&&void 0!==g&&t instanceof g&&void 0!==r&&null!=r&&1==t.isPrivate)return b=S(t).getEncodedHex(),void 0===i&&(i=\"DES-EDE3-CBC\"),this.getEncryptedPKCS5PEMFromPrvKeyHex(\"DSA\",b,r,i,s);var F=function(t,e){var r=A(t,e);return new c({seq:[{seq:[{oid:{name:\"pkcs5PBES2\"}},{seq:[{seq:[{oid:{name:\"pkcs5PBKDF2\"}},{seq:[{octstr:{hex:r.pbkdf2Salt}},{int:r.pbkdf2Iter}]}]},{seq:[{oid:{name:\"des-EDE3-CBC\"}},{octstr:{hex:r.encryptionSchemeIV}}]}]}]},{octstr:{hex:r.ciphertext}}]}).getEncodedHex()},A=function(t,e){var r=d.lib.WordArray.random(8),i=d.lib.WordArray.random(8),n=d.PBKDF2(e,r,{keySize:6,iterations:100}),s=d.enc.Hex.parse(t),a=d.TripleDES.encrypt(s,n,{iv:i})+\"\",o={};return o.ciphertext=a,o.pbkdf2Salt=d.enc.Hex.stringify(r),o.pbkdf2Iter=100,o.encryptionSchemeAlg=\"DES-EDE3-CBC\",o.encryptionSchemeIV=d.enc.Hex.stringify(i),o};if(\"PKCS8PRV\"==e&&null!=v&&t instanceof v&&1==t.isPrivate){var D=y(t).getEncodedHex();return b=c({seq:[{int:0},{seq:[{oid:{name:\"rsaEncryption\"}},{null:!0}]},{octstr:{hex:D}}]}).getEncodedHex(),void 0===r||null==r?It(b,\"PRIVATE KEY\"):It(E=F(b,r),\"ENCRYPTED PRIVATE KEY\")}if(\"PKCS8PRV\"==e&&void 0!==p&&t instanceof p&&1==t.isPrivate)return D=new c({seq:[{int:1},{octstr:{hex:t.prvKeyHex}},{tag:[\"a1\",!0,{bitstr:{hex:\"00\"+t.pubKeyHex}}]}]}).getEncodedHex(),b=c({seq:[{int:0},{seq:[{oid:{name:\"ecPublicKey\"}},{oid:{name:t.curveName}}]},{octstr:{hex:D}}]}).getEncodedHex(),void 0===r||null==r?It(b,\"PRIVATE KEY\"):It(E=F(b,r),\"ENCRYPTED PRIVATE KEY\");if(\"PKCS8PRV\"==e&&void 0!==g&&t instanceof g&&1==t.isPrivate)return D=new u({bigint:t.x}).getEncodedHex(),b=c({seq:[{int:0},{seq:[{oid:{name:\"dsa\"}},{seq:[{int:{bigint:t.p}},{int:{bigint:t.q}},{int:{bigint:t.g}}]}]},{octstr:{hex:D}}]}).getEncodedHex(),void 0===r||null==r?It(b,\"PRIVATE KEY\"):It(E=F(b,r),\"ENCRYPTED PRIVATE KEY\");throw new Error(\"unsupported object nor format\")},Gt.getKeyFromCSRPEM=function(t){var e=Ct(t,\"CERTIFICATE REQUEST\");return Gt.getKeyFromCSRHex(e)},Gt.getKeyFromCSRHex=function(t){var e=Gt.parseCSRHex(t);return Gt.getKey(e.p8pubkeyhex,null,\"pkcs8pub\")},Gt.parseCSRHex=function(t){var e=lt,r=e.getChildIdx,i=e.getTLV,n={},s=t;if(\"30\"!=s.substr(0,2))throw new Error(\"malformed CSR(code:001)\");var a=r(s,0);if(a.length<1)throw new Error(\"malformed CSR(code:002)\");if(\"30\"!=s.substr(a[0],2))throw new Error(\"malformed CSR(code:003)\");var o=r(s,a[0]);if(o.length<3)throw new Error(\"malformed CSR(code:004)\");return n.p8pubkeyhex=i(s,o[2]),n},Gt.getKeyID=function(t){var e=Gt,r=lt;\"string\"==typeof t&&-1!=t.indexOf(\"BEGIN \")&&(t=e.getKey(t));var i=Ct(e.getPEM(t)),n=r.getIdxbyList(i,0,[1]),s=r.getV(i,n).substring(2);return ht.crypto.Util.hashHex(s,\"sha1\")},Gt.getJWK=function(t,e,r,i,n){var s,a,o={},h=ht.crypto.Util.hashHex;if(\"string\"==typeof t)s=Gt.getKey(t),-1!=t.indexOf(\"CERTIFICATE\")&&(a=Ct(t));else{if(\"object\"!=typeof t)throw new Error(\"unsupported keyinfo type\");t instanceof $t?(s=t.getPublicKey(),a=t.hex):s=t}if(s instanceof rt&&s.isPrivate)o.kty=\"RSA\",o.n=mt(s.n.toString(16)),o.e=mt(s.e.toString(16)),o.d=mt(s.d.toString(16)),o.p=mt(s.p.toString(16)),o.q=mt(s.q.toString(16)),o.dp=mt(s.dmp1.toString(16)),o.dq=mt(s.dmq1.toString(16)),o.qi=mt(s.coeff.toString(16));else if(s instanceof rt&&s.isPublic)o.kty=\"RSA\",o.n=mt(s.n.toString(16)),o.e=mt(s.e.toString(16));else if(s instanceof ht.crypto.ECDSA&&s.isPrivate){if(\"P-256\"!==(c=s.getShortNISTPCurveName())&&\"P-384\"!==c&&\"P-521\"!==c)throw new Error(\"unsupported curve name for JWT: \"+c);var u=s.getPublicKeyXYHex();o.kty=\"EC\",o.crv=c,o.x=mt(u.x),o.y=mt(u.y),o.d=mt(s.prvKeyHex)}else if(s instanceof ht.crypto.ECDSA&&s.isPublic){var c;if(\"P-256\"!==(c=s.getShortNISTPCurveName())&&\"P-384\"!==c&&\"P-521\"!==c)throw new Error(\"unsupported curve name for JWT: \"+c);u=s.getPublicKeyXYHex(),o.kty=\"EC\",o.crv=c,o.x=mt(u.x),o.y=mt(u.y)}if(null==o.kty)throw new Error(\"unsupported keyinfo\");return s.isPrivate||1==e||(o.kid=ht.jws.JWS.getJWKthumbprint(o)),null!=a&&1!=r&&(o.x5c=[m(a)]),null!=a&&1!=i&&(o.x5t=vt(m(h(a,\"sha1\")))),null!=a&&1!=n&&(o[\"x5t#S256\"]=vt(m(h(a,\"sha256\")))),o},Gt.getJWKFromKey=function(t){return Gt.getJWK(t,!0,!0,!0,!0)},rt.getPosArrayOfChildrenFromHex=function(t){return lt.getChildIdx(t,0)},rt.getHexValueArrayOfChildrenFromHex=function(t){var e,r=lt.getV,i=r(t,(e=rt.getPosArrayOfChildrenFromHex(t))[0]),n=r(t,e[1]),s=r(t,e[2]),a=r(t,e[3]),o=r(t,e[4]),h=r(t,e[5]),u=r(t,e[6]),c=r(t,e[7]),l=r(t,e[8]);return(e=new Array).push(i,n,s,a,o,h,u,c,l),e},rt.prototype.readPrivateKeyFromPEMString=function(t){var e=Ct(t),r=rt.getHexValueArrayOfChildrenFromHex(e);this.setPrivateEx(r[1],r[2],r[3],r[4],r[5],r[6],r[7],r[8])},rt.prototype.readPKCS5PrvKeyHex=function(t){var e=rt.getHexValueArrayOfChildrenFromHex(t);this.setPrivateEx(e[1],e[2],e[3],e[4],e[5],e[6],e[7],e[8])},rt.prototype.readPKCS8PrvKeyHex=function(t){var e,r,i,n,s,a,o,h,u=lt,c=u.getVbyListEx;if(!1===u.isASN1HEX(t))throw new Error(\"not ASN.1 hex string\");try{e=c(t,0,[2,0,1],\"02\"),r=c(t,0,[2,0,2],\"02\"),i=c(t,0,[2,0,3],\"02\"),n=c(t,0,[2,0,4],\"02\"),s=c(t,0,[2,0,5],\"02\"),a=c(t,0,[2,0,6],\"02\"),o=c(t,0,[2,0,7],\"02\"),h=c(t,0,[2,0,8],\"02\")}catch(l){throw new Error(\"malformed PKCS#8 plain RSA private key\")}this.setPrivateEx(e,r,i,n,s,a,o,h)},rt.prototype.readPKCS5PubKeyHex=function(t){var e=lt,r=e.getV;if(!1===e.isASN1HEX(t))throw new Error(\"keyHex is not ASN.1 hex string\");var i=e.getChildIdx(t,0);if(2!==i.length||\"02\"!==t.substr(i[0],2)||\"02\"!==t.substr(i[1],2))throw new Error(\"wrong hex for PKCS#5 public key\");var n=r(t,i[0]),s=r(t,i[1]);this.setPublic(n,s)},rt.prototype.readPKCS8PubKeyHex=function(t){var e=lt;if(!1===e.isASN1HEX(t))throw new Error(\"not ASN.1 hex string\");if(\"06092a864886f70d010101\"!==e.getTLVbyListEx(t,0,[0,0]))throw new Error(\"not PKCS8 RSA public key\");var r=e.getTLVbyListEx(t,0,[1,0]);this.readPKCS5PubKeyHex(r)},rt.prototype.readCertPubKeyHex=function(t,e){var r,i;(r=new $t).readCertHex(t),i=r.getPublicKeyHex(),this.readPKCS8PubKeyHex(i)},new RegExp(\"[^0-9a-f]\",\"gi\"),rt.prototype.sign=function(t,e){var r,i=(r=t,ht.crypto.Util.hashString(r,e));return this.signWithMessageHash(i,e)},rt.prototype.signWithMessageHash=function(t,e){var r=tt(ht.crypto.Util.getPaddedDigestInfoHex(t,e,this.n.bitLength()),16);return Wt(this.doPrivate(r).toString(16),this.n.bitLength())},rt.prototype.signPSS=function(t,e,r){var i,n=(i=bt(t),ht.crypto.Util.hashHex(i,e));return void 0===r&&(r=-1),this.signWithMessageHashPSS(n,e,r)},rt.prototype.signWithMessageHashPSS=function(t,e,r){var i,n=wt(t),s=n.length,a=this.n.bitLength()-1,o=Math.ceil(a/8),h=function(t){return ht.crypto.Util.hashHex(t,e)};if(-1===r||void 0===r)r=s;else if(-2===r)r=o-s-2;else if(r<-2)throw new Error(\"invalid salt length\");if(o0&&(u=new Array(r),(new Q).nextBytes(u),u=String.fromCharCode.apply(String,u));var c=wt(h(bt(\"\\0\\0\\0\\0\\0\\0\\0\\0\"+n+u))),l=[];for(i=0;i>8*o-a&255;for(p[0]&=~d,i=0;ii)return!1;var n=this.doPublic(r).toString(16);if(n.length+3!=i/4)return!1;var s=Xt(n.replace(/^1f+00/,\"\"));if(0==s.length)return!1;var a,o=s[0];return s[1]==(a=t,ht.crypto.Util.hashString(a,o))},rt.prototype.verifyWithMessageHash=function(t,e){if(e.length!=Math.ceil(this.n.bitLength()/4))return!1;var r=tt(e,16);if(r.bitLength()>this.n.bitLength())return 0;var i=Xt(this.doPublic(r).toString(16).replace(/^1f+00/,\"\"));return 0!=i.length&&(i[0],i[1]==t)},rt.prototype.verifyPSS=function(t,e,r,i){var n,s=(n=bt(t),ht.crypto.Util.hashHex(n,r));return void 0===i&&(i=-1),this.verifyWithMessageHashPSS(s,e,r,i)},rt.prototype.verifyWithMessageHashPSS=function(t,e,r,i){if(e.length!=Math.ceil(this.n.bitLength()/4))return!1;var n,s=new E(e,16),a=function(t){return ht.crypto.Util.hashHex(t,r)},o=wt(t),h=o.length,u=this.n.bitLength()-1,c=Math.ceil(u/8);if(-1===i||void 0===i)i=h;else if(-2===i)i=c-h-2;else if(i<-2)throw new Error(\"invalid salt length\");if(c>8*c-u&255;if(0!=(f.charCodeAt(0)&p))throw new Error(\"bits beyond keysize not zero\");var d=Jt(g,f.length,a),v=[];for(n=0;n0&&-1==(\":\"+r.join(\":\")+\":\").indexOf(\":\"+v+\":\"))throw\"algorithm '\"+v+\"' not accepted in the list\";if(\"none\"!=v&&null===e)throw\"key shall be specified to verify.\";if(\"string\"==typeof e&&-1!=e.indexOf(\"-----BEGIN \")&&(e=Gt.getKey(e)),!(\"RS\"!=f&&\"PS\"!=f||e instanceof i))throw\"key shall be a RSAKey obj for RS* and PS* algs\";if(\"ES\"==f&&!(e instanceof h))throw\"key shall be a ECDSA obj for ES* algs\";var y=null;if(void 0===s.jwsalg2sigalg[d.alg])throw\"unsupported alg name: \"+v;if(\"none\"==(y=s.jwsalg2sigalg[v]))throw\"not supported\";if(\"Hmac\"==y.substr(0,4)){if(void 0===e)throw\"hexadecimal key shall be specified for HMAC\";var m=new u({alg:y,pass:e});return m.updateString(g),p==m.doFinal()}if(-1!=y.indexOf(\"withECDSA\")){var S,x=null;try{x=h.concatSigToASN1Sig(p)}catch(E){return!1}return(S=new c({alg:y})).init(e),S.updateString(g),S.verify(x)}return(S=new c({alg:y})).init(e),S.updateString(g),S.verify(p)},ht.jws.JWS.parse=function(t){var e,r,i,n=t.split(\".\"),s={};if(2!=n.length&&3!=n.length)throw\"malformed sJWS: wrong number of '.' splitted elements\";return e=n[0],r=n[1],3==n.length&&(i=n[2]),s.headerObj=ht.jws.JWS.readSafeJSONString(ct(e)),s.payloadObj=ht.jws.JWS.readSafeJSONString(ct(r)),s.headerPP=JSON.stringify(s.headerObj,null,\" \"),null==s.payloadObj?s.payloadPP=ct(r):s.payloadPP=JSON.stringify(s.payloadObj,null,\" \"),void 0!==i&&(s.sigHex=St(i)),s},ht.jws.JWS.verifyJWT=function(t,e,r){var i=ht.jws,n=i.JWS,s=n.readSafeJSONString,a=n.inArray,o=n.includedArray,h=t.split(\".\"),u=h[0],c=h[1],l=(St(h[2]),s(ct(u))),f=s(ct(c));if(void 0===l.alg)return!1;if(void 0===r.alg)throw\"acceptField.alg shall be specified\";if(!a(l.alg,r.alg))return!1;if(void 0!==f.iss&&\"object\"==typeof r.iss&&!a(f.iss,r.iss))return!1;if(void 0!==f.sub&&\"object\"==typeof r.sub&&!a(f.sub,r.sub))return!1;if(void 0!==f.aud&&\"object\"==typeof r.aud)if(\"string\"==typeof f.aud){if(!a(f.aud,r.aud))return!1}else if(\"object\"==typeof f.aud&&!o(f.aud,r.aud))return!1;var g=i.IntDate.getNow();return void 0!==r.verifyAt&&\"number\"==typeof r.verifyAt&&(g=r.verifyAt),void 0!==r.gracePeriod&&\"number\"==typeof r.gracePeriod||(r.gracePeriod=0),!(void 0!==f.exp&&\"number\"==typeof f.exp&&f.exp+r.gracePeriodn&&this.aHeader.pop(),this.aSignature.length>n&&this.aSignature.pop(),\"addSignature failed: \"+c}},this.verifyAll=function(t){if(this.aHeader.length!==t.length||this.aSignature.length!==t.length)return!1;for(var e=0;e0))throw\"malformed header\";if(this.aHeader=t.headers,\"string\"!=typeof t.payload)throw\"malformed signatures\";if(this.sPayload=t.payload,!(t.signatures.length>0))throw\"malformed signatures\";this.aSignature=t.signatures}catch(e){throw\"malformed JWS-JS JSON object: \"+e}},this.getJSON=function(){return{headers:this.aHeader,payload:this.sPayload,signatures:this.aSignature}},this.isEmpty=function(){return 0==this.aHeader.length?1:0}},g.SecureRandom=Q,g.rng_seed_time=W,g.BigInteger=E,g.RSAKey=rt,g.ECDSA=ht.crypto.ECDSA,g.DSA=ht.crypto.DSA,g.Signature=ht.crypto.Signature,g.MessageDigest=ht.crypto.MessageDigest,g.Mac=ht.crypto.Mac,g.Cipher=ht.crypto.Cipher,g.KEYUTIL=Gt,g.ASN1HEX=lt,g.X509=$t,g.X509CRL=function(t){var e=ht.lang.String.isHex,r=lt,i=r.getV,n=r.getTLV,s=r.getVbyList,a=r.getTLVbyList,o=r.getTLVbyListEx,h=r.getIdxbyList,u=r.getIdxbyListEx,c=r.getChildIdx,l=new $t;this.hex=null,this.posSigAlg=null,this.posRevCert=null,this._setPos=function(){var t=h(this.hex,0,[0,0]),e=this.hex.substr(t,2);if(\"02\"==e)this.posSigAlg=1;else{if(\"30\"!=e)throw new Error(\"malformed 1st item of TBSCertList: \"+e);this.posSigAlg=0}var r,i=h(this.hex,0,[0,this.posSigAlg+3]),n=this.hex.substr(i,2);if(\"17\"==n||\"18\"==n)r=h(this.hex,0,[0,this.posSigAlg+4]),this.posRevCert=null,-1!=r&&\"30\"==this.hex.substr(r,2)&&(this.posRevCert=this.posSigAlg+4);else if(\"30\"==n)this.posRevCert=this.posSigAlg+3;else{if(\"a0\"!=n)throw new Error(\"malformed nextUpdate or revCert tag: \"+n);this.posRevCert=null}},this.getVersion=function(){return 0==this.posSigAlg?null:parseInt(s(this.hex,0,[0,0],\"02\"),16)+1},this.getSignatureAlgorithmField=function(){var t=a(this.hex,0,[0,this.posSigAlg],\"30\");return l.getAlgorithmIdentifierName(t)},this.getIssuer=function(){var t=a(this.hex,0,[0,this.posSigAlg+1],\"30\");return l.getX500Name(t)},this.getThisUpdate=function(){var t=s(this.hex,0,[0,this.posSigAlg+2]);return result=wt(t)},this.getNextUpdate=function(){var t=h(this.hex,0,[0,this.posSigAlg+3]),e=this.hex.substr(t,2);return\"17\"!=e&&\"18\"!=e?null:wt(i(this.hex,t))},this.getRevCertArray=function(){if(null==this.posRevCert)return null;for(var t=[],e=h(this.hex,0,[0,this.posRevCert]),r=c(this.hex,e),i=0;ie.length&&(r=e.length);for(var i=0;i{let e=\"\",r=t;for(;r--;)e+=\"useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict\"[64*Math.random()|0];return e}};function d(t,e,r){if(!r.includes(typeof t)||null===t)throw new Error(`Field ${e} should be of type ${r}`)}var v={valString:function(t,e){d(t,e,[\"string\"])},valObject:function(t,e){d(t,e,[\"object\"])},valNumber:function(t,e){d(t,e,[\"number\"])},valStringOrObject:function(t,e){d(t,e,[\"string\",\"object\"])}};const{nanoid:y}=p,{valStringOrObject:m,valString:S,valObject:x,valNumber:E}=v;function w(t,e,r,i,n,s){x(e,\"payload\"),x(r,\"header\"),E(i,\"exp\");var a=Math.ceil((new Date).getTime()/1e3),o=a+i;const h=Object.assign({typ:\"JWT\"},r,{alg:n,kid:s}),u=Object.assign({iat:a-5,nbf:a-5,exp:o,jti:y()},e),c=JSON.stringify(h),l=JSON.stringify(u);return g.jws.JWS.sign(n,c,l,t)}function b(t=\"\",e={},r={},i=600,n=\"RS256\"){try{return m(t,\"jwk\"),w(g.KEYUTIL.getKey(t),e,r,i,n,t.kid)}catch(s){const t=\"string\"==typeof s?s:s.message;throw new Error(\"[jwtSign] \"+t)}}return{pkceChallenge:function(){const t=g.crypto.Util.getRandomHexOfNbytes(32),e=g.hextob64u(t),r=g.crypto.Util.hashString(e,\"sha256\");return{code_verifier:e,code_challenge:g.hextob64u(r),code_challenge_method:\"S256\"}},createJws:w,jwtSign:b,jwtVerify:function(t,e,r=\"RS256\"){try{S(t,\"jwt\"),m(e,\"pubKey\");const i=g.KEYUTIL.getKey(e);if(!g.jws.JWS.verifyJWT(t,i,{alg:[r],gracePeriod:5}))throw new Error(\"Invalid JWT\");const n=g.jws.JWS.parse(t);return{header:n.headerObj,payload:n.payloadObj}}catch(i){const t=\"string\"==typeof i?i:i.message;throw new Error(\"[jwtVerify] \"+t)}},sha256:function(t){return g.crypto.Util.hashString(t,\"sha256\")},clientAssertPrivateKey:function(t,e,r,i=600,n=\"RS256\"){return b(t,{sub:e,iss:e,aud:r},{},i,n)},clientAssertSecret:function(t,e,r,i=600,n=\"HS256\"){try{return S(t,\"secret\"),w(t,{sub:e,iss:e,aud:r},{},i,n)}catch(s){throw new Error(\"[clientAssertSecret] \"+s.message)}},rs:g,nanoid:y}}));" }, { "key": "userRelatedClientId", "value": "customerConfidentialClient" }, { "key": "serviceRelatedClientId", "value": "serviceConfidentialClient" }, { "key": "postmanDemoUsername2", "value": "postmanDemoUser2" }, { "key": "postmanDemoPassword2", "value": "" }, { "key": "tokenExchangeAudienceValue", "value": "https://audience1.example.com" }, { "key": "acceptAudienceParamOnTokenExchangeRequests", "value": "false" }, { "key": "SSOToken", "value": "" }, { "key": "postmanDemoEmail2", "value": "demo.user2@postman.example.com" } ] }