Overview
This page provides some suggested test scenarios to help you test the use of the OAuth dynamic client registration (DCR) API in your software in the sandbox environment.
You will need to obtain an initial registration access token from the ATO authorisation server (ATO SSO/IdP) before calling the OAuth DCR API to test the below scenarios in the sandbox environment.
Test Scenario 1 – Post OAuth DCR – Default – Created response
Request Information
HTTP verb: POST
Response Information
Response type: Business Payload
HTTP Status: 201
HTTP Reason: Created
HTTP Header: receipt: 630000000nnnn
Payload:
The following values will be appended to the request payload and returned in the response
{ "client_id": "c04e4efa-0933-210e-97ae-cf0baffe304e", "registration_access_token": "eyJhbGciOiJSUzI1NiIsImVudGl0bGVtZW50Ijo2Njc3OH0.eyJrZXlzIjpbeyJjbGllbnRfbmFtZSI6ImMwNGU0ZWZhLTA5MzMtMjEwZS05N2FlLWNmMGJhZmZlMzA0ZSIsImUiOiJBUUFCIiwidXNlIjoic2lnIn1dfQ.HFLxL3HOZ9J15vv3yfCWK7scfBNJR8B4rly_2OcW8CiYJkNZode8QtKNFdRDSeB20T_n9yyjSk4NY2ZksRMcd9Ik9o8jYc5KBAtIBLzmaIaSdNmgbcHCMVe-lJiumMVvZ3kpZEv5aTvSVwgcGqaNF_BjGx3nup1EwtcKCBD8ttMAEtzEPH0xEVVxfysMAXoEioL8uCPpxkyVYYs4TsapcxuCZRCCYbt2mfwzRejNvvXjMaOn1xT4mYKfzJgwiTouKSsNmCNE4xll8ZyBjmi0cDMS1_qtoTSR-nFalX1KV-KRiznv9FXqOyk1EndQ8W5lMpPH23LDa1uc5sOALZ4uSA", "client_id_issued_at": "YYYY-MM-DDThh:mm:ss.000Z", "registration_client_uri": "https://sandbox.api.ato.gov.au/idp/v1/relyingparties/c04e4efa-0933-210e-97ae-cf0baffe304e" }
Test Scenario 2 – Post OAuth DCR – Bad Request
Request Information
HTTP verb: POST
Payload: Must contain value below
{ "client_name": "ELDORAS144", }
Response Information
Response type: Error
HTTP Status: 400
HTTP Reason: Bad Request
HTTP Header: receipt: 630000000nnnn
Payload:
{ "error_description": "invalid request", "error": "invalid_request" }
Test Scenario 3 – Post OAuth DCR – Unauthorized
Request Information
HTTP verb: POST
Payload: Must contain value below
{ "client_name": "ADRENALAN645", }
Response Information
Response type: Error
HTTP Status: 401
HTTP Reason: Unauthorized
HTTP Header: receipt: 630000000nnnn
Payload:
{ "error_description": "The Authorization Token is invalid", "error": "invalid_token" }
Test Scenario 4 – Post OAuth DCR – Forbidden
Request Information
HTTP verb: POST
Payload: Must contain value below
{ "client_name": "YANDAR133", }
Response Information
Response type: Error
HTTP Status: 403
HTTP Reason: Forbidden
HTTP Header: receipt: 630000000nnnn
Payload:
{ "error_description": "entity is not enabled for one or more requested scopes", "error": "insufficient_scope" }
Go back to OAuth dynamic client registration API.