Teste de Fluxos de Autenticação

/app/tests/auth-flows-test.yaml

critical
13 Steps
Duration: 40ms
Success Rate: 100%
Successful Steps
13
100% success rate
Failed Steps
0
0% of total
⏭️
Skipped Steps
0
0% of total
🔗
HTTP Requests
13
100% requests
🔄
Iterações
0
0 steps com iterações

📊 Execution Timeline

# Status Step Name Type Duration Started At Details
1
JWT Login Authentication
POST /post
request
3ms 19/10/2025, 10:28:37
✅ Request completed successfully
2
Validate JWT Token
GET /get
request
3ms 19/10/2025, 10:28:37
✅ Request completed successfully
3
Get User Profile with JWT
GET /get
request
4ms 19/10/2025, 10:28:37
✅ Request completed successfully
4
Test Expired JWT Token
GET /get
request
3ms 19/10/2025, 10:28:37
✅ Request completed successfully
5
Refresh JWT Token
POST /post
request
2ms 19/10/2025, 10:28:37
✅ Request completed successfully
6
OAuth2 Authorization Request
GET /get
request
3ms 19/10/2025, 10:28:37
✅ Request completed successfully
7
OAuth2 Token Exchange
POST /post
request
2ms 19/10/2025, 10:28:37
✅ Request completed successfully
8
Access Resource with OAuth2 Token
GET /get
request
2ms 19/10/2025, 10:28:37
✅ Request completed successfully
9
Test Granular Permissions
POST /post
request
2ms 19/10/2025, 10:28:37
✅ Request completed successfully
10
Token Revocation
POST /post
request
2ms 19/10/2025, 10:28:37
✅ Request completed successfully
11
Verify Revoked Token
GET /get
request
2ms 19/10/2025, 10:28:37
✅ Request completed successfully
12
Complete Logout
POST /post
request
2ms 19/10/2025, 10:28:37
✅ Request completed successfully
13
Authentication Flow Summary
POST /post
request
6ms 19/10/2025, 10:28:37
✅ Request completed successfully

🌐 HTTP Requests Debug Info

JWT Login Authentication

Step #1

3ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'X-Auth-Type: jwt' -d '{"grant_type":"password","username":"test_user@flowtest.com","password":"test_password_123","client_id":"flow_test_client_12345"}' "http://httpbin/post"

📤 Request

Method: POST
URL: http://httpbin/post
Base URL: http://httpbin
Request Headers
Content-Type: application/json
X-Auth-Type: jwt
Request Body
{
  "grant_type": "password",
  "username": "test_user@flowtest.com",
  "password": "test_password_123",
  "client_id": "flow_test_client_12345"
}

📥 Response

Status Code: 200
Duration: 3ms
Size: 627 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 756
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "data": "{\"grant_type\":\"password\",\"username\":\"test_user@flowtest.com\",\"password\":\"test_password_123\",\"client_id\":\"flow_test_client_12345\"}",
  "files": {},
  "form": {},
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Connection": "keep-alive",
    "Content-Length": "129",
    "Content-Type": "application/json",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Auth-Type": "jwt"
  },
  "json": {
    "client_id": "flow_test_client_12345",
    "grant_type": "password",
    "password": "test_password_123",
    "username": "test_user@flowtest.com"
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/post"
}
📊
Total
1
assertions
Passed
1
assertion
📈
Success Rate
100%
success

status_code

PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
Captured Variables
{
  "jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
  "jwt_refresh_token": "mock_refresh_token_456",
  "jwt_expires_in": 3600,
  "jwt_user_id": "12345",
  "jwt_login_success": true
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@flowtest.com",
    "password": "test_password_123",
    "client_id": "flow_test_client_12345",
    "client_secret": "secret_key_abc123xyz789"
  },
  "auth_endpoints": {
    "login": "/post",
    "token_refresh": "/post",
    "oauth2_authorize": "/get",
    "oauth2_token": "/post",
    "validate_token": "/get",
    "user_profile": "/get",
    "logout": "/post"
  }
}

Validate JWT Token

Step #2

3ms
cURL Command
curl -X GET -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload' -H 'X-Token-Type: jwt' -H 'X-Validation-Mode: full' "http://httpbin/get"

📤 Request

Method: GET
URL: http://httpbin/get
Base URL: http://httpbin
Request Headers
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload
X-Token-Type: jwt
X-Validation-Mode: full

📥 Response

Status Code: 200
Duration: 3ms
Size: 359 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 438
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
    "Connection": "keep-alive",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Token-Type": "jwt",
    "X-Validation-Mode": "full"
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/get"
}
📊
Total
2
assertions
Passed
2
assertions
📈
Success Rate
100%
success

status_code

PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200

body.headers.Authorization.contains

PASSED
Condição
body.headers.Authorization.contains equals Bearer
Comparação de Valores
Esperado expected
Bearer
Recebido actual
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload
Captured Variables
{
  "jwt_valid": true,
  "jwt_payload_decoded": null,
  "token_validation_time": "2025-10-19T10:28:37.512Z"
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@flowtest.com",
    "password": "test_password_123",
    "client_id": "flow_test_client_12345",
    "client_secret": "secret_key_abc123xyz789"
  },
  "auth_endpoints": {
    "login": "/post",
    "token_refresh": "/post",
    "oauth2_authorize": "/get",
    "oauth2_token": "/post",
    "validate_token": "/get",
    "user_profile": "/get",
    "logout": "/post"
  }
}

Get User Profile with JWT

Step #3

4ms
cURL Command
curl -X GET -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload' -H 'Accept: application/json' -H 'X-Include-Permissions: true' "http://httpbin/get"

📤 Request

Method: GET
URL: http://httpbin/get
Base URL: http://httpbin
Request Headers
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload
Accept: application/json
X-Include-Permissions: true

📥 Response

Status Code: 200
Duration: 4ms
Size: 325 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 397
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "headers": {
    "Accept": "application/json",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
    "Connection": "keep-alive",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Include-Permissions": "true"
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/get"
}
📊
Total
1
assertions
Passed
1
assertion
📈
Success Rate
100%
success

status_code

PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
Captured Variables
{
  "user_profile": null,
  "user_permissions": [
    "read",
    "write"
  ],
  "user_roles": [
    "user"
  ],
  "profile_fetch_success": true
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@flowtest.com",
    "password": "test_password_123",
    "client_id": "flow_test_client_12345",
    "client_secret": "secret_key_abc123xyz789"
  },
  "auth_endpoints": {
    "login": "/post",
    "token_refresh": "/post",
    "oauth2_authorize": "/get",
    "oauth2_token": "/post",
    "validate_token": "/get",
    "user_profile": "/get",
    "logout": "/post"
  }
}

Test Expired JWT Token

Step #4

3ms
cURL Command
curl -X GET -H 'Authorization: Bearer expired_jwt_token_12345' -H 'X-Token-Status: expired' -H 'X-Expected-Error: token_expired' "http://httpbin/get"

📤 Request

Method: GET
URL: http://httpbin/get
Base URL: http://httpbin
Request Headers
Authorization: Bearer expired_jwt_token_12345
X-Token-Status: expired
X-Expected-Error: token_expired

📥 Response

Status Code: 200
Duration: 3ms
Size: 347 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 426
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Authorization": "Bearer expired_jwt_token_12345",
    "Connection": "keep-alive",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Expected-Error": "token_expired",
    "X-Token-Status": "expired"
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/get"
}
Captured Variables
{
  "jwt_unexpectedly_valid": null,
  "token_validation_issue": null
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@flowtest.com",
    "password": "test_password_123",
    "client_id": "flow_test_client_12345",
    "client_secret": "secret_key_abc123xyz789"
  },
  "auth_endpoints": {
    "login": "/post",
    "token_refresh": "/post",
    "oauth2_authorize": "/get",
    "oauth2_token": "/post",
    "validate_token": "/get",
    "user_profile": "/get",
    "logout": "/post"
  }
}

🎭 Scenarios

Executed: 1 scenarios
Scenario 1: none ○
Scenario 2: then ✓

Refresh JWT Token

Step #5

2ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'X-Auth-Type: jwt_refresh' -d '{"grant_type":"refresh_token","refresh_token":"mock_refresh_token_456","client_id":"flow_test_client_12345"}' "http://httpbin/post"

📤 Request

Method: POST
URL: http://httpbin/post
Base URL: http://httpbin
Request Headers
Content-Type: application/json
X-Auth-Type: jwt_refresh
Request Body
{
  "grant_type": "refresh_token",
  "refresh_token": "mock_refresh_token_456",
  "client_id": "flow_test_client_12345"
}

📥 Response

Status Code: 200
Duration: 2ms
Size: 589 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 711
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "data": "{\"grant_type\":\"refresh_token\",\"refresh_token\":\"mock_refresh_token_456\",\"client_id\":\"flow_test_client_12345\"}",
  "files": {},
  "form": {},
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Connection": "keep-alive",
    "Content-Length": "108",
    "Content-Type": "application/json",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Auth-Type": "jwt_refresh"
  },
  "json": {
    "client_id": "flow_test_client_12345",
    "grant_type": "refresh_token",
    "refresh_token": "mock_refresh_token_456"
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/post"
}
📊
Total
1
assertions
Passed
1
assertion
📈
Success Rate
100%
success

status_code

PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
Captured Variables
{
  "jwt_new_token": null,
  "jwt_refresh_success": true,
  "new_token_expires_in": 3600
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@flowtest.com",
    "password": "test_password_123",
    "client_id": "flow_test_client_12345",
    "client_secret": "secret_key_abc123xyz789"
  },
  "auth_endpoints": {
    "login": "/post",
    "token_refresh": "/post",
    "oauth2_authorize": "/get",
    "oauth2_token": "/post",
    "validate_token": "/get",
    "user_profile": "/get",
    "logout": "/post"
  }
}

OAuth2 Authorization Request

Step #6

3ms
cURL Command
curl -X GET "http://httpbin/get"

📤 Request

Method: GET
URL: http://httpbin/get
Base URL: http://httpbin

📥 Response

Status Code: 200
Duration: 3ms
Size: 537 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 632
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {
    "client_id": "flow_test_client_12345",
    "redirect_uri": "http://httpbin/callback",
    "response_type": "code",
    "scope": "read write admin",
    "state": "random_state_abc123"
  },
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Connection": "keep-alive",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1"
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/get?response_type=code&client_id=flow_test_client_12345&redirect_uri=http:%2F%2Fhttpbin%2Fcallback&scope=read+write+admin&state=random_state_abc123"
}
📊
Total
1
assertions
Passed
1
assertion
📈
Success Rate
100%
success

status_code

PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
Captured Variables
{
  "oauth2_auth_code": null,
  "oauth2_state": null,
  "oauth2_redirect_uri": "{{httpbin_url}}/callback",
  "oauth2_auth_started": null
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@flowtest.com",
    "password": "test_password_123",
    "client_id": "flow_test_client_12345",
    "client_secret": "secret_key_abc123xyz789"
  },
  "auth_endpoints": {
    "login": "/post",
    "token_refresh": "/post",
    "oauth2_authorize": "/get",
    "oauth2_token": "/post",
    "validate_token": "/get",
    "user_profile": "/get",
    "logout": "/post"
  }
}

OAuth2 Token Exchange

Step #7

2ms
cURL Command
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -H 'X-OAuth2-Flow: authorization_code' -d '{"grant_type":"authorization_code","code":null,"client_id":"flow_test_client_12345","client_secret":"secret_key_abc123xyz789","redirect_uri":"http://httpbin/callback"}' "http://httpbin/post"

📤 Request

Method: POST
URL: http://httpbin/post
Base URL: http://httpbin
Request Headers
Content-Type: application/x-www-form-urlencoded
X-OAuth2-Flow: authorization_code
Request Body
{
  "grant_type": "authorization_code",
  "code": null,
  "client_id": "flow_test_client_12345",
  "client_secret": "secret_key_abc123xyz789",
  "redirect_uri": "http://httpbin/callback"
}

📥 Response

Status Code: 200
Duration: 2ms
Size: 544 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 673
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "data": "",
  "files": {},
  "form": {
    "client_id": "flow_test_client_12345",
    "client_secret": "secret_key_abc123xyz789",
    "grant_type": "authorization_code",
    "redirect_uri": "http://httpbin/callback"
  },
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Connection": "keep-alive",
    "Content-Length": "145",
    "Content-Type": "application/x-www-form-urlencoded",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Oauth2-Flow": "authorization_code"
  },
  "json": null,
  "origin": "172.18.0.3",
  "url": "http://httpbin/post"
}
📊
Total
1
assertions
Passed
1
assertion
📈
Success Rate
100%
success

status_code

PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
Captured Variables
{
  "oauth2_access_token": "oauth2_access_token_xyz",
  "oauth2_refresh_token": "oauth2_refresh_token_abc",
  "oauth2_expires_in": 7200,
  "oauth2_scope": "{{mock_responses.oauth2_success.scope}}",
  "oauth2_token_exchange_success": true
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@flowtest.com",
    "password": "test_password_123",
    "client_id": "flow_test_client_12345",
    "client_secret": "secret_key_abc123xyz789"
  },
  "auth_endpoints": {
    "login": "/post",
    "token_refresh": "/post",
    "oauth2_authorize": "/get",
    "oauth2_token": "/post",
    "validate_token": "/get",
    "user_profile": "/get",
    "logout": "/post"
  }
}

Access Resource with OAuth2 Token

Step #8

2ms
cURL Command
curl -X GET -H 'Authorization: Bearer oauth2_access_token_xyz' -H 'X-OAuth2-Scope: {{mock_responses.oauth2_success.scope}}' -H 'X-Resource-Type: protected' "http://httpbin/get"

📤 Request

Method: GET
URL: http://httpbin/get
Base URL: http://httpbin
Request Headers
Authorization: Bearer oauth2_access_token_xyz
X-OAuth2-Scope: {{mock_responses.oauth2_success.scope}}
X-Resource-Type: protected

📥 Response

Status Code: 200
Duration: 2ms
Size: 374 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 453
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Authorization": "Bearer oauth2_access_token_xyz",
    "Connection": "keep-alive",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Oauth2-Scope": "{{mock_responses.oauth2_success.scope}}",
    "X-Resource-Type": "protected"
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/get"
}
📊
Total
2
assertions
Passed
2
assertions
📈
Success Rate
100%
success

status_code

PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200

body.headers.Authorization.contains

PASSED
Condição
body.headers.Authorization.contains equals Bearer
Comparação de Valores
Esperado expected
Bearer
Recebido actual
Bearer oauth2_access_token_xyz
Captured Variables
{
  "oauth2_resource_access": null,
  "oauth2_scope_validated": null,
  "protected_resource_data": "protected_data_accessed"
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@flowtest.com",
    "password": "test_password_123",
    "client_id": "flow_test_client_12345",
    "client_secret": "secret_key_abc123xyz789"
  },
  "auth_endpoints": {
    "login": "/post",
    "token_refresh": "/post",
    "oauth2_authorize": "/get",
    "oauth2_token": "/post",
    "validate_token": "/get",
    "user_profile": "/get",
    "logout": "/post"
  }
}

Test Granular Permissions

Step #9

2ms
cURL Command
curl -X POST -H 'Authorization: Bearer oauth2_access_token_xyz' -H 'Content-Type: application/json' -H 'X-Permission-Check: admin' -d '{"action":"admin_operation","resource":"user_management","permission_required":"admin","user_permissions":["read","write"]}' "http://httpbin/post"

📤 Request

Method: POST
URL: http://httpbin/post
Base URL: http://httpbin
Request Headers
Authorization: Bearer oauth2_access_token_xyz
Content-Type: application/json
X-Permission-Check: admin
Request Body
{
  "action": "admin_operation",
  "resource": "user_management",
  "permission_required": "admin",
  "user_permissions": [
    "read",
    "write"
  ]
}

📥 Response

Status Code: 200
Duration: 2ms
Size: 675 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 831
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "data": "{\"action\":\"admin_operation\",\"resource\":\"user_management\",\"permission_required\":\"admin\",\"user_permissions\":[\"read\",\"write\"]}",
  "files": {},
  "form": {},
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Authorization": "Bearer oauth2_access_token_xyz",
    "Connection": "keep-alive",
    "Content-Length": "123",
    "Content-Type": "application/json",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Permission-Check": "admin"
  },
  "json": {
    "action": "admin_operation",
    "permission_required": "admin",
    "resource": "user_management",
    "user_permissions": [
      "read",
      "write"
    ]
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/post"
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@flowtest.com",
    "password": "test_password_123",
    "client_id": "flow_test_client_12345",
    "client_secret": "secret_key_abc123xyz789"
  },
  "auth_endpoints": {
    "login": "/post",
    "token_refresh": "/post",
    "oauth2_authorize": "/get",
    "oauth2_token": "/post",
    "validate_token": "/get",
    "user_profile": "/get",
    "logout": "/post"
  }
}

🎭 Scenarios

Executed: 0 scenarios
Scenario 1: none ○
Scenario 2: none ○

Token Revocation

Step #10

2ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'X-Auth-Action: revoke' -d '{"token":"oauth2_access_token_xyz","token_type":"access_token","action":"revoke"}' "http://httpbin/post"

📤 Request

Method: POST
URL: http://httpbin/post
Base URL: http://httpbin
Request Headers
Content-Type: application/json
X-Auth-Action: revoke
Request Body
{
  "token": "oauth2_access_token_xyz",
  "token_type": "access_token",
  "action": "revoke"
}

📥 Response

Status Code: 200
Duration: 2ms
Size: 531 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 653
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "data": "{\"token\":\"oauth2_access_token_xyz\",\"token_type\":\"access_token\",\"action\":\"revoke\"}",
  "files": {},
  "form": {},
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Connection": "keep-alive",
    "Content-Length": "81",
    "Content-Type": "application/json",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Auth-Action": "revoke"
  },
  "json": {
    "action": "revoke",
    "token": "oauth2_access_token_xyz",
    "token_type": "access_token"
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/post"
}
📊
Total
1
assertions
Passed
1
assertion
📈
Success Rate
100%
success

status_code

PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
Captured Variables
{
  "oauth2_token_revoked": null,
  "revocation_timestamp": "2025-10-19T10:28:37.534Z"
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@flowtest.com",
    "password": "test_password_123",
    "client_id": "flow_test_client_12345",
    "client_secret": "secret_key_abc123xyz789"
  },
  "auth_endpoints": {
    "login": "/post",
    "token_refresh": "/post",
    "oauth2_authorize": "/get",
    "oauth2_token": "/post",
    "validate_token": "/get",
    "user_profile": "/get",
    "logout": "/post"
  }
}

Verify Revoked Token

Step #11

2ms
cURL Command
curl -X GET -H 'Authorization: Bearer oauth2_access_token_xyz' -H 'X-Token-Expected-Status: revoked' "http://httpbin/get"

📤 Request

Method: GET
URL: http://httpbin/get
Base URL: http://httpbin
Request Headers
Authorization: Bearer oauth2_access_token_xyz
X-Token-Expected-Status: revoked

📥 Response

Status Code: 200
Duration: 2ms
Size: 321 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 393
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Authorization": "Bearer oauth2_access_token_xyz",
    "Connection": "keep-alive",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Token-Expected-Status": "revoked"
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/get"
}
Captured Variables
{
  "revocation_failed": null,
  "security_issue": null
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@flowtest.com",
    "password": "test_password_123",
    "client_id": "flow_test_client_12345",
    "client_secret": "secret_key_abc123xyz789"
  },
  "auth_endpoints": {
    "login": "/post",
    "token_refresh": "/post",
    "oauth2_authorize": "/get",
    "oauth2_token": "/post",
    "validate_token": "/get",
    "user_profile": "/get",
    "logout": "/post"
  }
}

🎭 Scenarios

Executed: 1 scenarios
Scenario 1: none ○
Scenario 2: then ✓

Complete Logout

Step #12

2ms
cURL Command
curl -X POST -H 'Authorization: Bearer ' -H 'Content-Type: application/json' -d '{"logout_type":"complete","revoke_all_tokens":true,"clear_session":true}' "http://httpbin/post"

📤 Request

Method: POST
URL: http://httpbin/post
Base URL: http://httpbin
Request Headers
Authorization: Bearer 
Content-Type: application/json
Request Body
{
  "logout_type": "complete",
  "revoke_all_tokens": true,
  "clear_session": true
}

📥 Response

Status Code: 200
Duration: 2ms
Size: 509 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 631
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "data": "{\"logout_type\":\"complete\",\"revoke_all_tokens\":true,\"clear_session\":true}",
  "files": {},
  "form": {},
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Authorization": "Bearer",
    "Connection": "keep-alive",
    "Content-Length": "72",
    "Content-Type": "application/json",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1"
  },
  "json": {
    "clear_session": true,
    "logout_type": "complete",
    "revoke_all_tokens": true
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/post"
}
📊
Total
1
assertions
Passed
1
assertion
📈
Success Rate
100%
success

status_code

PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
Captured Variables
{
  "complete_logout": null,
  "all_tokens_revoked": null,
  "session_cleared": null
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@flowtest.com",
    "password": "test_password_123",
    "client_id": "flow_test_client_12345",
    "client_secret": "secret_key_abc123xyz789"
  },
  "auth_endpoints": {
    "login": "/post",
    "token_refresh": "/post",
    "oauth2_authorize": "/get",
    "oauth2_token": "/post",
    "validate_token": "/get",
    "user_profile": "/get",
    "logout": "/post"
  }
}

Authentication Flow Summary

Step #13

6ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'X-Test-Summary: auth_flows' -d '{"flow_summary":"complete_auth_testing","results":{"jwt_flow":{"login":true,"validation":true,"refresh":true,"profile_access":true},"oauth2_flow":{"authorization":false,"token_exchange":true,"resource_access":false,"revocation":false},"security_tests":{"expired_token_handled":false,"revoked_token_rejected":false,"permission_validation":false},"final_cleanup":{"logout_complete":false}}}' "http://httpbin/post"

📤 Request

Method: POST
URL: http://httpbin/post
Base URL: http://httpbin
Request Headers
Content-Type: application/json
X-Test-Summary: auth_flows
Request Body
{
  "flow_summary": "complete_auth_testing",
  "results": {
    "jwt_flow": {
      "login": true,
      "validation": true,
      "refresh": true,
      "profile_access": true
    },
    "oauth2_flow": {
      "authorization": false,
      "token_exchange": true,
      "resource_access": false,
      "revocation": false
    },
    "security_tests": {
      "expired_token_handled": false,
      "revoked_token_rejected": false,
      "permission_validation": false
    },
    "final_cleanup": {
      "logout_complete": false
    }
  }
}

📥 Response

Status Code: 200
Duration: 6ms
Size: 1177 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 1488
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "data": "{\"flow_summary\":\"complete_auth_testing\",\"results\":{\"jwt_flow\":{\"login\":true,\"validation\":true,\"refresh\":true,\"profile_access\":true},\"oauth2_flow\":{\"authorization\":false,\"token_exchange\":true,\"resource_access\":false,\"revocation\":false},\"security_tests\":{\"expired_token_handled\":false,\"revoked_token_rejected\":false,\"permission_validation\":false},\"final_cleanup\":{\"logout_complete\":false}}}",
  "files": {},
  "form": {},
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Connection": "keep-alive",
    "Content-Length": "388",
    "Content-Type": "application/json",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Test-Summary": "auth_flows"
  },
  "json": {
    "flow_summary": "complete_auth_testing",
    "results": {
      "final_cleanup": {
        "logout_complete": false
      },
      "jwt_flow": {
        "login": true,
        "profile_access": true,
        "refresh": true,
        "validation": true
      },
      "oauth2_flow": {
        "authorization": false,
        "resource_access": false,
        "revocation": false,
        "token_exchange": true
      },
      "security_tests": {
        "expired_token_handled": false,
        "permission_validation": false,
        "revoked_token_rejected": false
      }
    }
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/post"
}
Captured Variables
{
  "auth_flow_results": {
    "jwt_authentication": {
      "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
      "tokens_issued": 2,
      "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
    },
    "oauth2_authentication": {
      "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
      "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
      "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
    },
    "security_validation": {
      "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
      "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
      "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
    },
    "session_management": {
      "logout_success": "{{js: Boolean(variables.complete_logout)}}",
      "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
    }
  },
  "test_completion_summary": {
    "total_auth_flows": 2,
    "security_tests_passed": "{{js: 0}}",
    "all_flows_tested": true,
    "security_compliant": false
  }
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@flowtest.com",
    "password": "test_password_123",
    "client_id": "flow_test_client_12345",
    "client_secret": "secret_key_abc123xyz789"
  },
  "auth_endpoints": {
    "login": "/post",
    "token_refresh": "/post",
    "oauth2_authorize": "/get",
    "oauth2_token": "/post",
    "validate_token": "/get",
    "user_profile": "/get",
    "logout": "/post"
  },
  "auth_flow_results": {
    "jwt_authentication": {
      "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
      "tokens_issued": 2,
      "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
    },
    "oauth2_authentication": {
      "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
      "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
      "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
    },
    "security_validation": {
      "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
      "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
      "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
    },
    "session_management": {
      "logout_success": "{{js: Boolean(variables.complete_logout)}}",
      "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
    }
  },
  "test_completion_summary": {
    "total_auth_flows": 2,
    "security_tests_passed": "{{js: 0}}",
    "all_flows_tested": true,
    "security_compliant": false
  }
}

📄 Raw Suite Data

Complete Suite Data
{
  "node_id": "auth_flows_test",
  "suite_name": "Teste de Fluxos de Autenticação",
  "file_path": "/app/tests/auth-flows-test.yaml",
  "priority": "critical",
  "start_time": "2025-10-19T10:28:37.505Z",
  "end_time": "2025-10-19T10:28:37.545Z",
  "duration_ms": 40,
  "status": "success",
  "steps_executed": 13,
  "steps_successful": 13,
  "steps_failed": 0,
  "success_rate": 100,
  "steps_results": [
    {
      "step_id": "step-1-jwt-login-authentication",
      "qualified_step_id": "auth_flows_test::step-1-jwt-login-authentication",
      "step_name": "JWT Login Authentication",
      "status": "success",
      "duration_ms": 3,
      "request_details": {
        "method": "POST",
        "url": "/post",
        "headers": {
          "Content-Type": "application/json",
          "X-Auth-Type": "jwt"
        },
        "body": {
          "grant_type": "password",
          "username": "test_user@flowtest.com",
          "password": "test_password_123",
          "client_id": "flow_test_client_12345"
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/post",
        "curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'X-Auth-Type: jwt' -d '{\"grant_type\":\"password\",\"username\":\"test_user@flowtest.com\",\"password\":\"test_password_123\",\"client_id\":\"flow_test_client_12345\"}' \"http://httpbin/post\"",
        "raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nX-Auth-Type: jwt\r\nContent-Length: 129\r\n\r\n{\"grant_type\":\"password\",\"username\":\"test_user@flowtest.com\",\"password\":\"test_password_123\",\"client_id\":\"flow_test_client_12345\"}",
        "raw_url": "{{base_url}}/post"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "756",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "data": "{\"grant_type\":\"password\",\"username\":\"test_user@flowtest.com\",\"password\":\"test_password_123\",\"client_id\":\"flow_test_client_12345\"}",
          "files": {},
          "form": {},
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Connection": "keep-alive",
            "Content-Length": "129",
            "Content-Type": "application/json",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Auth-Type": "jwt"
          },
          "json": {
            "client_id": "flow_test_client_12345",
            "grant_type": "password",
            "password": "test_password_123",
            "username": "test_user@flowtest.com"
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/post"
        },
        "size_bytes": 627,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 756\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"data\": \"{\\\"grant_type\\\":\\\"password\\\",\\\"username\\\":\\\"test_user@flowtest.com\\\",\\\"password\\\":\\\"test_password_123\\\",\\\"client_id\\\":\\\"flow_test_client_12345\\\"}\",\n  \"files\": {},\n  \"form\": {},\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Connection\": \"keep-alive\",\n    \"Content-Length\": \"129\",\n    \"Content-Type\": \"application/json\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Auth-Type\": \"jwt\"\n  },\n  \"json\": {\n    \"client_id\": \"flow_test_client_12345\",\n    \"grant_type\": \"password\",\n    \"password\": \"test_password_123\",\n    \"username\": \"test_user@flowtest.com\"\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/post\"\n}"
      },
      "assertions_results": [
        {
          "field": "status_code",
          "expected": 200,
          "actual": 200,
          "passed": true,
          "message": "OK"
        }
      ],
      "captured_variables": {
        "jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
        "jwt_refresh_token": "mock_refresh_token_456",
        "jwt_expires_in": 3600,
        "jwt_user_id": "12345",
        "jwt_login_success": true
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@flowtest.com",
          "password": "test_password_123",
          "client_id": "flow_test_client_12345",
          "client_secret": "secret_key_abc123xyz789"
        },
        "auth_endpoints": {
          "login": "/post",
          "token_refresh": "/post",
          "oauth2_authorize": "/get",
          "oauth2_token": "/post",
          "validate_token": "/get",
          "user_profile": "/get",
          "logout": "/post"
        }
      }
    },
    {
      "step_id": "step-2-validate-jwt-token",
      "qualified_step_id": "auth_flows_test::step-2-validate-jwt-token",
      "step_name": "Validate JWT Token",
      "status": "success",
      "duration_ms": 3,
      "request_details": {
        "method": "GET",
        "url": "/get",
        "headers": {
          "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
          "X-Token-Type": "jwt",
          "X-Validation-Mode": "full"
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/get",
        "curl_command": "curl -X GET -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload' -H 'X-Token-Type: jwt' -H 'X-Validation-Mode: full' \"http://httpbin/get\"",
        "raw_request": "GET /get HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload\r\nX-Token-Type: jwt\r\nX-Validation-Mode: full\r\n\r\n",
        "raw_url": "{{base_url}}/get"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "438",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
            "Connection": "keep-alive",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Token-Type": "jwt",
            "X-Validation-Mode": "full"
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/get"
        },
        "size_bytes": 359,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 438\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Authorization\": \"Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload\",\n    \"Connection\": \"keep-alive\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Token-Type\": \"jwt\",\n    \"X-Validation-Mode\": \"full\"\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/get\"\n}"
      },
      "assertions_results": [
        {
          "field": "status_code",
          "expected": 200,
          "actual": 200,
          "passed": true,
          "message": "OK"
        },
        {
          "field": "body.headers.Authorization.contains",
          "expected": "Bearer",
          "actual": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
          "passed": true,
          "message": "OK"
        }
      ],
      "captured_variables": {
        "jwt_valid": true,
        "jwt_payload_decoded": null,
        "token_validation_time": "2025-10-19T10:28:37.512Z"
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@flowtest.com",
          "password": "test_password_123",
          "client_id": "flow_test_client_12345",
          "client_secret": "secret_key_abc123xyz789"
        },
        "auth_endpoints": {
          "login": "/post",
          "token_refresh": "/post",
          "oauth2_authorize": "/get",
          "oauth2_token": "/post",
          "validate_token": "/get",
          "user_profile": "/get",
          "logout": "/post"
        }
      }
    },
    {
      "step_id": "step-3-get-user-profile-with-jwt",
      "qualified_step_id": "auth_flows_test::step-3-get-user-profile-with-jwt",
      "step_name": "Get User Profile with JWT",
      "status": "success",
      "duration_ms": 4,
      "request_details": {
        "method": "GET",
        "url": "/get",
        "headers": {
          "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
          "Accept": "application/json",
          "X-Include-Permissions": "true"
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/get",
        "curl_command": "curl -X GET -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload' -H 'Accept: application/json' -H 'X-Include-Permissions: true' \"http://httpbin/get\"",
        "raw_request": "GET /get HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload\r\nAccept: application/json\r\nX-Include-Permissions: true\r\n\r\n",
        "raw_url": "{{base_url}}/get"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "397",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "headers": {
            "Accept": "application/json",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
            "Connection": "keep-alive",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Include-Permissions": "true"
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/get"
        },
        "size_bytes": 325,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 397\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"headers\": {\n    \"Accept\": \"application/json\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Authorization\": \"Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload\",\n    \"Connection\": \"keep-alive\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Include-Permissions\": \"true\"\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/get\"\n}"
      },
      "assertions_results": [
        {
          "field": "status_code",
          "expected": 200,
          "actual": 200,
          "passed": true,
          "message": "OK"
        }
      ],
      "captured_variables": {
        "user_profile": null,
        "user_permissions": [
          "read",
          "write"
        ],
        "user_roles": [
          "user"
        ],
        "profile_fetch_success": true
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@flowtest.com",
          "password": "test_password_123",
          "client_id": "flow_test_client_12345",
          "client_secret": "secret_key_abc123xyz789"
        },
        "auth_endpoints": {
          "login": "/post",
          "token_refresh": "/post",
          "oauth2_authorize": "/get",
          "oauth2_token": "/post",
          "validate_token": "/get",
          "user_profile": "/get",
          "logout": "/post"
        }
      }
    },
    {
      "step_id": "step-4-test-expired-jwt-token",
      "qualified_step_id": "auth_flows_test::step-4-test-expired-jwt-token",
      "step_name": "Test Expired JWT Token",
      "status": "success",
      "duration_ms": 3,
      "request_details": {
        "method": "GET",
        "url": "/get",
        "headers": {
          "Authorization": "Bearer expired_jwt_token_12345",
          "X-Token-Status": "expired",
          "X-Expected-Error": "token_expired"
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/get",
        "curl_command": "curl -X GET -H 'Authorization: Bearer expired_jwt_token_12345' -H 'X-Token-Status: expired' -H 'X-Expected-Error: token_expired' \"http://httpbin/get\"",
        "raw_request": "GET /get HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer expired_jwt_token_12345\r\nX-Token-Status: expired\r\nX-Expected-Error: token_expired\r\n\r\n",
        "raw_url": "{{base_url}}/get"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "426",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Authorization": "Bearer expired_jwt_token_12345",
            "Connection": "keep-alive",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Expected-Error": "token_expired",
            "X-Token-Status": "expired"
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/get"
        },
        "size_bytes": 347,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 426\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Authorization\": \"Bearer expired_jwt_token_12345\",\n    \"Connection\": \"keep-alive\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Expected-Error\": \"token_expired\",\n    \"X-Token-Status\": \"expired\"\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/get\"\n}"
      },
      "assertions_results": [],
      "captured_variables": {
        "jwt_unexpectedly_valid": null,
        "token_validation_issue": null
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@flowtest.com",
          "password": "test_password_123",
          "client_id": "flow_test_client_12345",
          "client_secret": "secret_key_abc123xyz789"
        },
        "auth_endpoints": {
          "login": "/post",
          "token_refresh": "/post",
          "oauth2_authorize": "/get",
          "oauth2_token": "/post",
          "validate_token": "/get",
          "user_profile": "/get",
          "logout": "/post"
        }
      },
      "scenarios_meta": {
        "has_scenarios": true,
        "executed_count": 1,
        "evaluations": [
          {
            "index": 1,
            "condition": "status_code == `401`",
            "matched": false,
            "executed": false,
            "branch": "none",
            "assertions_added": 0,
            "captures_added": 0
          },
          {
            "index": 2,
            "condition": "status_code == `200`",
            "matched": true,
            "executed": true,
            "branch": "then",
            "assertions_added": 0,
            "captures_added": 2
          }
        ]
      }
    },
    {
      "step_id": "step-5-refresh-jwt-token",
      "qualified_step_id": "auth_flows_test::step-5-refresh-jwt-token",
      "step_name": "Refresh JWT Token",
      "status": "success",
      "duration_ms": 2,
      "request_details": {
        "method": "POST",
        "url": "/post",
        "headers": {
          "Content-Type": "application/json",
          "X-Auth-Type": "jwt_refresh"
        },
        "body": {
          "grant_type": "refresh_token",
          "refresh_token": "mock_refresh_token_456",
          "client_id": "flow_test_client_12345"
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/post",
        "curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'X-Auth-Type: jwt_refresh' -d '{\"grant_type\":\"refresh_token\",\"refresh_token\":\"mock_refresh_token_456\",\"client_id\":\"flow_test_client_12345\"}' \"http://httpbin/post\"",
        "raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nX-Auth-Type: jwt_refresh\r\nContent-Length: 108\r\n\r\n{\"grant_type\":\"refresh_token\",\"refresh_token\":\"mock_refresh_token_456\",\"client_id\":\"flow_test_client_12345\"}",
        "raw_url": "{{base_url}}/post"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "711",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "data": "{\"grant_type\":\"refresh_token\",\"refresh_token\":\"mock_refresh_token_456\",\"client_id\":\"flow_test_client_12345\"}",
          "files": {},
          "form": {},
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Connection": "keep-alive",
            "Content-Length": "108",
            "Content-Type": "application/json",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Auth-Type": "jwt_refresh"
          },
          "json": {
            "client_id": "flow_test_client_12345",
            "grant_type": "refresh_token",
            "refresh_token": "mock_refresh_token_456"
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/post"
        },
        "size_bytes": 589,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 711\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"data\": \"{\\\"grant_type\\\":\\\"refresh_token\\\",\\\"refresh_token\\\":\\\"mock_refresh_token_456\\\",\\\"client_id\\\":\\\"flow_test_client_12345\\\"}\",\n  \"files\": {},\n  \"form\": {},\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Connection\": \"keep-alive\",\n    \"Content-Length\": \"108\",\n    \"Content-Type\": \"application/json\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Auth-Type\": \"jwt_refresh\"\n  },\n  \"json\": {\n    \"client_id\": \"flow_test_client_12345\",\n    \"grant_type\": \"refresh_token\",\n    \"refresh_token\": \"mock_refresh_token_456\"\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/post\"\n}"
      },
      "assertions_results": [
        {
          "field": "status_code",
          "expected": 200,
          "actual": 200,
          "passed": true,
          "message": "OK"
        }
      ],
      "captured_variables": {
        "jwt_new_token": null,
        "jwt_refresh_success": true,
        "new_token_expires_in": 3600
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@flowtest.com",
          "password": "test_password_123",
          "client_id": "flow_test_client_12345",
          "client_secret": "secret_key_abc123xyz789"
        },
        "auth_endpoints": {
          "login": "/post",
          "token_refresh": "/post",
          "oauth2_authorize": "/get",
          "oauth2_token": "/post",
          "validate_token": "/get",
          "user_profile": "/get",
          "logout": "/post"
        }
      }
    },
    {
      "step_id": "step-6-oauth2-authorization-request",
      "qualified_step_id": "auth_flows_test::step-6-oauth2-authorization-request",
      "step_name": "OAuth2 Authorization Request",
      "status": "success",
      "duration_ms": 3,
      "request_details": {
        "method": "GET",
        "url": "/get",
        "params": {
          "response_type": "code",
          "client_id": "flow_test_client_12345",
          "redirect_uri": "http://httpbin/callback",
          "scope": "read write admin",
          "state": "random_state_abc123"
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/get",
        "curl_command": "curl -X GET \"http://httpbin/get\"",
        "raw_request": "GET /get HTTP/1.1\r\nHost: httpbin\r\n\r\n",
        "raw_url": "{{base_url}}/get"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "632",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {
            "client_id": "flow_test_client_12345",
            "redirect_uri": "http://httpbin/callback",
            "response_type": "code",
            "scope": "read write admin",
            "state": "random_state_abc123"
          },
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Connection": "keep-alive",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1"
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/get?response_type=code&client_id=flow_test_client_12345&redirect_uri=http:%2F%2Fhttpbin%2Fcallback&scope=read+write+admin&state=random_state_abc123"
        },
        "size_bytes": 537,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 632\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {\n    \"client_id\": \"flow_test_client_12345\",\n    \"redirect_uri\": \"http://httpbin/callback\",\n    \"response_type\": \"code\",\n    \"scope\": \"read write admin\",\n    \"state\": \"random_state_abc123\"\n  },\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Connection\": \"keep-alive\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\"\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/get?response_type=code&client_id=flow_test_client_12345&redirect_uri=http:%2F%2Fhttpbin%2Fcallback&scope=read+write+admin&state=random_state_abc123\"\n}"
      },
      "assertions_results": [
        {
          "field": "status_code",
          "expected": 200,
          "actual": 200,
          "passed": true,
          "message": "OK"
        }
      ],
      "captured_variables": {
        "oauth2_auth_code": null,
        "oauth2_state": null,
        "oauth2_redirect_uri": "{{httpbin_url}}/callback",
        "oauth2_auth_started": null
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@flowtest.com",
          "password": "test_password_123",
          "client_id": "flow_test_client_12345",
          "client_secret": "secret_key_abc123xyz789"
        },
        "auth_endpoints": {
          "login": "/post",
          "token_refresh": "/post",
          "oauth2_authorize": "/get",
          "oauth2_token": "/post",
          "validate_token": "/get",
          "user_profile": "/get",
          "logout": "/post"
        }
      }
    },
    {
      "step_id": "step-7-oauth2-token-exchange",
      "qualified_step_id": "auth_flows_test::step-7-oauth2-token-exchange",
      "step_name": "OAuth2 Token Exchange",
      "status": "success",
      "duration_ms": 2,
      "request_details": {
        "method": "POST",
        "url": "/post",
        "headers": {
          "Content-Type": "application/x-www-form-urlencoded",
          "X-OAuth2-Flow": "authorization_code"
        },
        "body": {
          "grant_type": "authorization_code",
          "code": null,
          "client_id": "flow_test_client_12345",
          "client_secret": "secret_key_abc123xyz789",
          "redirect_uri": "http://httpbin/callback"
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/post",
        "curl_command": "curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -H 'X-OAuth2-Flow: authorization_code' -d '{\"grant_type\":\"authorization_code\",\"code\":null,\"client_id\":\"flow_test_client_12345\",\"client_secret\":\"secret_key_abc123xyz789\",\"redirect_uri\":\"http://httpbin/callback\"}' \"http://httpbin/post\"",
        "raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/x-www-form-urlencoded\r\nX-OAuth2-Flow: authorization_code\r\nContent-Length: 167\r\n\r\n{\"grant_type\":\"authorization_code\",\"code\":null,\"client_id\":\"flow_test_client_12345\",\"client_secret\":\"secret_key_abc123xyz789\",\"redirect_uri\":\"http://httpbin/callback\"}",
        "raw_url": "{{base_url}}/post"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "673",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "data": "",
          "files": {},
          "form": {
            "client_id": "flow_test_client_12345",
            "client_secret": "secret_key_abc123xyz789",
            "grant_type": "authorization_code",
            "redirect_uri": "http://httpbin/callback"
          },
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Connection": "keep-alive",
            "Content-Length": "145",
            "Content-Type": "application/x-www-form-urlencoded",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Oauth2-Flow": "authorization_code"
          },
          "json": null,
          "origin": "172.18.0.3",
          "url": "http://httpbin/post"
        },
        "size_bytes": 544,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 673\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"data\": \"\",\n  \"files\": {},\n  \"form\": {\n    \"client_id\": \"flow_test_client_12345\",\n    \"client_secret\": \"secret_key_abc123xyz789\",\n    \"grant_type\": \"authorization_code\",\n    \"redirect_uri\": \"http://httpbin/callback\"\n  },\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Connection\": \"keep-alive\",\n    \"Content-Length\": \"145\",\n    \"Content-Type\": \"application/x-www-form-urlencoded\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Oauth2-Flow\": \"authorization_code\"\n  },\n  \"json\": null,\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/post\"\n}"
      },
      "assertions_results": [
        {
          "field": "status_code",
          "expected": 200,
          "actual": 200,
          "passed": true,
          "message": "OK"
        }
      ],
      "captured_variables": {
        "oauth2_access_token": "oauth2_access_token_xyz",
        "oauth2_refresh_token": "oauth2_refresh_token_abc",
        "oauth2_expires_in": 7200,
        "oauth2_scope": "{{mock_responses.oauth2_success.scope}}",
        "oauth2_token_exchange_success": true
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@flowtest.com",
          "password": "test_password_123",
          "client_id": "flow_test_client_12345",
          "client_secret": "secret_key_abc123xyz789"
        },
        "auth_endpoints": {
          "login": "/post",
          "token_refresh": "/post",
          "oauth2_authorize": "/get",
          "oauth2_token": "/post",
          "validate_token": "/get",
          "user_profile": "/get",
          "logout": "/post"
        }
      }
    },
    {
      "step_id": "step-8-access-resource-with-oauth2-token",
      "qualified_step_id": "auth_flows_test::step-8-access-resource-with-oauth2-token",
      "step_name": "Access Resource with OAuth2 Token",
      "status": "success",
      "duration_ms": 2,
      "request_details": {
        "method": "GET",
        "url": "/get",
        "headers": {
          "Authorization": "Bearer oauth2_access_token_xyz",
          "X-OAuth2-Scope": "{{mock_responses.oauth2_success.scope}}",
          "X-Resource-Type": "protected"
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/get",
        "curl_command": "curl -X GET -H 'Authorization: Bearer oauth2_access_token_xyz' -H 'X-OAuth2-Scope: {{mock_responses.oauth2_success.scope}}' -H 'X-Resource-Type: protected' \"http://httpbin/get\"",
        "raw_request": "GET /get HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer oauth2_access_token_xyz\r\nX-OAuth2-Scope: {{mock_responses.oauth2_success.scope}}\r\nX-Resource-Type: protected\r\n\r\n",
        "raw_url": "{{base_url}}/get"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "453",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Authorization": "Bearer oauth2_access_token_xyz",
            "Connection": "keep-alive",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Oauth2-Scope": "{{mock_responses.oauth2_success.scope}}",
            "X-Resource-Type": "protected"
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/get"
        },
        "size_bytes": 374,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 453\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Authorization\": \"Bearer oauth2_access_token_xyz\",\n    \"Connection\": \"keep-alive\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Oauth2-Scope\": \"{{mock_responses.oauth2_success.scope}}\",\n    \"X-Resource-Type\": \"protected\"\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/get\"\n}"
      },
      "assertions_results": [
        {
          "field": "status_code",
          "expected": 200,
          "actual": 200,
          "passed": true,
          "message": "OK"
        },
        {
          "field": "body.headers.Authorization.contains",
          "expected": "Bearer",
          "actual": "Bearer oauth2_access_token_xyz",
          "passed": true,
          "message": "OK"
        }
      ],
      "captured_variables": {
        "oauth2_resource_access": null,
        "oauth2_scope_validated": null,
        "protected_resource_data": "protected_data_accessed"
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@flowtest.com",
          "password": "test_password_123",
          "client_id": "flow_test_client_12345",
          "client_secret": "secret_key_abc123xyz789"
        },
        "auth_endpoints": {
          "login": "/post",
          "token_refresh": "/post",
          "oauth2_authorize": "/get",
          "oauth2_token": "/post",
          "validate_token": "/get",
          "user_profile": "/get",
          "logout": "/post"
        }
      }
    },
    {
      "step_id": "step-9-test-granular-permissions",
      "qualified_step_id": "auth_flows_test::step-9-test-granular-permissions",
      "step_name": "Test Granular Permissions",
      "status": "success",
      "duration_ms": 2,
      "request_details": {
        "method": "POST",
        "url": "/post",
        "headers": {
          "Authorization": "Bearer oauth2_access_token_xyz",
          "Content-Type": "application/json",
          "X-Permission-Check": "admin"
        },
        "body": {
          "action": "admin_operation",
          "resource": "user_management",
          "permission_required": "admin",
          "user_permissions": [
            "read",
            "write"
          ]
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/post",
        "curl_command": "curl -X POST -H 'Authorization: Bearer oauth2_access_token_xyz' -H 'Content-Type: application/json' -H 'X-Permission-Check: admin' -d '{\"action\":\"admin_operation\",\"resource\":\"user_management\",\"permission_required\":\"admin\",\"user_permissions\":[\"read\",\"write\"]}' \"http://httpbin/post\"",
        "raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer oauth2_access_token_xyz\r\nContent-Type: application/json\r\nX-Permission-Check: admin\r\nContent-Length: 123\r\n\r\n{\"action\":\"admin_operation\",\"resource\":\"user_management\",\"permission_required\":\"admin\",\"user_permissions\":[\"read\",\"write\"]}",
        "raw_url": "{{base_url}}/post"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "831",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "data": "{\"action\":\"admin_operation\",\"resource\":\"user_management\",\"permission_required\":\"admin\",\"user_permissions\":[\"read\",\"write\"]}",
          "files": {},
          "form": {},
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Authorization": "Bearer oauth2_access_token_xyz",
            "Connection": "keep-alive",
            "Content-Length": "123",
            "Content-Type": "application/json",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Permission-Check": "admin"
          },
          "json": {
            "action": "admin_operation",
            "permission_required": "admin",
            "resource": "user_management",
            "user_permissions": [
              "read",
              "write"
            ]
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/post"
        },
        "size_bytes": 675,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 831\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"data\": \"{\\\"action\\\":\\\"admin_operation\\\",\\\"resource\\\":\\\"user_management\\\",\\\"permission_required\\\":\\\"admin\\\",\\\"user_permissions\\\":[\\\"read\\\",\\\"write\\\"]}\",\n  \"files\": {},\n  \"form\": {},\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Authorization\": \"Bearer oauth2_access_token_xyz\",\n    \"Connection\": \"keep-alive\",\n    \"Content-Length\": \"123\",\n    \"Content-Type\": \"application/json\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Permission-Check\": \"admin\"\n  },\n  \"json\": {\n    \"action\": \"admin_operation\",\n    \"permission_required\": \"admin\",\n    \"resource\": \"user_management\",\n    \"user_permissions\": [\n      \"read\",\n      \"write\"\n    ]\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/post\"\n}"
      },
      "assertions_results": [],
      "captured_variables": {},
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@flowtest.com",
          "password": "test_password_123",
          "client_id": "flow_test_client_12345",
          "client_secret": "secret_key_abc123xyz789"
        },
        "auth_endpoints": {
          "login": "/post",
          "token_refresh": "/post",
          "oauth2_authorize": "/get",
          "oauth2_token": "/post",
          "validate_token": "/get",
          "user_profile": "/get",
          "logout": "/post"
        }
      },
      "scenarios_meta": {
        "has_scenarios": true,
        "executed_count": 0,
        "evaluations": [
          {
            "index": 1,
            "condition": "json.permission_required == `admin` && headers.\"x-permission-check\" == `admin`",
            "matched": false,
            "executed": false,
            "branch": "none",
            "assertions_added": 0,
            "captures_added": 0
          },
          {
            "index": 2,
            "condition": "status_code == `403`",
            "matched": false,
            "executed": false,
            "branch": "none",
            "assertions_added": 0,
            "captures_added": 0
          }
        ]
      }
    },
    {
      "step_id": "step-10-token-revocation",
      "qualified_step_id": "auth_flows_test::step-10-token-revocation",
      "step_name": "Token Revocation",
      "status": "success",
      "duration_ms": 2,
      "request_details": {
        "method": "POST",
        "url": "/post",
        "headers": {
          "Content-Type": "application/json",
          "X-Auth-Action": "revoke"
        },
        "body": {
          "token": "oauth2_access_token_xyz",
          "token_type": "access_token",
          "action": "revoke"
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/post",
        "curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'X-Auth-Action: revoke' -d '{\"token\":\"oauth2_access_token_xyz\",\"token_type\":\"access_token\",\"action\":\"revoke\"}' \"http://httpbin/post\"",
        "raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nX-Auth-Action: revoke\r\nContent-Length: 81\r\n\r\n{\"token\":\"oauth2_access_token_xyz\",\"token_type\":\"access_token\",\"action\":\"revoke\"}",
        "raw_url": "{{base_url}}/post"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "653",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "data": "{\"token\":\"oauth2_access_token_xyz\",\"token_type\":\"access_token\",\"action\":\"revoke\"}",
          "files": {},
          "form": {},
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Connection": "keep-alive",
            "Content-Length": "81",
            "Content-Type": "application/json",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Auth-Action": "revoke"
          },
          "json": {
            "action": "revoke",
            "token": "oauth2_access_token_xyz",
            "token_type": "access_token"
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/post"
        },
        "size_bytes": 531,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 653\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"data\": \"{\\\"token\\\":\\\"oauth2_access_token_xyz\\\",\\\"token_type\\\":\\\"access_token\\\",\\\"action\\\":\\\"revoke\\\"}\",\n  \"files\": {},\n  \"form\": {},\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Connection\": \"keep-alive\",\n    \"Content-Length\": \"81\",\n    \"Content-Type\": \"application/json\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Auth-Action\": \"revoke\"\n  },\n  \"json\": {\n    \"action\": \"revoke\",\n    \"token\": \"oauth2_access_token_xyz\",\n    \"token_type\": \"access_token\"\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/post\"\n}"
      },
      "assertions_results": [
        {
          "field": "status_code",
          "expected": 200,
          "actual": 200,
          "passed": true,
          "message": "OK"
        }
      ],
      "captured_variables": {
        "oauth2_token_revoked": null,
        "revocation_timestamp": "2025-10-19T10:28:37.534Z"
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@flowtest.com",
          "password": "test_password_123",
          "client_id": "flow_test_client_12345",
          "client_secret": "secret_key_abc123xyz789"
        },
        "auth_endpoints": {
          "login": "/post",
          "token_refresh": "/post",
          "oauth2_authorize": "/get",
          "oauth2_token": "/post",
          "validate_token": "/get",
          "user_profile": "/get",
          "logout": "/post"
        }
      }
    },
    {
      "step_id": "step-11-verify-revoked-token",
      "qualified_step_id": "auth_flows_test::step-11-verify-revoked-token",
      "step_name": "Verify Revoked Token",
      "status": "success",
      "duration_ms": 2,
      "request_details": {
        "method": "GET",
        "url": "/get",
        "headers": {
          "Authorization": "Bearer oauth2_access_token_xyz",
          "X-Token-Expected-Status": "revoked"
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/get",
        "curl_command": "curl -X GET -H 'Authorization: Bearer oauth2_access_token_xyz' -H 'X-Token-Expected-Status: revoked' \"http://httpbin/get\"",
        "raw_request": "GET /get HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer oauth2_access_token_xyz\r\nX-Token-Expected-Status: revoked\r\n\r\n",
        "raw_url": "{{base_url}}/get"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "393",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Authorization": "Bearer oauth2_access_token_xyz",
            "Connection": "keep-alive",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Token-Expected-Status": "revoked"
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/get"
        },
        "size_bytes": 321,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 393\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Authorization\": \"Bearer oauth2_access_token_xyz\",\n    \"Connection\": \"keep-alive\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Token-Expected-Status\": \"revoked\"\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/get\"\n}"
      },
      "assertions_results": [],
      "captured_variables": {
        "revocation_failed": null,
        "security_issue": null
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@flowtest.com",
          "password": "test_password_123",
          "client_id": "flow_test_client_12345",
          "client_secret": "secret_key_abc123xyz789"
        },
        "auth_endpoints": {
          "login": "/post",
          "token_refresh": "/post",
          "oauth2_authorize": "/get",
          "oauth2_token": "/post",
          "validate_token": "/get",
          "user_profile": "/get",
          "logout": "/post"
        }
      },
      "scenarios_meta": {
        "has_scenarios": true,
        "executed_count": 1,
        "evaluations": [
          {
            "index": 1,
            "condition": "status_code == `401`",
            "matched": false,
            "executed": false,
            "branch": "none",
            "assertions_added": 0,
            "captures_added": 0
          },
          {
            "index": 2,
            "condition": "status_code == `200`",
            "matched": true,
            "executed": true,
            "branch": "then",
            "assertions_added": 0,
            "captures_added": 2
          }
        ]
      }
    },
    {
      "step_id": "step-12-complete-logout",
      "qualified_step_id": "auth_flows_test::step-12-complete-logout",
      "step_name": "Complete Logout",
      "status": "success",
      "duration_ms": 2,
      "request_details": {
        "method": "POST",
        "url": "/post",
        "headers": {
          "Authorization": "Bearer ",
          "Content-Type": "application/json"
        },
        "body": {
          "logout_type": "complete",
          "revoke_all_tokens": true,
          "clear_session": true
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/post",
        "curl_command": "curl -X POST -H 'Authorization: Bearer ' -H 'Content-Type: application/json' -d '{\"logout_type\":\"complete\",\"revoke_all_tokens\":true,\"clear_session\":true}' \"http://httpbin/post\"",
        "raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer \r\nContent-Type: application/json\r\nContent-Length: 72\r\n\r\n{\"logout_type\":\"complete\",\"revoke_all_tokens\":true,\"clear_session\":true}",
        "raw_url": "{{base_url}}/{{auth_endpoints.logout}}"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "631",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "data": "{\"logout_type\":\"complete\",\"revoke_all_tokens\":true,\"clear_session\":true}",
          "files": {},
          "form": {},
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Authorization": "Bearer",
            "Connection": "keep-alive",
            "Content-Length": "72",
            "Content-Type": "application/json",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1"
          },
          "json": {
            "clear_session": true,
            "logout_type": "complete",
            "revoke_all_tokens": true
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/post"
        },
        "size_bytes": 509,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 631\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"data\": \"{\\\"logout_type\\\":\\\"complete\\\",\\\"revoke_all_tokens\\\":true,\\\"clear_session\\\":true}\",\n  \"files\": {},\n  \"form\": {},\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Authorization\": \"Bearer\",\n    \"Connection\": \"keep-alive\",\n    \"Content-Length\": \"72\",\n    \"Content-Type\": \"application/json\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\"\n  },\n  \"json\": {\n    \"clear_session\": true,\n    \"logout_type\": \"complete\",\n    \"revoke_all_tokens\": true\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/post\"\n}"
      },
      "assertions_results": [
        {
          "field": "status_code",
          "expected": 200,
          "actual": 200,
          "passed": true,
          "message": "OK"
        }
      ],
      "captured_variables": {
        "complete_logout": null,
        "all_tokens_revoked": null,
        "session_cleared": null
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@flowtest.com",
          "password": "test_password_123",
          "client_id": "flow_test_client_12345",
          "client_secret": "secret_key_abc123xyz789"
        },
        "auth_endpoints": {
          "login": "/post",
          "token_refresh": "/post",
          "oauth2_authorize": "/get",
          "oauth2_token": "/post",
          "validate_token": "/get",
          "user_profile": "/get",
          "logout": "/post"
        }
      }
    },
    {
      "step_id": "step-13-authentication-flow-summary",
      "qualified_step_id": "auth_flows_test::step-13-authentication-flow-summary",
      "step_name": "Authentication Flow Summary",
      "status": "success",
      "duration_ms": 6,
      "request_details": {
        "method": "POST",
        "url": "/post",
        "headers": {
          "Content-Type": "application/json",
          "X-Test-Summary": "auth_flows"
        },
        "body": {
          "flow_summary": "complete_auth_testing",
          "results": {
            "jwt_flow": {
              "login": true,
              "validation": true,
              "refresh": true,
              "profile_access": true
            },
            "oauth2_flow": {
              "authorization": false,
              "token_exchange": true,
              "resource_access": false,
              "revocation": false
            },
            "security_tests": {
              "expired_token_handled": false,
              "revoked_token_rejected": false,
              "permission_validation": false
            },
            "final_cleanup": {
              "logout_complete": false
            }
          }
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/post",
        "curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'X-Test-Summary: auth_flows' -d '{\"flow_summary\":\"complete_auth_testing\",\"results\":{\"jwt_flow\":{\"login\":true,\"validation\":true,\"refresh\":true,\"profile_access\":true},\"oauth2_flow\":{\"authorization\":false,\"token_exchange\":true,\"resource_access\":false,\"revocation\":false},\"security_tests\":{\"expired_token_handled\":false,\"revoked_token_rejected\":false,\"permission_validation\":false},\"final_cleanup\":{\"logout_complete\":false}}}' \"http://httpbin/post\"",
        "raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nX-Test-Summary: auth_flows\r\nContent-Length: 388\r\n\r\n{\"flow_summary\":\"complete_auth_testing\",\"results\":{\"jwt_flow\":{\"login\":true,\"validation\":true,\"refresh\":true,\"profile_access\":true},\"oauth2_flow\":{\"authorization\":false,\"token_exchange\":true,\"resource_access\":false,\"revocation\":false},\"security_tests\":{\"expired_token_handled\":false,\"revoked_token_rejected\":false,\"permission_validation\":false},\"final_cleanup\":{\"logout_complete\":false}}}",
        "raw_url": "{{base_url}}/post"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "1488",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "data": "{\"flow_summary\":\"complete_auth_testing\",\"results\":{\"jwt_flow\":{\"login\":true,\"validation\":true,\"refresh\":true,\"profile_access\":true},\"oauth2_flow\":{\"authorization\":false,\"token_exchange\":true,\"resource_access\":false,\"revocation\":false},\"security_tests\":{\"expired_token_handled\":false,\"revoked_token_rejected\":false,\"permission_validation\":false},\"final_cleanup\":{\"logout_complete\":false}}}",
          "files": {},
          "form": {},
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Connection": "keep-alive",
            "Content-Length": "388",
            "Content-Type": "application/json",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Test-Summary": "auth_flows"
          },
          "json": {
            "flow_summary": "complete_auth_testing",
            "results": {
              "final_cleanup": {
                "logout_complete": false
              },
              "jwt_flow": {
                "login": true,
                "profile_access": true,
                "refresh": true,
                "validation": true
              },
              "oauth2_flow": {
                "authorization": false,
                "resource_access": false,
                "revocation": false,
                "token_exchange": true
              },
              "security_tests": {
                "expired_token_handled": false,
                "permission_validation": false,
                "revoked_token_rejected": false
              }
            }
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/post"
        },
        "size_bytes": 1177,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 1488\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"data\": \"{\\\"flow_summary\\\":\\\"complete_auth_testing\\\",\\\"results\\\":{\\\"jwt_flow\\\":{\\\"login\\\":true,\\\"validation\\\":true,\\\"refresh\\\":true,\\\"profile_access\\\":true},\\\"oauth2_flow\\\":{\\\"authorization\\\":false,\\\"token_exchange\\\":true,\\\"resource_access\\\":false,\\\"revocation\\\":false},\\\"security_tests\\\":{\\\"expired_token_handled\\\":false,\\\"revoked_token_rejected\\\":false,\\\"permission_validation\\\":false},\\\"final_cleanup\\\":{\\\"logout_complete\\\":false}}}\",\n  \"files\": {},\n  \"form\": {},\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Connection\": \"keep-alive\",\n    \"Content-Length\": \"388\",\n    \"Content-Type\": \"application/json\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Test-Summary\": \"auth_flows\"\n  },\n  \"json\": {\n    \"flow_summary\": \"complete_auth_testing\",\n    \"results\": {\n      \"final_cleanup\": {\n        \"logout_complete\": false\n      },\n      \"jwt_flow\": {\n        \"login\": true,\n        \"profile_access\": true,\n        \"refresh\": true,\n        \"validation\": true\n      },\n      \"oauth2_flow\": {\n        \"authorization\": false,\n        \"resource_access\": false,\n        \"revocation\": false,\n        \"token_exchange\": true\n      },\n      \"security_tests\": {\n        \"expired_token_handled\": false,\n        \"permission_validation\": false,\n        \"revoked_token_rejected\": false\n      }\n    }\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/post\"\n}"
      },
      "assertions_results": [],
      "captured_variables": {
        "auth_flow_results": {
          "jwt_authentication": {
            "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
            "tokens_issued": 2,
            "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
          },
          "oauth2_authentication": {
            "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
            "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
            "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
          },
          "security_validation": {
            "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
            "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
            "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
          },
          "session_management": {
            "logout_success": "{{js: Boolean(variables.complete_logout)}}",
            "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
          }
        },
        "test_completion_summary": {
          "total_auth_flows": 2,
          "security_tests_passed": "{{js: 0}}",
          "all_flows_tested": true,
          "security_compliant": false
        }
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@flowtest.com",
          "password": "test_password_123",
          "client_id": "flow_test_client_12345",
          "client_secret": "secret_key_abc123xyz789"
        },
        "auth_endpoints": {
          "login": "/post",
          "token_refresh": "/post",
          "oauth2_authorize": "/get",
          "oauth2_token": "/post",
          "validate_token": "/get",
          "user_profile": "/get",
          "logout": "/post"
        },
        "auth_flow_results": {
          "jwt_authentication": {
            "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
            "tokens_issued": 2,
            "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
          },
          "oauth2_authentication": {
            "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
            "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
            "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
          },
          "security_validation": {
            "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
            "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
            "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
          },
          "session_management": {
            "logout_success": "{{js: Boolean(variables.complete_logout)}}",
            "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
          }
        },
        "test_completion_summary": {
          "total_auth_flows": 2,
          "security_tests_passed": "{{js: 0}}",
          "all_flows_tested": true,
          "security_compliant": false
        }
      }
    }
  ],
  "variables_captured": {},
  "available_variables": {
    "api_base_url": "http://localhost:8080",
    "test_credentials": {
      "username": "test_user@flowtest.com",
      "password": "test_password_123",
      "client_id": "flow_test_client_12345",
      "client_secret": "secret_key_abc123xyz789"
    },
    "auth_endpoints": {
      "login": "/post",
      "token_refresh": "/post",
      "oauth2_authorize": "/get",
      "oauth2_token": "/post",
      "validate_token": "/get",
      "user_profile": "/get",
      "logout": "/post"
    },
    "auth_flow_results": {
      "jwt_authentication": {
        "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
        "tokens_issued": 2,
        "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
      },
      "oauth2_authentication": {
        "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
        "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
        "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
      },
      "security_validation": {
        "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
        "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
        "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
      },
      "session_management": {
        "logout_success": "{{js: Boolean(variables.complete_logout)}}",
        "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
      }
    },
    "test_completion_summary": {
      "total_auth_flows": 2,
      "security_tests_passed": "{{js: 0}}",
      "all_flows_tested": true,
      "security_compliant": false
    }
  },
  "suite_yaml_content": "# Teste de Fluxo de Autenticação JWT e OAuth2\n# Baseado no exemplo \"Authentication Flow Testing\" do YAML_EXAMPLES.md\nsuite_name: \"Teste de Fluxos de Autenticação\"\nnode_id: \"auth_flows_test\"\ndescription: \"Testa diferentes fluxos de autenticação: JWT, OAuth2, refresh tokens, e validação de permissões\"\n\nmetadata:\n  priority: \"critical\"\n  tags: [\"auth\", \"security\", \"jwt\", \"oauth2\", \"critical-path\"]\n\nbase_url: \"{{httpbin_url}}\"\n\nexports:\n  - jwt_token\n  - oauth2_access_token\n  - user_permissions\n  - auth_flow_results\nexports_optional:\n  - refresh_token\n\nvariables:\n\n  # Credenciais de teste\n  test_credentials:\n    username: \"test_user@flowtest.com\"\n    password: \"test_password_123\"\n    client_id: \"flow_test_client_12345\"\n    client_secret: \"secret_key_abc123xyz789\"\n\n  # URLs simuladas de autenticação\n  auth_endpoints:\n    login: \"/post\"\n    token_refresh: \"/post\"\n    oauth2_authorize: \"/get\"\n    oauth2_token: \"/post\"\n    validate_token: \"/get\"\n    user_profile: \"/get\"\n    logout: \"/post\"\n\n  # Tokens simulados para testes\n  mock_responses:\n    jwt_login_success:\n      access_token: \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ0ZXN0X3VzZXIiLCJpYXQiOjE2MzAwMDAwMDAsImV4cCI6MTYzMDAwMzYwMCwicm9sZXMiOlsidXNlciJdLCJwZXJtaXNzaW9ucyI6WyJyZWFkIiwid3JpdGUiXX0\"\n      refresh_token: \"rt_abc123def456ghi789\"\n      token_type: \"Bearer\"\n      expires_in: 3600\n      user_id: \"usr_12345\"\n\n    oauth2_success:\n      access_token: \"oauth2_token_xyz789abc123\"\n      refresh_token: \"oauth2_refresh_def456ghi789\"\n      token_type: \"Bearer\"\n      expires_in: 7200\n      scope: \"read write admin\"\n\n    user_profile:\n      id: \"usr_12345\"\n      username: \"test_user@flowtest.com\"\n      name: \"Test User\"\n      roles: [\"user\", \"premium\"]\n      permissions: [\"read\", \"write\", \"export\"]\n      last_login: \"2025-01-09T12:00:00Z\"\n\nsteps:\n  # Passo 1: Login JWT Tradicional\n  - name: \"JWT Login Authentication\"\n    request:\n      method: POST\n      url: \"/post\"  # Endpoint de login simplificado\n      headers:\n        Content-Type: \"application/json\"\n        X-Auth-Type: \"jwt\"\n      body:\n        grant_type: \"password\"\n        username: \"{{test_credentials.username}}\"\n        password: \"{{test_credentials.password}}\"\n        client_id: \"{{test_credentials.client_id}}\"\n\n    assert:\n      status_code: 200\n      json.username:\n        equals: \"{{test_credentials.username}}\"\n\n    capture:\n      jwt_token: '\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload\"'  # Token simulado válido literal\n      jwt_refresh_token: '\"mock_refresh_token_456\"'  # Refresh token simulado literal\n      jwt_expires_in: 3600  # 1 hora em segundos\n      jwt_user_id: '\"12345\"'  # ID do usuário\n      jwt_login_success: true\n\n  # Passo 2: Validação do Token JWT\n  - name: \"Validate JWT Token\"\n    request:\n      method: GET\n      url: \"/get\"  # Endpoint de validação simplificado\n      headers:\n        Authorization: \"Bearer {{jwt_token}}\"\n        X-Token-Type: \"jwt\"\n        X-Validation-Mode: \"full\"\n\n    assert:\n      status_code: 200\n      body:\n        headers:\n          Authorization:\n            contains: \"Bearer\"\n\n    capture:\n      jwt_valid: true\n      jwt_payload_decoded: \"body.json\"  # Captura o payload do JSON\n      token_validation_time: \"{{js: new Date().toISOString()}}\"  # Timestamp atual\n\n  # Passo 3: Obter Perfil do Usuário com JWT\n  - name: \"Get User Profile with JWT\"\n    request:\n      method: GET\n      url: \"/get\"  # Endpoint de perfil simplificado\n      headers:\n        Authorization: \"Bearer {{jwt_token}}\"\n        Accept: \"application/json\"\n        X-Include-Permissions: \"true\"\n\n    assert:\n      status_code: 200\n\n    capture:\n      user_profile: \"body.json\"  # Captura o perfil do usuário\n      user_permissions: \"body.json.permissions || ['read', 'write']\"  # Permissões do usuário\n      user_roles: \"body.json.roles || ['user']\"  # Roles do usuário\n      profile_fetch_success: true\n\n  # Passo 4: Teste de Token Expirado (simulado)\n  - name: \"Test Expired JWT Token\"\n    request:\n      method: GET\n      url: \"/get\"\n      headers:\n        Authorization: \"Bearer expired_jwt_token_12345\"\n        X-Token-Status: \"expired\"\n        X-Expected-Error: \"token_expired\"\n\n    scenarios:\n      # Cenário A: Token expirado retorna 401\n      - condition: \"status_code == `401`\"\n        then:\n          capture:\n            jwt_expired_handled: \"true\"\n            auth_error_detected: \"true\"\n\n      # Cenário B: Token ainda válido (inesperado)\n      - condition: \"status_code == `200`\"\n        then:\n          capture:\n            jwt_unexpectedly_valid: \"true\"\n            token_validation_issue: \"true\"\n\n  # Passo 5: Refresh do Token JWT\n  - name: \"Refresh JWT Token\"\n    request:\n      method: POST\n      url: \"/post\"  # Endpoint de refresh simplificado\n      headers:\n        Content-Type: \"application/json\"\n        X-Auth-Type: \"jwt_refresh\"\n      body:\n        grant_type: \"refresh_token\"\n        refresh_token: \"{{jwt_refresh_token}}\"\n        client_id: \"{{test_credentials.client_id}}\"\n\n    assert:\n      status_code: 200\n      json.refresh_token:\n        equals: \"{{jwt_refresh_token}}\"\n\n    capture:\n      jwt_new_token: \"mock_jwt_token_123_refreshed\"  # Token renovado\n      jwt_refresh_success: true\n      new_token_expires_in: 3600  # 1 hora para token renovado\n\n  # Passo 6: Início do Fluxo OAuth2\n  - name: \"OAuth2 Authorization Request\"\n    request:\n      method: GET\n      url: \"/get\"  # Endpoint de autorização OAuth2 simplificado\n      params:\n        response_type: \"code\"\n        client_id: \"{{test_credentials.client_id}}\"\n        redirect_uri: \"{{httpbin_url}}/callback\"\n        scope: \"read write admin\"\n        state: \"random_state_abc123\"\n\n    assert:\n      status_code: 200\n      args.response_type:\n        equals: \"code\"\n      args.client_id:\n        equals: \"{{test_credentials.client_id}}\"\n\n    capture:\n      oauth2_auth_code: \"auth_code_xyz789abc123\"\n      oauth2_state: \"random_state_string\"  # State para OAuth2\n      oauth2_redirect_uri: \"{{httpbin_url}}/callback\" # URI de callback\n      oauth2_auth_started: \"true\"\n\n  # Passo 7: Trocar Authorization Code por Access Token\n  - name: \"OAuth2 Token Exchange\"\n    request:\n      method: POST\n      url: \"/post\"  # Endpoint de token OAuth2 simplificado\n      headers:\n        Content-Type: \"application/x-www-form-urlencoded\"\n        X-OAuth2-Flow: \"authorization_code\"\n      body:\n        grant_type: \"authorization_code\"\n        code: \"{{oauth2_auth_code}}\"\n        client_id: \"{{test_credentials.client_id}}\"\n        client_secret: \"{{test_credentials.client_secret}}\"\n        redirect_uri: \"{{httpbin_url}}/callback\" # URI de callback direta\n\n    assert:\n      status_code: 200\n      json.grant_type:\n        equals: \"authorization_code\"\n      json.code:\n        equals: \"{{oauth2_auth_code}}\"\n\n    capture:\n      oauth2_access_token: '\"oauth2_access_token_xyz\"'  # Token OAuth2 simulado literal\n      oauth2_refresh_token: '\"oauth2_refresh_token_abc\"'  # Refresh token OAuth2 literal\n      oauth2_expires_in: 7200  # 2 horas em segundos\n      oauth2_scope: \"{{mock_responses.oauth2_success.scope}}\"\n      oauth2_token_exchange_success: true\n\n  # Passo 8: Usar OAuth2 Token para Acessar Recursos\n  - name: \"Access Resource with OAuth2 Token\"\n    request:\n      method: GET\n      url: \"/get\"\n      headers:\n        Authorization: \"Bearer {{oauth2_access_token}}\"\n        X-OAuth2-Scope: \"{{oauth2_scope}}\"\n        X-Resource-Type: \"protected\"\n\n    assert:\n      status_code: 200\n      body:\n        headers:\n          Authorization:\n            contains: \"Bearer\"\n\n    capture:\n      oauth2_resource_access: \"true\"\n      oauth2_scope_validated: \"true\"\n      protected_resource_data: \"json.data || 'protected_data_accessed'\"\n\n  # Passo 9: Teste de Permissões Granulares\n  - name: \"Test Granular Permissions\"\n    request:\n      method: POST\n      url: \"/post\"\n      headers:\n        Authorization: \"Bearer {{oauth2_access_token}}\"\n        Content-Type: \"application/json\"\n        X-Permission-Check: \"admin\"\n      body:\n        action: \"admin_operation\"\n        resource: \"user_management\"\n        permission_required: \"admin\"\n        user_permissions: \"{{user_permissions}}\"\n\n    scenarios:\n      # Cenário A: Usuário tem permissão admin\n      - condition: \"json.permission_required == `admin` && headers.\\\"x-permission-check\\\" == `admin`\"\n        then:\n          assert:\n            status_code: 200\n            json.action:\n              equals: \"admin_operation\"\n          capture:\n            admin_permission_granted: \"true\"\n            admin_operation_success: \"true\"\n\n      # Cenário B: Usuário não tem permissão admin\n      - condition: \"status_code == `403`\"\n        then:\n          capture:\n            admin_permission_denied: \"true\"\n            insufficient_privileges: \"true\"\n\n  # Passo 10: Revogação de Token\n  - name: \"Token Revocation\"\n    request:\n      method: POST\n      url: \"/post\"\n      headers:\n        Content-Type: \"application/json\"\n        X-Auth-Action: \"revoke\"\n      body:\n        token: \"{{oauth2_access_token}}\"\n        token_type: \"access_token\"\n        action: \"revoke\"\n\n    assert:\n      status_code: 200\n      json.action:\n        equals: \"revoke\"\n\n    capture:\n      oauth2_token_revoked: \"true\"\n      revocation_timestamp: \"{{js: new Date().toISOString()}}\"  # Timestamp de revogação\n\n  # Passo 11: Verificar Token Revogado\n  - name: \"Verify Revoked Token\"\n    request:\n      method: GET\n      url: \"/get\"\n      headers:\n        Authorization: \"Bearer {{oauth2_access_token}}\"\n        X-Token-Expected-Status: \"revoked\"\n\n    scenarios:\n      # Cenário A: Token revogado retorna 401\n      - condition: \"status_code == `401`\"\n        then:\n          capture:\n            revoked_token_rejected: \"true\"\n            token_revocation_effective: \"true\"\n\n      # Cenário B: Token ainda aceito (erro na revogação)\n      - condition: \"status_code == `200`\"\n        then:\n          capture:\n            revocation_failed: \"true\"\n            security_issue: \"true\"\n\n  # Passo 12: Logout Completo\n  - name: \"Complete Logout\"\n    request:\n      method: POST\n      url: \"{{auth_endpoints.logout}}\"\n      headers:\n        Authorization: \"Bearer {{jwt_new_token}}\"\n        Content-Type: \"application/json\"\n      body:\n        logout_type: \"complete\"\n        revoke_all_tokens: true\n        clear_session: true\n\n    assert:\n      status_code: 200\n      json.logout_type:\n        equals: \"complete\"\n\n    capture:\n      complete_logout: \"true\"\n      all_tokens_revoked: \"true\"\n      session_cleared: \"true\"\n\n  # Passo 13: Resumo dos Resultados de Autenticação\n  - name: \"Authentication Flow Summary\"\n    request:\n      method: POST\n      url: \"/post\"\n      headers:\n        Content-Type: \"application/json\"\n        X-Test-Summary: \"auth_flows\"\n      body:\n        flow_summary: \"complete_auth_testing\"\n        results:\n          jwt_flow:\n            login: \"{{js: Boolean(variables.jwt_login_success)}}\"\n            validation: \"{{js: Boolean(variables.jwt_valid)}}\"\n            refresh: \"{{js: Boolean(variables.jwt_refresh_success)}}\"\n            profile_access: \"{{js: Boolean(variables.profile_fetch_success)}}\"\n          oauth2_flow:\n            authorization: \"{{js: Boolean(variables.oauth2_auth_started)}}\"\n            token_exchange: \"{{js: Boolean(variables.oauth2_token_exchange_success)}}\"\n            resource_access: \"{{js: Boolean(variables.oauth2_resource_access)}}\"\n            revocation: \"{{js: Boolean(variables.oauth2_token_revoked)}}\"\n          security_tests:\n            expired_token_handled: \"{{js: Boolean(variables.jwt_expired_handled)}}\"\n            revoked_token_rejected: \"{{js: Boolean(variables.revoked_token_rejected)}}\"\n            permission_validation: \"{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}\"\n          final_cleanup:\n            logout_complete: \"{{js: Boolean(variables.complete_logout)}}\"\n\n    capture:\n      auth_flow_results:\n        jwt_authentication:\n          status: \"{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}\"\n          tokens_issued: 2\n          profile_access: \"{{js: Boolean(variables.profile_fetch_success)}}\"\n        oauth2_authentication:\n          status: \"{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}\"\n          authorization_code_flow: \"{{js: Boolean(variables.oauth2_auth_started)}}\"\n          token_management: \"{{js: Boolean(variables.oauth2_token_revoked)}}\"\n        security_validation:\n          expired_tokens: \"{{js: Boolean(variables.jwt_expired_handled)}}\"\n          revoked_tokens: \"{{js: Boolean(variables.revoked_token_rejected)}}\"\n          permissions: \"{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}\"\n        session_management:\n          logout_success: \"{{js: Boolean(variables.complete_logout)}}\"\n          cleanup_complete: \"{{js: Boolean(variables.all_tokens_revoked)}}\"\n\n      test_completion_summary:\n        total_auth_flows: 2\n        security_tests_passed: \"{{js: 0}}\"\n        all_flows_tested: true\n        security_compliant: false\n"
}
Flow Test Engine
Report generated on 10/19/2025, 10:28:45 AM
© 2025 Flow Test Engine. Dynamic Reporting System.