OpenID

Windows Update chrome v75 > mkdir t > cd t > midir tests > npm install nightwatch --save-dev > npm install chromedriver --save-dev > nano nightwatch.js require('nightwatch/bin/runner.js'); > nano nightwatch.conf.js const chrome = require('chromedriver') module.exports = { src_folders: ['tests'], webdriver: { start_process: true, server_path: chrome.path, port: 9515, }, test_settings: { default: { desiredCapabilities: { browserName: 'chrome', }, }, }, } > nano tests/test.js module.exports = { 'step one: navigate to google' : function (browser) { for (var i = 0; i < 10; i += 1) { browser .url('https://t.tt:9010') .waitForElementVisible('body', 1000) .click('a') .waitForElementVisible('input[type=email]') .setValue('input[type=email]', 'foo@bar.com') .setValue('input[type=password]', 'foobar') .click('input[type=submit]', function(result) { this.assert.strictEqual(result.status, 0); }) .waitForElementVisible('input[type=checkbox]') .click('input[id=openid]') .click('input[id=offline]') .click('input[id=accept]', function(result) { this.assert.strictEqual(result.status, 0); }) } }, }; > node nightwatch.js tests/test.js

If you use consent website(official login&consent) run all step, routes/consent.js session part need remove mark, surely you can get session data. @token= xLPcJ3tobDqGUDxIVTxWt2p7w_odZSV22IAlUf5QPZU.YD6R_xKQ2ldCLbEV7mmc01E6ZLzemzdEC5H4-otTMPg ### userinfo GET https://openid.hydra:9001/userinfo Authorization: Bearer {{token}} ### introspect POST https://openid.hydra:9002/oauth2/introspect Content-Type: application/x-www-form-urlencoded token={{token}} &scope=openid+photos.read PS：&scope=openid+photos.read can remove. But you use REST Client need fix. Put session data by yourself. ### accept conent scope PUT https://192.168.99.100:9002/oauth2/auth/requests/consent/accept?consent_challenge={{consent_challenge}} Content-Type: application/json { "grant_scope": ["openid", "photos.read"], "session": { "access_token": { "foo": "bar" }, "id_token": { "baz": "bar" } } } Try and watch many document. Can’t get real why. Official Website no any discuss. ...

https://www.ory.sh/docs/next/hydra/oauth2#oauth-20-scope A OAuth 2.0 Scope is not a permission: A permission allows an actor to perform a certain action in a system: Bob is allowed to delete his own photos. OAuth 2.0 Scope implies that an end-user granted certain privileges to a client: Bob allowed the OAuth 2.0 Client to delete all users. The OAuth 2.0 Scope can be granted without the end-user actually having the right permissions. In the examples above, Bob granted an OAuth 2.0 Client the permission (“scope”) to delete all users in his name. However, since Bob is not an administrator, that permission (“access control”) is not actually granted to Bob. Therefore any request by the OAuth 2.0 Client that tries to delete users on behalf of Bob should fail. ...

hydra login consent node https://github.com/ory/hydra-login-consent-node When login success, context data be saved . Can use GET https://openid.hydra:9002/oauth2/auth/sessions/consent?subject=foo@bar.com HTTP/1.1 check by subject. routes/login.js hydra.acceptLoginRequest(challenge, { context: { "test1": "test1", "test2": { "test2i": "test2i"} }, Database keep context Table name: hydra_oauth2_consent_request save context data. Here is Postgresql (pg). ===== Postgresql command ==== 1. Login Postgresql (pg) docker psql hydra -U hydra #login pg (already in db cmd) \dt; select * from hydra_oauth2_consent_request; =============== userinfo =============== ...

https://github.com/i-core/werther