Authserver API tests

Feature: Authserver

Covered endpoints and scenarios:
- GET  /protected/datetime         (API key checks)
- GET  /oidc/.well-known/openid-configuration
- POST /oauth2/token               (client_credentials, anonymous, password, refresh_token)
- POST /oauth2/introspection
- GET  /oauth2/userinfo
- POST /oauth2/revoke
- POST /oauth2/bc-authorize        (OIDC backchannel/device flow)
- Dynamic Client Registration endpoints: POST/GET/PATCH/DELETE /oauth2/register and /oauth2/register/{client_id}

Expected behavior:
- Successful requests return HTTP 200 and JSON response bodies (no statusCode field).
- Invalid or missing credentials return an error property in the response.
            

Swagger Editor and other tools

• jwt.io: Decode JWT
• URL Decode
• oauth.com/playground
• oauth.tools
• OAuch

Examples

.well-known/openid-configuration

• google
• microsoftonline common
• transmitsecurity
• microsoftonline per tenant
• auth0

Anonymous token example

                curl -i -v \
                -H "Content-Type: application/json" \
                "http://localhost:7071/api/idp/oauth21/token"
            

Test token example

              curl -v -X POST "http://localhost:7071/api/idp/oauth21/token" \
              -H "Content-Type: application/json" \
              -d '{
                "grant_type": "client_credentials",
                "client_id": "test",
                "client_secret": "test"
              }'
            

Troubleshooting

• localStorage.clear() in console to reset prompts
• Logout/Login
• Delete Account, recreate account (missing scopes)
• Regenerate your client id/client secret
• Does you have the right provisioned device and phone number?
• UX/UI uses the same set of APIs with your credientials
• In marketplace, search for your api and try its test page
• The team can download the right Client SDK from swagger - Menu > Generate Client
• Try different browser (Tested on Edge for Mac/Windows)
• If the API is not working form your IDE, then try to reproduce the API via the Browser or CLI. If Browser/CLI work then try linting your code.
• Are you using the right http verb GET vs POST
• Are you sending the body as form-urlencoded or JSON?