Authorisation test scenarios

Last modified

Overview

This page provides some suggested test scenarios to help you test the use of the OAuth dynamic client registration (DCR) API in your software in the sandbox environment.

You will need to obtain an initial registration access token from the ATO authorisation server (ATO SSO/IdP) before calling the OAuth DCR API to test the below scenarios in the sandbox environment.

Test Scenario 1 – Post OAuth DCR – Default – Created response

Request Information

HTTP verb:  POST

Response Information

Response type:  Business Payload

HTTP Status:  201

HTTP Reason:  Created

HTTP Header:  receipt: 630000000nnnn

Payload:

The following values will be appended to the request payload and returned in the response

 {                 "client_id": "c04e4efa-0933-210e-97ae-cf0baffe304e",                 "registration_access_token": "eyJhbGciOiJSUzI1NiIsImVudGl0bGVtZW50Ijo2Njc3OH0.eyJrZXlzIjpbeyJjbGllbnRfbmFtZSI6ImMwNGU0ZWZhLTA5MzMtMjEwZS05N2FlLWNmMGJhZmZlMzA0ZSIsImUiOiJBUUFCIiwidXNlIjoic2lnIn1dfQ.HFLxL3HOZ9J15vv3yfCWK7scfBNJR8B4rly_2OcW8CiYJkNZode8QtKNFdRDSeB20T_n9yyjSk4NY2ZksRMcd9Ik9o8jYc5KBAtIBLzmaIaSdNmgbcHCMVe-lJiumMVvZ3kpZEv5aTvSVwgcGqaNF_BjGx3nup1EwtcKCBD8ttMAEtzEPH0xEVVxfysMAXoEioL8uCPpxkyVYYs4TsapcxuCZRCCYbt2mfwzRejNvvXjMaOn1xT4mYKfzJgwiTouKSsNmCNE4xll8ZyBjmi0cDMS1_qtoTSR-nFalX1KV-KRiznv9FXqOyk1EndQ8W5lMpPH23LDa1uc5sOALZ4uSA",                 "client_id_issued_at": "YYYY-MM-DDThh:mm:ss.000Z",                 "registration_client_uri": "https://sandbox.api.ato.gov.au/idp/v1/relyingparties/c04e4efa-0933-210e-97ae-cf0baffe304e" }

 

Test Scenario 2 – Post OAuth DCR – Bad Request

Request Information

HTTP verb:  POST

Payload:  Must contain value below

 {                 "client_name": "ELDORAS144", } 

Response Information

Response type:  Error

HTTP Status:  400

HTTP Reason:  Bad Request

HTTP Header:  receipt: 630000000nnnn

Payload:

 {                 "error_description": "invalid request",                 "error": "invalid_request" } 

Test Scenario 3 – Post OAuth DCR – Unauthorized

Request Information

HTTP verb:  POST

Payload:  Must contain value below

 {                 "client_name": "ADRENALAN645", } 

Response Information

Response type:  Error

HTTP Status:  401

HTTP Reason:  Unauthorized

HTTP Header:  receipt: 630000000nnnn

Payload:

 {                 "error_description": "The Authorization Token is invalid",                 "error": "invalid_token" } 

Test Scenario 4 – Post OAuth DCR – Forbidden

Request Information

HTTP verb:  POST

Payload:  Must contain value below

 {                 "client_name": "YANDAR133", } 

Response Information

Response type:  Error

HTTP Status:  403

HTTP Reason:  Forbidden

HTTP Header:  receipt: 630000000nnnn

Payload:

 {                 "error_description": "entity is not enabled for one or more requested scopes",                 "error": "insufficient_scope" }

 

Go back to OAuth dynamic client registration API.