✅
Teste de Fluxos de Autenticação
/app/tests/auth-flows-test.yaml
critical
13 Steps
Duration: 40ms
Success Rate: 100%
✅
Successful Steps
13
100% success rate
❌
Failed Steps
0
0% of total
⏭️
Skipped Steps
0
0% of total
🔗
HTTP Requests
13
100% requests
🔄
Iterações
0
0 steps com iterações
📊 Execution Timeline
| # | Status | Step Name | Type | Duration | Started At | Details |
|---|---|---|---|---|---|---|
| 1 | ✅ | JWT Login Authentication POST /post | request | 3ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 2 | ✅ | Validate JWT Token GET /get | request | 3ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 3 | ✅ | Get User Profile with JWT GET /get | request | 4ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 4 | ✅ | Test Expired JWT Token GET /get | request | 3ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 5 | ✅ | Refresh JWT Token POST /post | request | 2ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 6 | ✅ | OAuth2 Authorization Request GET /get | request | 3ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 7 | ✅ | OAuth2 Token Exchange POST /post | request | 2ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 8 | ✅ | Access Resource with OAuth2 Token GET /get | request | 2ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 9 | ✅ | Test Granular Permissions POST /post | request | 2ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 10 | ✅ | Token Revocation POST /post | request | 2ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 11 | ✅ | Verify Revoked Token GET /get | request | 2ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 12 | ✅ | Complete Logout POST /post | request | 2ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 13 | ✅ | Authentication Flow Summary POST /post | request | 6ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
🌐 HTTP Requests Debug Info
✅
JWT Login Authentication
Step #1
3ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'X-Auth-Type: jwt' -d '{"grant_type":"password","username":"test_user@flowtest.com","password":"test_password_123","client_id":"flow_test_client_12345"}' "http://httpbin/post"📤 Request
Method: POST
URL:
http://httpbin/post Base URL:
http://httpbin Request Headers
Content-Type: application/json
X-Auth-Type: jwtRequest Body
{
"grant_type": "password",
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345"
}📥 Response
Status Code: 200
Duration: 3ms
Size: 627 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 756
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"data": "{\"grant_type\":\"password\",\"username\":\"test_user@flowtest.com\",\"password\":\"test_password_123\",\"client_id\":\"flow_test_client_12345\"}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Content-Length": "129",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Auth-Type": "jwt"
},
"json": {
"client_id": "flow_test_client_12345",
"grant_type": "password",
"password": "test_password_123",
"username": "test_user@flowtest.com"
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
} 📊
Total
1
assertions
✅
Passed
1
assertion
📈
Success Rate
100%
success
✓
status_code
PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
Captured Variables
{
"jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"jwt_refresh_token": "mock_refresh_token_456",
"jwt_expires_in": 3600,
"jwt_user_id": "12345",
"jwt_login_success": true
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
} ✅
Validate JWT Token
Step #2
3ms
cURL Command
curl -X GET -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload' -H 'X-Token-Type: jwt' -H 'X-Validation-Mode: full' "http://httpbin/get"📤 Request
Method: GET
URL:
http://httpbin/get Base URL:
http://httpbin Request Headers
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload
X-Token-Type: jwt
X-Validation-Mode: full📥 Response
Status Code: 200
Duration: 3ms
Size: 359 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 438
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"Connection": "keep-alive",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Token-Type": "jwt",
"X-Validation-Mode": "full"
},
"origin": "172.18.0.3",
"url": "http://httpbin/get"
} 📊
Total
2
assertions
✅
Passed
2
assertions
📈
Success Rate
100%
success
✓
status_code
PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
✓
body.headers.Authorization.contains
PASSED
Condição
body.headers.Authorization.contains equals Bearer
Comparação de Valores
Esperado expected
Bearer
Recebido actual
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload
Captured Variables
{
"jwt_valid": true,
"jwt_payload_decoded": null,
"token_validation_time": "2025-10-19T10:28:37.512Z"
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
} ✅
Get User Profile with JWT
Step #3
4ms
cURL Command
curl -X GET -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload' -H 'Accept: application/json' -H 'X-Include-Permissions: true' "http://httpbin/get"📤 Request
Method: GET
URL:
http://httpbin/get Base URL:
http://httpbin Request Headers
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload
Accept: application/json
X-Include-Permissions: true📥 Response
Status Code: 200
Duration: 4ms
Size: 325 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 397
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"headers": {
"Accept": "application/json",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"Connection": "keep-alive",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Include-Permissions": "true"
},
"origin": "172.18.0.3",
"url": "http://httpbin/get"
} 📊
Total
1
assertions
✅
Passed
1
assertion
📈
Success Rate
100%
success
✓
status_code
PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
Captured Variables
{
"user_profile": null,
"user_permissions": [
"read",
"write"
],
"user_roles": [
"user"
],
"profile_fetch_success": true
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
} ✅
Test Expired JWT Token
Step #4
3ms
cURL Command
curl -X GET -H 'Authorization: Bearer expired_jwt_token_12345' -H 'X-Token-Status: expired' -H 'X-Expected-Error: token_expired' "http://httpbin/get"📤 Request
Method: GET
URL:
http://httpbin/get Base URL:
http://httpbin Request Headers
Authorization: Bearer expired_jwt_token_12345
X-Token-Status: expired
X-Expected-Error: token_expired📥 Response
Status Code: 200
Duration: 3ms
Size: 347 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 426
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer expired_jwt_token_12345",
"Connection": "keep-alive",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Expected-Error": "token_expired",
"X-Token-Status": "expired"
},
"origin": "172.18.0.3",
"url": "http://httpbin/get"
}Captured Variables
{
"jwt_unexpectedly_valid": null,
"token_validation_issue": null
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
}🎭 Scenarios
Executed: 1 scenarios
Scenario 1: none ○
Scenario 2: then ✓
✅
Refresh JWT Token
Step #5
2ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'X-Auth-Type: jwt_refresh' -d '{"grant_type":"refresh_token","refresh_token":"mock_refresh_token_456","client_id":"flow_test_client_12345"}' "http://httpbin/post"📤 Request
Method: POST
URL:
http://httpbin/post Base URL:
http://httpbin Request Headers
Content-Type: application/json
X-Auth-Type: jwt_refreshRequest Body
{
"grant_type": "refresh_token",
"refresh_token": "mock_refresh_token_456",
"client_id": "flow_test_client_12345"
}📥 Response
Status Code: 200
Duration: 2ms
Size: 589 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 711
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"data": "{\"grant_type\":\"refresh_token\",\"refresh_token\":\"mock_refresh_token_456\",\"client_id\":\"flow_test_client_12345\"}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Content-Length": "108",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Auth-Type": "jwt_refresh"
},
"json": {
"client_id": "flow_test_client_12345",
"grant_type": "refresh_token",
"refresh_token": "mock_refresh_token_456"
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
} 📊
Total
1
assertions
✅
Passed
1
assertion
📈
Success Rate
100%
success
✓
status_code
PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
Captured Variables
{
"jwt_new_token": null,
"jwt_refresh_success": true,
"new_token_expires_in": 3600
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
} ✅
OAuth2 Authorization Request
Step #6
3ms
cURL Command
curl -X GET "http://httpbin/get"📤 Request
Method: GET
URL:
http://httpbin/get Base URL:
http://httpbin 📥 Response
Status Code: 200
Duration: 3ms
Size: 537 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 632
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {
"client_id": "flow_test_client_12345",
"redirect_uri": "http://httpbin/callback",
"response_type": "code",
"scope": "read write admin",
"state": "random_state_abc123"
},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Host": "httpbin",
"User-Agent": "axios/1.12.1"
},
"origin": "172.18.0.3",
"url": "http://httpbin/get?response_type=code&client_id=flow_test_client_12345&redirect_uri=http:%2F%2Fhttpbin%2Fcallback&scope=read+write+admin&state=random_state_abc123"
} 📊
Total
1
assertions
✅
Passed
1
assertion
📈
Success Rate
100%
success
✓
status_code
PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
Captured Variables
{
"oauth2_auth_code": null,
"oauth2_state": null,
"oauth2_redirect_uri": "{{httpbin_url}}/callback",
"oauth2_auth_started": null
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
} ✅
OAuth2 Token Exchange
Step #7
2ms
cURL Command
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -H 'X-OAuth2-Flow: authorization_code' -d '{"grant_type":"authorization_code","code":null,"client_id":"flow_test_client_12345","client_secret":"secret_key_abc123xyz789","redirect_uri":"http://httpbin/callback"}' "http://httpbin/post"📤 Request
Method: POST
URL:
http://httpbin/post Base URL:
http://httpbin Request Headers
Content-Type: application/x-www-form-urlencoded
X-OAuth2-Flow: authorization_codeRequest Body
{
"grant_type": "authorization_code",
"code": null,
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789",
"redirect_uri": "http://httpbin/callback"
}📥 Response
Status Code: 200
Duration: 2ms
Size: 544 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 673
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"data": "",
"files": {},
"form": {
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789",
"grant_type": "authorization_code",
"redirect_uri": "http://httpbin/callback"
},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Content-Length": "145",
"Content-Type": "application/x-www-form-urlencoded",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Oauth2-Flow": "authorization_code"
},
"json": null,
"origin": "172.18.0.3",
"url": "http://httpbin/post"
} 📊
Total
1
assertions
✅
Passed
1
assertion
📈
Success Rate
100%
success
✓
status_code
PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
Captured Variables
{
"oauth2_access_token": "oauth2_access_token_xyz",
"oauth2_refresh_token": "oauth2_refresh_token_abc",
"oauth2_expires_in": 7200,
"oauth2_scope": "{{mock_responses.oauth2_success.scope}}",
"oauth2_token_exchange_success": true
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
} ✅
Access Resource with OAuth2 Token
Step #8
2ms
cURL Command
curl -X GET -H 'Authorization: Bearer oauth2_access_token_xyz' -H 'X-OAuth2-Scope: {{mock_responses.oauth2_success.scope}}' -H 'X-Resource-Type: protected' "http://httpbin/get"📤 Request
Method: GET
URL:
http://httpbin/get Base URL:
http://httpbin Request Headers
Authorization: Bearer oauth2_access_token_xyz
X-OAuth2-Scope: {{mock_responses.oauth2_success.scope}}
X-Resource-Type: protected📥 Response
Status Code: 200
Duration: 2ms
Size: 374 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 453
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer oauth2_access_token_xyz",
"Connection": "keep-alive",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Oauth2-Scope": "{{mock_responses.oauth2_success.scope}}",
"X-Resource-Type": "protected"
},
"origin": "172.18.0.3",
"url": "http://httpbin/get"
} 📊
Total
2
assertions
✅
Passed
2
assertions
📈
Success Rate
100%
success
✓
status_code
PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
✓
body.headers.Authorization.contains
PASSED
Condição
body.headers.Authorization.contains equals Bearer
Comparação de Valores
Esperado expected
Bearer
Recebido actual
Bearer oauth2_access_token_xyz
Captured Variables
{
"oauth2_resource_access": null,
"oauth2_scope_validated": null,
"protected_resource_data": "protected_data_accessed"
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
} ✅
Test Granular Permissions
Step #9
2ms
cURL Command
curl -X POST -H 'Authorization: Bearer oauth2_access_token_xyz' -H 'Content-Type: application/json' -H 'X-Permission-Check: admin' -d '{"action":"admin_operation","resource":"user_management","permission_required":"admin","user_permissions":["read","write"]}' "http://httpbin/post"📤 Request
Method: POST
URL:
http://httpbin/post Base URL:
http://httpbin Request Headers
Authorization: Bearer oauth2_access_token_xyz
Content-Type: application/json
X-Permission-Check: adminRequest Body
{
"action": "admin_operation",
"resource": "user_management",
"permission_required": "admin",
"user_permissions": [
"read",
"write"
]
}📥 Response
Status Code: 200
Duration: 2ms
Size: 675 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 831
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"data": "{\"action\":\"admin_operation\",\"resource\":\"user_management\",\"permission_required\":\"admin\",\"user_permissions\":[\"read\",\"write\"]}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer oauth2_access_token_xyz",
"Connection": "keep-alive",
"Content-Length": "123",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Permission-Check": "admin"
},
"json": {
"action": "admin_operation",
"permission_required": "admin",
"resource": "user_management",
"user_permissions": [
"read",
"write"
]
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
}🎭 Scenarios
Executed: 0 scenarios
Scenario 1: none ○
Scenario 2: none ○
✅
Token Revocation
Step #10
2ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'X-Auth-Action: revoke' -d '{"token":"oauth2_access_token_xyz","token_type":"access_token","action":"revoke"}' "http://httpbin/post"📤 Request
Method: POST
URL:
http://httpbin/post Base URL:
http://httpbin Request Headers
Content-Type: application/json
X-Auth-Action: revokeRequest Body
{
"token": "oauth2_access_token_xyz",
"token_type": "access_token",
"action": "revoke"
}📥 Response
Status Code: 200
Duration: 2ms
Size: 531 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 653
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"data": "{\"token\":\"oauth2_access_token_xyz\",\"token_type\":\"access_token\",\"action\":\"revoke\"}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Content-Length": "81",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Auth-Action": "revoke"
},
"json": {
"action": "revoke",
"token": "oauth2_access_token_xyz",
"token_type": "access_token"
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
} 📊
Total
1
assertions
✅
Passed
1
assertion
📈
Success Rate
100%
success
✓
status_code
PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
Captured Variables
{
"oauth2_token_revoked": null,
"revocation_timestamp": "2025-10-19T10:28:37.534Z"
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
} ✅
Verify Revoked Token
Step #11
2ms
cURL Command
curl -X GET -H 'Authorization: Bearer oauth2_access_token_xyz' -H 'X-Token-Expected-Status: revoked' "http://httpbin/get"📤 Request
Method: GET
URL:
http://httpbin/get Base URL:
http://httpbin Request Headers
Authorization: Bearer oauth2_access_token_xyz
X-Token-Expected-Status: revoked📥 Response
Status Code: 200
Duration: 2ms
Size: 321 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 393
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer oauth2_access_token_xyz",
"Connection": "keep-alive",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Token-Expected-Status": "revoked"
},
"origin": "172.18.0.3",
"url": "http://httpbin/get"
}Captured Variables
{
"revocation_failed": null,
"security_issue": null
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
}🎭 Scenarios
Executed: 1 scenarios
Scenario 1: none ○
Scenario 2: then ✓
✅
Complete Logout
Step #12
2ms
cURL Command
curl -X POST -H 'Authorization: Bearer ' -H 'Content-Type: application/json' -d '{"logout_type":"complete","revoke_all_tokens":true,"clear_session":true}' "http://httpbin/post"📤 Request
Method: POST
URL:
http://httpbin/post Base URL:
http://httpbin Request Headers
Authorization: Bearer
Content-Type: application/jsonRequest Body
{
"logout_type": "complete",
"revoke_all_tokens": true,
"clear_session": true
}📥 Response
Status Code: 200
Duration: 2ms
Size: 509 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 631
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"data": "{\"logout_type\":\"complete\",\"revoke_all_tokens\":true,\"clear_session\":true}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer",
"Connection": "keep-alive",
"Content-Length": "72",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1"
},
"json": {
"clear_session": true,
"logout_type": "complete",
"revoke_all_tokens": true
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
} 📊
Total
1
assertions
✅
Passed
1
assertion
📈
Success Rate
100%
success
✓
status_code
PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
Captured Variables
{
"complete_logout": null,
"all_tokens_revoked": null,
"session_cleared": null
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
} ✅
Authentication Flow Summary
Step #13
6ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'X-Test-Summary: auth_flows' -d '{"flow_summary":"complete_auth_testing","results":{"jwt_flow":{"login":true,"validation":true,"refresh":true,"profile_access":true},"oauth2_flow":{"authorization":false,"token_exchange":true,"resource_access":false,"revocation":false},"security_tests":{"expired_token_handled":false,"revoked_token_rejected":false,"permission_validation":false},"final_cleanup":{"logout_complete":false}}}' "http://httpbin/post"📤 Request
Method: POST
URL:
http://httpbin/post Base URL:
http://httpbin Request Headers
Content-Type: application/json
X-Test-Summary: auth_flowsRequest Body
{
"flow_summary": "complete_auth_testing",
"results": {
"jwt_flow": {
"login": true,
"validation": true,
"refresh": true,
"profile_access": true
},
"oauth2_flow": {
"authorization": false,
"token_exchange": true,
"resource_access": false,
"revocation": false
},
"security_tests": {
"expired_token_handled": false,
"revoked_token_rejected": false,
"permission_validation": false
},
"final_cleanup": {
"logout_complete": false
}
}
}📥 Response
Status Code: 200
Duration: 6ms
Size: 1177 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 1488
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"data": "{\"flow_summary\":\"complete_auth_testing\",\"results\":{\"jwt_flow\":{\"login\":true,\"validation\":true,\"refresh\":true,\"profile_access\":true},\"oauth2_flow\":{\"authorization\":false,\"token_exchange\":true,\"resource_access\":false,\"revocation\":false},\"security_tests\":{\"expired_token_handled\":false,\"revoked_token_rejected\":false,\"permission_validation\":false},\"final_cleanup\":{\"logout_complete\":false}}}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Content-Length": "388",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Test-Summary": "auth_flows"
},
"json": {
"flow_summary": "complete_auth_testing",
"results": {
"final_cleanup": {
"logout_complete": false
},
"jwt_flow": {
"login": true,
"profile_access": true,
"refresh": true,
"validation": true
},
"oauth2_flow": {
"authorization": false,
"resource_access": false,
"revocation": false,
"token_exchange": true
},
"security_tests": {
"expired_token_handled": false,
"permission_validation": false,
"revoked_token_rejected": false
}
}
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
}Captured Variables
{
"auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"test_completion_summary": {
"total_auth_flows": 2,
"security_tests_passed": "{{js: 0}}",
"all_flows_tested": true,
"security_compliant": false
}
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
},
"auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"test_completion_summary": {
"total_auth_flows": 2,
"security_tests_passed": "{{js: 0}}",
"all_flows_tested": true,
"security_compliant": false
}
}📄 Raw Suite Data
Complete Suite Data
{
"node_id": "auth_flows_test",
"suite_name": "Teste de Fluxos de Autenticação",
"file_path": "/app/tests/auth-flows-test.yaml",
"priority": "critical",
"start_time": "2025-10-19T10:28:37.505Z",
"end_time": "2025-10-19T10:28:37.545Z",
"duration_ms": 40,
"status": "success",
"steps_executed": 13,
"steps_successful": 13,
"steps_failed": 0,
"success_rate": 100,
"steps_results": [
{
"step_id": "step-1-jwt-login-authentication",
"qualified_step_id": "auth_flows_test::step-1-jwt-login-authentication",
"step_name": "JWT Login Authentication",
"status": "success",
"duration_ms": 3,
"request_details": {
"method": "POST",
"url": "/post",
"headers": {
"Content-Type": "application/json",
"X-Auth-Type": "jwt"
},
"body": {
"grant_type": "password",
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345"
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/post",
"curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'X-Auth-Type: jwt' -d '{\"grant_type\":\"password\",\"username\":\"test_user@flowtest.com\",\"password\":\"test_password_123\",\"client_id\":\"flow_test_client_12345\"}' \"http://httpbin/post\"",
"raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nX-Auth-Type: jwt\r\nContent-Length: 129\r\n\r\n{\"grant_type\":\"password\",\"username\":\"test_user@flowtest.com\",\"password\":\"test_password_123\",\"client_id\":\"flow_test_client_12345\"}",
"raw_url": "{{base_url}}/post"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "756",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"data": "{\"grant_type\":\"password\",\"username\":\"test_user@flowtest.com\",\"password\":\"test_password_123\",\"client_id\":\"flow_test_client_12345\"}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Content-Length": "129",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Auth-Type": "jwt"
},
"json": {
"client_id": "flow_test_client_12345",
"grant_type": "password",
"password": "test_password_123",
"username": "test_user@flowtest.com"
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
},
"size_bytes": 627,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 756\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"data\": \"{\\\"grant_type\\\":\\\"password\\\",\\\"username\\\":\\\"test_user@flowtest.com\\\",\\\"password\\\":\\\"test_password_123\\\",\\\"client_id\\\":\\\"flow_test_client_12345\\\"}\",\n \"files\": {},\n \"form\": {},\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Connection\": \"keep-alive\",\n \"Content-Length\": \"129\",\n \"Content-Type\": \"application/json\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Auth-Type\": \"jwt\"\n },\n \"json\": {\n \"client_id\": \"flow_test_client_12345\",\n \"grant_type\": \"password\",\n \"password\": \"test_password_123\",\n \"username\": \"test_user@flowtest.com\"\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/post\"\n}"
},
"assertions_results": [
{
"field": "status_code",
"expected": 200,
"actual": 200,
"passed": true,
"message": "OK"
}
],
"captured_variables": {
"jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"jwt_refresh_token": "mock_refresh_token_456",
"jwt_expires_in": 3600,
"jwt_user_id": "12345",
"jwt_login_success": true
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
}
},
{
"step_id": "step-2-validate-jwt-token",
"qualified_step_id": "auth_flows_test::step-2-validate-jwt-token",
"step_name": "Validate JWT Token",
"status": "success",
"duration_ms": 3,
"request_details": {
"method": "GET",
"url": "/get",
"headers": {
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"X-Token-Type": "jwt",
"X-Validation-Mode": "full"
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/get",
"curl_command": "curl -X GET -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload' -H 'X-Token-Type: jwt' -H 'X-Validation-Mode: full' \"http://httpbin/get\"",
"raw_request": "GET /get HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload\r\nX-Token-Type: jwt\r\nX-Validation-Mode: full\r\n\r\n",
"raw_url": "{{base_url}}/get"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "438",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"Connection": "keep-alive",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Token-Type": "jwt",
"X-Validation-Mode": "full"
},
"origin": "172.18.0.3",
"url": "http://httpbin/get"
},
"size_bytes": 359,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 438\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Authorization\": \"Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload\",\n \"Connection\": \"keep-alive\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Token-Type\": \"jwt\",\n \"X-Validation-Mode\": \"full\"\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/get\"\n}"
},
"assertions_results": [
{
"field": "status_code",
"expected": 200,
"actual": 200,
"passed": true,
"message": "OK"
},
{
"field": "body.headers.Authorization.contains",
"expected": "Bearer",
"actual": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"passed": true,
"message": "OK"
}
],
"captured_variables": {
"jwt_valid": true,
"jwt_payload_decoded": null,
"token_validation_time": "2025-10-19T10:28:37.512Z"
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
}
},
{
"step_id": "step-3-get-user-profile-with-jwt",
"qualified_step_id": "auth_flows_test::step-3-get-user-profile-with-jwt",
"step_name": "Get User Profile with JWT",
"status": "success",
"duration_ms": 4,
"request_details": {
"method": "GET",
"url": "/get",
"headers": {
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"Accept": "application/json",
"X-Include-Permissions": "true"
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/get",
"curl_command": "curl -X GET -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload' -H 'Accept: application/json' -H 'X-Include-Permissions: true' \"http://httpbin/get\"",
"raw_request": "GET /get HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload\r\nAccept: application/json\r\nX-Include-Permissions: true\r\n\r\n",
"raw_url": "{{base_url}}/get"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "397",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"headers": {
"Accept": "application/json",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"Connection": "keep-alive",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Include-Permissions": "true"
},
"origin": "172.18.0.3",
"url": "http://httpbin/get"
},
"size_bytes": 325,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 397\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"headers\": {\n \"Accept\": \"application/json\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Authorization\": \"Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload\",\n \"Connection\": \"keep-alive\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Include-Permissions\": \"true\"\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/get\"\n}"
},
"assertions_results": [
{
"field": "status_code",
"expected": 200,
"actual": 200,
"passed": true,
"message": "OK"
}
],
"captured_variables": {
"user_profile": null,
"user_permissions": [
"read",
"write"
],
"user_roles": [
"user"
],
"profile_fetch_success": true
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
}
},
{
"step_id": "step-4-test-expired-jwt-token",
"qualified_step_id": "auth_flows_test::step-4-test-expired-jwt-token",
"step_name": "Test Expired JWT Token",
"status": "success",
"duration_ms": 3,
"request_details": {
"method": "GET",
"url": "/get",
"headers": {
"Authorization": "Bearer expired_jwt_token_12345",
"X-Token-Status": "expired",
"X-Expected-Error": "token_expired"
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/get",
"curl_command": "curl -X GET -H 'Authorization: Bearer expired_jwt_token_12345' -H 'X-Token-Status: expired' -H 'X-Expected-Error: token_expired' \"http://httpbin/get\"",
"raw_request": "GET /get HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer expired_jwt_token_12345\r\nX-Token-Status: expired\r\nX-Expected-Error: token_expired\r\n\r\n",
"raw_url": "{{base_url}}/get"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "426",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer expired_jwt_token_12345",
"Connection": "keep-alive",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Expected-Error": "token_expired",
"X-Token-Status": "expired"
},
"origin": "172.18.0.3",
"url": "http://httpbin/get"
},
"size_bytes": 347,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 426\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Authorization\": \"Bearer expired_jwt_token_12345\",\n \"Connection\": \"keep-alive\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Expected-Error\": \"token_expired\",\n \"X-Token-Status\": \"expired\"\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/get\"\n}"
},
"assertions_results": [],
"captured_variables": {
"jwt_unexpectedly_valid": null,
"token_validation_issue": null
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
},
"scenarios_meta": {
"has_scenarios": true,
"executed_count": 1,
"evaluations": [
{
"index": 1,
"condition": "status_code == `401`",
"matched": false,
"executed": false,
"branch": "none",
"assertions_added": 0,
"captures_added": 0
},
{
"index": 2,
"condition": "status_code == `200`",
"matched": true,
"executed": true,
"branch": "then",
"assertions_added": 0,
"captures_added": 2
}
]
}
},
{
"step_id": "step-5-refresh-jwt-token",
"qualified_step_id": "auth_flows_test::step-5-refresh-jwt-token",
"step_name": "Refresh JWT Token",
"status": "success",
"duration_ms": 2,
"request_details": {
"method": "POST",
"url": "/post",
"headers": {
"Content-Type": "application/json",
"X-Auth-Type": "jwt_refresh"
},
"body": {
"grant_type": "refresh_token",
"refresh_token": "mock_refresh_token_456",
"client_id": "flow_test_client_12345"
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/post",
"curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'X-Auth-Type: jwt_refresh' -d '{\"grant_type\":\"refresh_token\",\"refresh_token\":\"mock_refresh_token_456\",\"client_id\":\"flow_test_client_12345\"}' \"http://httpbin/post\"",
"raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nX-Auth-Type: jwt_refresh\r\nContent-Length: 108\r\n\r\n{\"grant_type\":\"refresh_token\",\"refresh_token\":\"mock_refresh_token_456\",\"client_id\":\"flow_test_client_12345\"}",
"raw_url": "{{base_url}}/post"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "711",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"data": "{\"grant_type\":\"refresh_token\",\"refresh_token\":\"mock_refresh_token_456\",\"client_id\":\"flow_test_client_12345\"}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Content-Length": "108",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Auth-Type": "jwt_refresh"
},
"json": {
"client_id": "flow_test_client_12345",
"grant_type": "refresh_token",
"refresh_token": "mock_refresh_token_456"
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
},
"size_bytes": 589,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 711\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"data\": \"{\\\"grant_type\\\":\\\"refresh_token\\\",\\\"refresh_token\\\":\\\"mock_refresh_token_456\\\",\\\"client_id\\\":\\\"flow_test_client_12345\\\"}\",\n \"files\": {},\n \"form\": {},\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Connection\": \"keep-alive\",\n \"Content-Length\": \"108\",\n \"Content-Type\": \"application/json\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Auth-Type\": \"jwt_refresh\"\n },\n \"json\": {\n \"client_id\": \"flow_test_client_12345\",\n \"grant_type\": \"refresh_token\",\n \"refresh_token\": \"mock_refresh_token_456\"\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/post\"\n}"
},
"assertions_results": [
{
"field": "status_code",
"expected": 200,
"actual": 200,
"passed": true,
"message": "OK"
}
],
"captured_variables": {
"jwt_new_token": null,
"jwt_refresh_success": true,
"new_token_expires_in": 3600
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
}
},
{
"step_id": "step-6-oauth2-authorization-request",
"qualified_step_id": "auth_flows_test::step-6-oauth2-authorization-request",
"step_name": "OAuth2 Authorization Request",
"status": "success",
"duration_ms": 3,
"request_details": {
"method": "GET",
"url": "/get",
"params": {
"response_type": "code",
"client_id": "flow_test_client_12345",
"redirect_uri": "http://httpbin/callback",
"scope": "read write admin",
"state": "random_state_abc123"
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/get",
"curl_command": "curl -X GET \"http://httpbin/get\"",
"raw_request": "GET /get HTTP/1.1\r\nHost: httpbin\r\n\r\n",
"raw_url": "{{base_url}}/get"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "632",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {
"client_id": "flow_test_client_12345",
"redirect_uri": "http://httpbin/callback",
"response_type": "code",
"scope": "read write admin",
"state": "random_state_abc123"
},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Host": "httpbin",
"User-Agent": "axios/1.12.1"
},
"origin": "172.18.0.3",
"url": "http://httpbin/get?response_type=code&client_id=flow_test_client_12345&redirect_uri=http:%2F%2Fhttpbin%2Fcallback&scope=read+write+admin&state=random_state_abc123"
},
"size_bytes": 537,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 632\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {\n \"client_id\": \"flow_test_client_12345\",\n \"redirect_uri\": \"http://httpbin/callback\",\n \"response_type\": \"code\",\n \"scope\": \"read write admin\",\n \"state\": \"random_state_abc123\"\n },\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Connection\": \"keep-alive\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\"\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/get?response_type=code&client_id=flow_test_client_12345&redirect_uri=http:%2F%2Fhttpbin%2Fcallback&scope=read+write+admin&state=random_state_abc123\"\n}"
},
"assertions_results": [
{
"field": "status_code",
"expected": 200,
"actual": 200,
"passed": true,
"message": "OK"
}
],
"captured_variables": {
"oauth2_auth_code": null,
"oauth2_state": null,
"oauth2_redirect_uri": "{{httpbin_url}}/callback",
"oauth2_auth_started": null
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
}
},
{
"step_id": "step-7-oauth2-token-exchange",
"qualified_step_id": "auth_flows_test::step-7-oauth2-token-exchange",
"step_name": "OAuth2 Token Exchange",
"status": "success",
"duration_ms": 2,
"request_details": {
"method": "POST",
"url": "/post",
"headers": {
"Content-Type": "application/x-www-form-urlencoded",
"X-OAuth2-Flow": "authorization_code"
},
"body": {
"grant_type": "authorization_code",
"code": null,
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789",
"redirect_uri": "http://httpbin/callback"
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/post",
"curl_command": "curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -H 'X-OAuth2-Flow: authorization_code' -d '{\"grant_type\":\"authorization_code\",\"code\":null,\"client_id\":\"flow_test_client_12345\",\"client_secret\":\"secret_key_abc123xyz789\",\"redirect_uri\":\"http://httpbin/callback\"}' \"http://httpbin/post\"",
"raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/x-www-form-urlencoded\r\nX-OAuth2-Flow: authorization_code\r\nContent-Length: 167\r\n\r\n{\"grant_type\":\"authorization_code\",\"code\":null,\"client_id\":\"flow_test_client_12345\",\"client_secret\":\"secret_key_abc123xyz789\",\"redirect_uri\":\"http://httpbin/callback\"}",
"raw_url": "{{base_url}}/post"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "673",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"data": "",
"files": {},
"form": {
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789",
"grant_type": "authorization_code",
"redirect_uri": "http://httpbin/callback"
},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Content-Length": "145",
"Content-Type": "application/x-www-form-urlencoded",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Oauth2-Flow": "authorization_code"
},
"json": null,
"origin": "172.18.0.3",
"url": "http://httpbin/post"
},
"size_bytes": 544,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 673\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"data\": \"\",\n \"files\": {},\n \"form\": {\n \"client_id\": \"flow_test_client_12345\",\n \"client_secret\": \"secret_key_abc123xyz789\",\n \"grant_type\": \"authorization_code\",\n \"redirect_uri\": \"http://httpbin/callback\"\n },\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Connection\": \"keep-alive\",\n \"Content-Length\": \"145\",\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Oauth2-Flow\": \"authorization_code\"\n },\n \"json\": null,\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/post\"\n}"
},
"assertions_results": [
{
"field": "status_code",
"expected": 200,
"actual": 200,
"passed": true,
"message": "OK"
}
],
"captured_variables": {
"oauth2_access_token": "oauth2_access_token_xyz",
"oauth2_refresh_token": "oauth2_refresh_token_abc",
"oauth2_expires_in": 7200,
"oauth2_scope": "{{mock_responses.oauth2_success.scope}}",
"oauth2_token_exchange_success": true
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
}
},
{
"step_id": "step-8-access-resource-with-oauth2-token",
"qualified_step_id": "auth_flows_test::step-8-access-resource-with-oauth2-token",
"step_name": "Access Resource with OAuth2 Token",
"status": "success",
"duration_ms": 2,
"request_details": {
"method": "GET",
"url": "/get",
"headers": {
"Authorization": "Bearer oauth2_access_token_xyz",
"X-OAuth2-Scope": "{{mock_responses.oauth2_success.scope}}",
"X-Resource-Type": "protected"
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/get",
"curl_command": "curl -X GET -H 'Authorization: Bearer oauth2_access_token_xyz' -H 'X-OAuth2-Scope: {{mock_responses.oauth2_success.scope}}' -H 'X-Resource-Type: protected' \"http://httpbin/get\"",
"raw_request": "GET /get HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer oauth2_access_token_xyz\r\nX-OAuth2-Scope: {{mock_responses.oauth2_success.scope}}\r\nX-Resource-Type: protected\r\n\r\n",
"raw_url": "{{base_url}}/get"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "453",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer oauth2_access_token_xyz",
"Connection": "keep-alive",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Oauth2-Scope": "{{mock_responses.oauth2_success.scope}}",
"X-Resource-Type": "protected"
},
"origin": "172.18.0.3",
"url": "http://httpbin/get"
},
"size_bytes": 374,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 453\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Authorization\": \"Bearer oauth2_access_token_xyz\",\n \"Connection\": \"keep-alive\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Oauth2-Scope\": \"{{mock_responses.oauth2_success.scope}}\",\n \"X-Resource-Type\": \"protected\"\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/get\"\n}"
},
"assertions_results": [
{
"field": "status_code",
"expected": 200,
"actual": 200,
"passed": true,
"message": "OK"
},
{
"field": "body.headers.Authorization.contains",
"expected": "Bearer",
"actual": "Bearer oauth2_access_token_xyz",
"passed": true,
"message": "OK"
}
],
"captured_variables": {
"oauth2_resource_access": null,
"oauth2_scope_validated": null,
"protected_resource_data": "protected_data_accessed"
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
}
},
{
"step_id": "step-9-test-granular-permissions",
"qualified_step_id": "auth_flows_test::step-9-test-granular-permissions",
"step_name": "Test Granular Permissions",
"status": "success",
"duration_ms": 2,
"request_details": {
"method": "POST",
"url": "/post",
"headers": {
"Authorization": "Bearer oauth2_access_token_xyz",
"Content-Type": "application/json",
"X-Permission-Check": "admin"
},
"body": {
"action": "admin_operation",
"resource": "user_management",
"permission_required": "admin",
"user_permissions": [
"read",
"write"
]
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/post",
"curl_command": "curl -X POST -H 'Authorization: Bearer oauth2_access_token_xyz' -H 'Content-Type: application/json' -H 'X-Permission-Check: admin' -d '{\"action\":\"admin_operation\",\"resource\":\"user_management\",\"permission_required\":\"admin\",\"user_permissions\":[\"read\",\"write\"]}' \"http://httpbin/post\"",
"raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer oauth2_access_token_xyz\r\nContent-Type: application/json\r\nX-Permission-Check: admin\r\nContent-Length: 123\r\n\r\n{\"action\":\"admin_operation\",\"resource\":\"user_management\",\"permission_required\":\"admin\",\"user_permissions\":[\"read\",\"write\"]}",
"raw_url": "{{base_url}}/post"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "831",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"data": "{\"action\":\"admin_operation\",\"resource\":\"user_management\",\"permission_required\":\"admin\",\"user_permissions\":[\"read\",\"write\"]}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer oauth2_access_token_xyz",
"Connection": "keep-alive",
"Content-Length": "123",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Permission-Check": "admin"
},
"json": {
"action": "admin_operation",
"permission_required": "admin",
"resource": "user_management",
"user_permissions": [
"read",
"write"
]
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
},
"size_bytes": 675,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 831\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"data\": \"{\\\"action\\\":\\\"admin_operation\\\",\\\"resource\\\":\\\"user_management\\\",\\\"permission_required\\\":\\\"admin\\\",\\\"user_permissions\\\":[\\\"read\\\",\\\"write\\\"]}\",\n \"files\": {},\n \"form\": {},\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Authorization\": \"Bearer oauth2_access_token_xyz\",\n \"Connection\": \"keep-alive\",\n \"Content-Length\": \"123\",\n \"Content-Type\": \"application/json\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Permission-Check\": \"admin\"\n },\n \"json\": {\n \"action\": \"admin_operation\",\n \"permission_required\": \"admin\",\n \"resource\": \"user_management\",\n \"user_permissions\": [\n \"read\",\n \"write\"\n ]\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/post\"\n}"
},
"assertions_results": [],
"captured_variables": {},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
},
"scenarios_meta": {
"has_scenarios": true,
"executed_count": 0,
"evaluations": [
{
"index": 1,
"condition": "json.permission_required == `admin` && headers.\"x-permission-check\" == `admin`",
"matched": false,
"executed": false,
"branch": "none",
"assertions_added": 0,
"captures_added": 0
},
{
"index": 2,
"condition": "status_code == `403`",
"matched": false,
"executed": false,
"branch": "none",
"assertions_added": 0,
"captures_added": 0
}
]
}
},
{
"step_id": "step-10-token-revocation",
"qualified_step_id": "auth_flows_test::step-10-token-revocation",
"step_name": "Token Revocation",
"status": "success",
"duration_ms": 2,
"request_details": {
"method": "POST",
"url": "/post",
"headers": {
"Content-Type": "application/json",
"X-Auth-Action": "revoke"
},
"body": {
"token": "oauth2_access_token_xyz",
"token_type": "access_token",
"action": "revoke"
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/post",
"curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'X-Auth-Action: revoke' -d '{\"token\":\"oauth2_access_token_xyz\",\"token_type\":\"access_token\",\"action\":\"revoke\"}' \"http://httpbin/post\"",
"raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nX-Auth-Action: revoke\r\nContent-Length: 81\r\n\r\n{\"token\":\"oauth2_access_token_xyz\",\"token_type\":\"access_token\",\"action\":\"revoke\"}",
"raw_url": "{{base_url}}/post"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "653",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"data": "{\"token\":\"oauth2_access_token_xyz\",\"token_type\":\"access_token\",\"action\":\"revoke\"}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Content-Length": "81",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Auth-Action": "revoke"
},
"json": {
"action": "revoke",
"token": "oauth2_access_token_xyz",
"token_type": "access_token"
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
},
"size_bytes": 531,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 653\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"data\": \"{\\\"token\\\":\\\"oauth2_access_token_xyz\\\",\\\"token_type\\\":\\\"access_token\\\",\\\"action\\\":\\\"revoke\\\"}\",\n \"files\": {},\n \"form\": {},\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Connection\": \"keep-alive\",\n \"Content-Length\": \"81\",\n \"Content-Type\": \"application/json\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Auth-Action\": \"revoke\"\n },\n \"json\": {\n \"action\": \"revoke\",\n \"token\": \"oauth2_access_token_xyz\",\n \"token_type\": \"access_token\"\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/post\"\n}"
},
"assertions_results": [
{
"field": "status_code",
"expected": 200,
"actual": 200,
"passed": true,
"message": "OK"
}
],
"captured_variables": {
"oauth2_token_revoked": null,
"revocation_timestamp": "2025-10-19T10:28:37.534Z"
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
}
},
{
"step_id": "step-11-verify-revoked-token",
"qualified_step_id": "auth_flows_test::step-11-verify-revoked-token",
"step_name": "Verify Revoked Token",
"status": "success",
"duration_ms": 2,
"request_details": {
"method": "GET",
"url": "/get",
"headers": {
"Authorization": "Bearer oauth2_access_token_xyz",
"X-Token-Expected-Status": "revoked"
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/get",
"curl_command": "curl -X GET -H 'Authorization: Bearer oauth2_access_token_xyz' -H 'X-Token-Expected-Status: revoked' \"http://httpbin/get\"",
"raw_request": "GET /get HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer oauth2_access_token_xyz\r\nX-Token-Expected-Status: revoked\r\n\r\n",
"raw_url": "{{base_url}}/get"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "393",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer oauth2_access_token_xyz",
"Connection": "keep-alive",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Token-Expected-Status": "revoked"
},
"origin": "172.18.0.3",
"url": "http://httpbin/get"
},
"size_bytes": 321,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 393\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Authorization\": \"Bearer oauth2_access_token_xyz\",\n \"Connection\": \"keep-alive\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Token-Expected-Status\": \"revoked\"\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/get\"\n}"
},
"assertions_results": [],
"captured_variables": {
"revocation_failed": null,
"security_issue": null
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
},
"scenarios_meta": {
"has_scenarios": true,
"executed_count": 1,
"evaluations": [
{
"index": 1,
"condition": "status_code == `401`",
"matched": false,
"executed": false,
"branch": "none",
"assertions_added": 0,
"captures_added": 0
},
{
"index": 2,
"condition": "status_code == `200`",
"matched": true,
"executed": true,
"branch": "then",
"assertions_added": 0,
"captures_added": 2
}
]
}
},
{
"step_id": "step-12-complete-logout",
"qualified_step_id": "auth_flows_test::step-12-complete-logout",
"step_name": "Complete Logout",
"status": "success",
"duration_ms": 2,
"request_details": {
"method": "POST",
"url": "/post",
"headers": {
"Authorization": "Bearer ",
"Content-Type": "application/json"
},
"body": {
"logout_type": "complete",
"revoke_all_tokens": true,
"clear_session": true
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/post",
"curl_command": "curl -X POST -H 'Authorization: Bearer ' -H 'Content-Type: application/json' -d '{\"logout_type\":\"complete\",\"revoke_all_tokens\":true,\"clear_session\":true}' \"http://httpbin/post\"",
"raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer \r\nContent-Type: application/json\r\nContent-Length: 72\r\n\r\n{\"logout_type\":\"complete\",\"revoke_all_tokens\":true,\"clear_session\":true}",
"raw_url": "{{base_url}}/{{auth_endpoints.logout}}"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "631",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"data": "{\"logout_type\":\"complete\",\"revoke_all_tokens\":true,\"clear_session\":true}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer",
"Connection": "keep-alive",
"Content-Length": "72",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1"
},
"json": {
"clear_session": true,
"logout_type": "complete",
"revoke_all_tokens": true
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
},
"size_bytes": 509,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 631\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"data\": \"{\\\"logout_type\\\":\\\"complete\\\",\\\"revoke_all_tokens\\\":true,\\\"clear_session\\\":true}\",\n \"files\": {},\n \"form\": {},\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Authorization\": \"Bearer\",\n \"Connection\": \"keep-alive\",\n \"Content-Length\": \"72\",\n \"Content-Type\": \"application/json\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\"\n },\n \"json\": {\n \"clear_session\": true,\n \"logout_type\": \"complete\",\n \"revoke_all_tokens\": true\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/post\"\n}"
},
"assertions_results": [
{
"field": "status_code",
"expected": 200,
"actual": 200,
"passed": true,
"message": "OK"
}
],
"captured_variables": {
"complete_logout": null,
"all_tokens_revoked": null,
"session_cleared": null
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
}
}
},
{
"step_id": "step-13-authentication-flow-summary",
"qualified_step_id": "auth_flows_test::step-13-authentication-flow-summary",
"step_name": "Authentication Flow Summary",
"status": "success",
"duration_ms": 6,
"request_details": {
"method": "POST",
"url": "/post",
"headers": {
"Content-Type": "application/json",
"X-Test-Summary": "auth_flows"
},
"body": {
"flow_summary": "complete_auth_testing",
"results": {
"jwt_flow": {
"login": true,
"validation": true,
"refresh": true,
"profile_access": true
},
"oauth2_flow": {
"authorization": false,
"token_exchange": true,
"resource_access": false,
"revocation": false
},
"security_tests": {
"expired_token_handled": false,
"revoked_token_rejected": false,
"permission_validation": false
},
"final_cleanup": {
"logout_complete": false
}
}
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/post",
"curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'X-Test-Summary: auth_flows' -d '{\"flow_summary\":\"complete_auth_testing\",\"results\":{\"jwt_flow\":{\"login\":true,\"validation\":true,\"refresh\":true,\"profile_access\":true},\"oauth2_flow\":{\"authorization\":false,\"token_exchange\":true,\"resource_access\":false,\"revocation\":false},\"security_tests\":{\"expired_token_handled\":false,\"revoked_token_rejected\":false,\"permission_validation\":false},\"final_cleanup\":{\"logout_complete\":false}}}' \"http://httpbin/post\"",
"raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nX-Test-Summary: auth_flows\r\nContent-Length: 388\r\n\r\n{\"flow_summary\":\"complete_auth_testing\",\"results\":{\"jwt_flow\":{\"login\":true,\"validation\":true,\"refresh\":true,\"profile_access\":true},\"oauth2_flow\":{\"authorization\":false,\"token_exchange\":true,\"resource_access\":false,\"revocation\":false},\"security_tests\":{\"expired_token_handled\":false,\"revoked_token_rejected\":false,\"permission_validation\":false},\"final_cleanup\":{\"logout_complete\":false}}}",
"raw_url": "{{base_url}}/post"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "1488",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"data": "{\"flow_summary\":\"complete_auth_testing\",\"results\":{\"jwt_flow\":{\"login\":true,\"validation\":true,\"refresh\":true,\"profile_access\":true},\"oauth2_flow\":{\"authorization\":false,\"token_exchange\":true,\"resource_access\":false,\"revocation\":false},\"security_tests\":{\"expired_token_handled\":false,\"revoked_token_rejected\":false,\"permission_validation\":false},\"final_cleanup\":{\"logout_complete\":false}}}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Content-Length": "388",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Test-Summary": "auth_flows"
},
"json": {
"flow_summary": "complete_auth_testing",
"results": {
"final_cleanup": {
"logout_complete": false
},
"jwt_flow": {
"login": true,
"profile_access": true,
"refresh": true,
"validation": true
},
"oauth2_flow": {
"authorization": false,
"resource_access": false,
"revocation": false,
"token_exchange": true
},
"security_tests": {
"expired_token_handled": false,
"permission_validation": false,
"revoked_token_rejected": false
}
}
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
},
"size_bytes": 1177,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 1488\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"data\": \"{\\\"flow_summary\\\":\\\"complete_auth_testing\\\",\\\"results\\\":{\\\"jwt_flow\\\":{\\\"login\\\":true,\\\"validation\\\":true,\\\"refresh\\\":true,\\\"profile_access\\\":true},\\\"oauth2_flow\\\":{\\\"authorization\\\":false,\\\"token_exchange\\\":true,\\\"resource_access\\\":false,\\\"revocation\\\":false},\\\"security_tests\\\":{\\\"expired_token_handled\\\":false,\\\"revoked_token_rejected\\\":false,\\\"permission_validation\\\":false},\\\"final_cleanup\\\":{\\\"logout_complete\\\":false}}}\",\n \"files\": {},\n \"form\": {},\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Connection\": \"keep-alive\",\n \"Content-Length\": \"388\",\n \"Content-Type\": \"application/json\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Test-Summary\": \"auth_flows\"\n },\n \"json\": {\n \"flow_summary\": \"complete_auth_testing\",\n \"results\": {\n \"final_cleanup\": {\n \"logout_complete\": false\n },\n \"jwt_flow\": {\n \"login\": true,\n \"profile_access\": true,\n \"refresh\": true,\n \"validation\": true\n },\n \"oauth2_flow\": {\n \"authorization\": false,\n \"resource_access\": false,\n \"revocation\": false,\n \"token_exchange\": true\n },\n \"security_tests\": {\n \"expired_token_handled\": false,\n \"permission_validation\": false,\n \"revoked_token_rejected\": false\n }\n }\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/post\"\n}"
},
"assertions_results": [],
"captured_variables": {
"auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"test_completion_summary": {
"total_auth_flows": 2,
"security_tests_passed": "{{js: 0}}",
"all_flows_tested": true,
"security_compliant": false
}
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
},
"auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"test_completion_summary": {
"total_auth_flows": 2,
"security_tests_passed": "{{js: 0}}",
"all_flows_tested": true,
"security_compliant": false
}
}
}
],
"variables_captured": {},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@flowtest.com",
"password": "test_password_123",
"client_id": "flow_test_client_12345",
"client_secret": "secret_key_abc123xyz789"
},
"auth_endpoints": {
"login": "/post",
"token_refresh": "/post",
"oauth2_authorize": "/get",
"oauth2_token": "/post",
"validate_token": "/get",
"user_profile": "/get",
"logout": "/post"
},
"auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"test_completion_summary": {
"total_auth_flows": 2,
"security_tests_passed": "{{js: 0}}",
"all_flows_tested": true,
"security_compliant": false
}
},
"suite_yaml_content": "# Teste de Fluxo de Autenticação JWT e OAuth2\n# Baseado no exemplo \"Authentication Flow Testing\" do YAML_EXAMPLES.md\nsuite_name: \"Teste de Fluxos de Autenticação\"\nnode_id: \"auth_flows_test\"\ndescription: \"Testa diferentes fluxos de autenticação: JWT, OAuth2, refresh tokens, e validação de permissões\"\n\nmetadata:\n priority: \"critical\"\n tags: [\"auth\", \"security\", \"jwt\", \"oauth2\", \"critical-path\"]\n\nbase_url: \"{{httpbin_url}}\"\n\nexports:\n - jwt_token\n - oauth2_access_token\n - user_permissions\n - auth_flow_results\nexports_optional:\n - refresh_token\n\nvariables:\n\n # Credenciais de teste\n test_credentials:\n username: \"test_user@flowtest.com\"\n password: \"test_password_123\"\n client_id: \"flow_test_client_12345\"\n client_secret: \"secret_key_abc123xyz789\"\n\n # URLs simuladas de autenticação\n auth_endpoints:\n login: \"/post\"\n token_refresh: \"/post\"\n oauth2_authorize: \"/get\"\n oauth2_token: \"/post\"\n validate_token: \"/get\"\n user_profile: \"/get\"\n logout: \"/post\"\n\n # Tokens simulados para testes\n mock_responses:\n jwt_login_success:\n access_token: \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ0ZXN0X3VzZXIiLCJpYXQiOjE2MzAwMDAwMDAsImV4cCI6MTYzMDAwMzYwMCwicm9sZXMiOlsidXNlciJdLCJwZXJtaXNzaW9ucyI6WyJyZWFkIiwid3JpdGUiXX0\"\n refresh_token: \"rt_abc123def456ghi789\"\n token_type: \"Bearer\"\n expires_in: 3600\n user_id: \"usr_12345\"\n\n oauth2_success:\n access_token: \"oauth2_token_xyz789abc123\"\n refresh_token: \"oauth2_refresh_def456ghi789\"\n token_type: \"Bearer\"\n expires_in: 7200\n scope: \"read write admin\"\n\n user_profile:\n id: \"usr_12345\"\n username: \"test_user@flowtest.com\"\n name: \"Test User\"\n roles: [\"user\", \"premium\"]\n permissions: [\"read\", \"write\", \"export\"]\n last_login: \"2025-01-09T12:00:00Z\"\n\nsteps:\n # Passo 1: Login JWT Tradicional\n - name: \"JWT Login Authentication\"\n request:\n method: POST\n url: \"/post\" # Endpoint de login simplificado\n headers:\n Content-Type: \"application/json\"\n X-Auth-Type: \"jwt\"\n body:\n grant_type: \"password\"\n username: \"{{test_credentials.username}}\"\n password: \"{{test_credentials.password}}\"\n client_id: \"{{test_credentials.client_id}}\"\n\n assert:\n status_code: 200\n json.username:\n equals: \"{{test_credentials.username}}\"\n\n capture:\n jwt_token: '\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload\"' # Token simulado válido literal\n jwt_refresh_token: '\"mock_refresh_token_456\"' # Refresh token simulado literal\n jwt_expires_in: 3600 # 1 hora em segundos\n jwt_user_id: '\"12345\"' # ID do usuário\n jwt_login_success: true\n\n # Passo 2: Validação do Token JWT\n - name: \"Validate JWT Token\"\n request:\n method: GET\n url: \"/get\" # Endpoint de validação simplificado\n headers:\n Authorization: \"Bearer {{jwt_token}}\"\n X-Token-Type: \"jwt\"\n X-Validation-Mode: \"full\"\n\n assert:\n status_code: 200\n body:\n headers:\n Authorization:\n contains: \"Bearer\"\n\n capture:\n jwt_valid: true\n jwt_payload_decoded: \"body.json\" # Captura o payload do JSON\n token_validation_time: \"{{js: new Date().toISOString()}}\" # Timestamp atual\n\n # Passo 3: Obter Perfil do Usuário com JWT\n - name: \"Get User Profile with JWT\"\n request:\n method: GET\n url: \"/get\" # Endpoint de perfil simplificado\n headers:\n Authorization: \"Bearer {{jwt_token}}\"\n Accept: \"application/json\"\n X-Include-Permissions: \"true\"\n\n assert:\n status_code: 200\n\n capture:\n user_profile: \"body.json\" # Captura o perfil do usuário\n user_permissions: \"body.json.permissions || ['read', 'write']\" # Permissões do usuário\n user_roles: \"body.json.roles || ['user']\" # Roles do usuário\n profile_fetch_success: true\n\n # Passo 4: Teste de Token Expirado (simulado)\n - name: \"Test Expired JWT Token\"\n request:\n method: GET\n url: \"/get\"\n headers:\n Authorization: \"Bearer expired_jwt_token_12345\"\n X-Token-Status: \"expired\"\n X-Expected-Error: \"token_expired\"\n\n scenarios:\n # Cenário A: Token expirado retorna 401\n - condition: \"status_code == `401`\"\n then:\n capture:\n jwt_expired_handled: \"true\"\n auth_error_detected: \"true\"\n\n # Cenário B: Token ainda válido (inesperado)\n - condition: \"status_code == `200`\"\n then:\n capture:\n jwt_unexpectedly_valid: \"true\"\n token_validation_issue: \"true\"\n\n # Passo 5: Refresh do Token JWT\n - name: \"Refresh JWT Token\"\n request:\n method: POST\n url: \"/post\" # Endpoint de refresh simplificado\n headers:\n Content-Type: \"application/json\"\n X-Auth-Type: \"jwt_refresh\"\n body:\n grant_type: \"refresh_token\"\n refresh_token: \"{{jwt_refresh_token}}\"\n client_id: \"{{test_credentials.client_id}}\"\n\n assert:\n status_code: 200\n json.refresh_token:\n equals: \"{{jwt_refresh_token}}\"\n\n capture:\n jwt_new_token: \"mock_jwt_token_123_refreshed\" # Token renovado\n jwt_refresh_success: true\n new_token_expires_in: 3600 # 1 hora para token renovado\n\n # Passo 6: Início do Fluxo OAuth2\n - name: \"OAuth2 Authorization Request\"\n request:\n method: GET\n url: \"/get\" # Endpoint de autorização OAuth2 simplificado\n params:\n response_type: \"code\"\n client_id: \"{{test_credentials.client_id}}\"\n redirect_uri: \"{{httpbin_url}}/callback\"\n scope: \"read write admin\"\n state: \"random_state_abc123\"\n\n assert:\n status_code: 200\n args.response_type:\n equals: \"code\"\n args.client_id:\n equals: \"{{test_credentials.client_id}}\"\n\n capture:\n oauth2_auth_code: \"auth_code_xyz789abc123\"\n oauth2_state: \"random_state_string\" # State para OAuth2\n oauth2_redirect_uri: \"{{httpbin_url}}/callback\" # URI de callback\n oauth2_auth_started: \"true\"\n\n # Passo 7: Trocar Authorization Code por Access Token\n - name: \"OAuth2 Token Exchange\"\n request:\n method: POST\n url: \"/post\" # Endpoint de token OAuth2 simplificado\n headers:\n Content-Type: \"application/x-www-form-urlencoded\"\n X-OAuth2-Flow: \"authorization_code\"\n body:\n grant_type: \"authorization_code\"\n code: \"{{oauth2_auth_code}}\"\n client_id: \"{{test_credentials.client_id}}\"\n client_secret: \"{{test_credentials.client_secret}}\"\n redirect_uri: \"{{httpbin_url}}/callback\" # URI de callback direta\n\n assert:\n status_code: 200\n json.grant_type:\n equals: \"authorization_code\"\n json.code:\n equals: \"{{oauth2_auth_code}}\"\n\n capture:\n oauth2_access_token: '\"oauth2_access_token_xyz\"' # Token OAuth2 simulado literal\n oauth2_refresh_token: '\"oauth2_refresh_token_abc\"' # Refresh token OAuth2 literal\n oauth2_expires_in: 7200 # 2 horas em segundos\n oauth2_scope: \"{{mock_responses.oauth2_success.scope}}\"\n oauth2_token_exchange_success: true\n\n # Passo 8: Usar OAuth2 Token para Acessar Recursos\n - name: \"Access Resource with OAuth2 Token\"\n request:\n method: GET\n url: \"/get\"\n headers:\n Authorization: \"Bearer {{oauth2_access_token}}\"\n X-OAuth2-Scope: \"{{oauth2_scope}}\"\n X-Resource-Type: \"protected\"\n\n assert:\n status_code: 200\n body:\n headers:\n Authorization:\n contains: \"Bearer\"\n\n capture:\n oauth2_resource_access: \"true\"\n oauth2_scope_validated: \"true\"\n protected_resource_data: \"json.data || 'protected_data_accessed'\"\n\n # Passo 9: Teste de Permissões Granulares\n - name: \"Test Granular Permissions\"\n request:\n method: POST\n url: \"/post\"\n headers:\n Authorization: \"Bearer {{oauth2_access_token}}\"\n Content-Type: \"application/json\"\n X-Permission-Check: \"admin\"\n body:\n action: \"admin_operation\"\n resource: \"user_management\"\n permission_required: \"admin\"\n user_permissions: \"{{user_permissions}}\"\n\n scenarios:\n # Cenário A: Usuário tem permissão admin\n - condition: \"json.permission_required == `admin` && headers.\\\"x-permission-check\\\" == `admin`\"\n then:\n assert:\n status_code: 200\n json.action:\n equals: \"admin_operation\"\n capture:\n admin_permission_granted: \"true\"\n admin_operation_success: \"true\"\n\n # Cenário B: Usuário não tem permissão admin\n - condition: \"status_code == `403`\"\n then:\n capture:\n admin_permission_denied: \"true\"\n insufficient_privileges: \"true\"\n\n # Passo 10: Revogação de Token\n - name: \"Token Revocation\"\n request:\n method: POST\n url: \"/post\"\n headers:\n Content-Type: \"application/json\"\n X-Auth-Action: \"revoke\"\n body:\n token: \"{{oauth2_access_token}}\"\n token_type: \"access_token\"\n action: \"revoke\"\n\n assert:\n status_code: 200\n json.action:\n equals: \"revoke\"\n\n capture:\n oauth2_token_revoked: \"true\"\n revocation_timestamp: \"{{js: new Date().toISOString()}}\" # Timestamp de revogação\n\n # Passo 11: Verificar Token Revogado\n - name: \"Verify Revoked Token\"\n request:\n method: GET\n url: \"/get\"\n headers:\n Authorization: \"Bearer {{oauth2_access_token}}\"\n X-Token-Expected-Status: \"revoked\"\n\n scenarios:\n # Cenário A: Token revogado retorna 401\n - condition: \"status_code == `401`\"\n then:\n capture:\n revoked_token_rejected: \"true\"\n token_revocation_effective: \"true\"\n\n # Cenário B: Token ainda aceito (erro na revogação)\n - condition: \"status_code == `200`\"\n then:\n capture:\n revocation_failed: \"true\"\n security_issue: \"true\"\n\n # Passo 12: Logout Completo\n - name: \"Complete Logout\"\n request:\n method: POST\n url: \"{{auth_endpoints.logout}}\"\n headers:\n Authorization: \"Bearer {{jwt_new_token}}\"\n Content-Type: \"application/json\"\n body:\n logout_type: \"complete\"\n revoke_all_tokens: true\n clear_session: true\n\n assert:\n status_code: 200\n json.logout_type:\n equals: \"complete\"\n\n capture:\n complete_logout: \"true\"\n all_tokens_revoked: \"true\"\n session_cleared: \"true\"\n\n # Passo 13: Resumo dos Resultados de Autenticação\n - name: \"Authentication Flow Summary\"\n request:\n method: POST\n url: \"/post\"\n headers:\n Content-Type: \"application/json\"\n X-Test-Summary: \"auth_flows\"\n body:\n flow_summary: \"complete_auth_testing\"\n results:\n jwt_flow:\n login: \"{{js: Boolean(variables.jwt_login_success)}}\"\n validation: \"{{js: Boolean(variables.jwt_valid)}}\"\n refresh: \"{{js: Boolean(variables.jwt_refresh_success)}}\"\n profile_access: \"{{js: Boolean(variables.profile_fetch_success)}}\"\n oauth2_flow:\n authorization: \"{{js: Boolean(variables.oauth2_auth_started)}}\"\n token_exchange: \"{{js: Boolean(variables.oauth2_token_exchange_success)}}\"\n resource_access: \"{{js: Boolean(variables.oauth2_resource_access)}}\"\n revocation: \"{{js: Boolean(variables.oauth2_token_revoked)}}\"\n security_tests:\n expired_token_handled: \"{{js: Boolean(variables.jwt_expired_handled)}}\"\n revoked_token_rejected: \"{{js: Boolean(variables.revoked_token_rejected)}}\"\n permission_validation: \"{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}\"\n final_cleanup:\n logout_complete: \"{{js: Boolean(variables.complete_logout)}}\"\n\n capture:\n auth_flow_results:\n jwt_authentication:\n status: \"{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}\"\n tokens_issued: 2\n profile_access: \"{{js: Boolean(variables.profile_fetch_success)}}\"\n oauth2_authentication:\n status: \"{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}\"\n authorization_code_flow: \"{{js: Boolean(variables.oauth2_auth_started)}}\"\n token_management: \"{{js: Boolean(variables.oauth2_token_revoked)}}\"\n security_validation:\n expired_tokens: \"{{js: Boolean(variables.jwt_expired_handled)}}\"\n revoked_tokens: \"{{js: Boolean(variables.revoked_token_rejected)}}\"\n permissions: \"{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}\"\n session_management:\n logout_success: \"{{js: Boolean(variables.complete_logout)}}\"\n cleanup_complete: \"{{js: Boolean(variables.all_tokens_revoked)}}\"\n\n test_completion_summary:\n total_auth_flows: 2\n security_tests_passed: \"{{js: 0}}\"\n all_flows_tested: true\n security_compliant: false\n"
}