From c3c23293d9d35644228e7afc6aee056d766c1f77 Mon Sep 17 00:00:00 2001 From: Callan Howell-Pavia Date: Fri, 20 Oct 2023 11:30:33 +1100 Subject: [PATCH] Added Secure Session Usage Example --- ...of Use is new here.postman_collection.json | 27560 ++++++++++++++++ 1 file changed, 27560 insertions(+) create mode 100644 idcs-authn-api-rest-clients/19.2.1 Oracle Identity Cloud Service Authentication API - Acc Rec + Terms of Use is new here.postman_collection.json diff --git a/idcs-authn-api-rest-clients/19.2.1 Oracle Identity Cloud Service Authentication API - Acc Rec + Terms of Use is new here.postman_collection.json b/idcs-authn-api-rest-clients/19.2.1 Oracle Identity Cloud Service Authentication API - Acc Rec + Terms of Use is new here.postman_collection.json new file mode 100644 index 0000000..aad2ac5 --- /dev/null +++ b/idcs-authn-api-rest-clients/19.2.1 Oracle Identity Cloud Service Authentication API - Acc Rec + Terms of Use is new here.postman_collection.json @@ -0,0 +1,27560 @@ +{ + "info": { + "_postman_id": "77a28be8-a29f-46ea-90f0-814a956c98e2", + "name": "19.2.1 Oracle Identity Cloud Service Authentication API - Acc Rec + Terms of Use is new here", + "description": "Customzing the log in experience with Oracle Identity Cloud Service has required that end users have 3-party cookies enabled in their browsers. This is a problem to many users, especially those providing B2C applications where they can't impose any controls on end-user behavior.\r\n\r\nOracle Identity Cloud Service has eliminated that dependency by introducing new authenticating APIs based on the concept of a state machine, where request responses inform an application client what has to be done next.\r\n\r\nThe requestState provided in each request response is used in the next request, providing the client with the information that it needs to process the request, and then provide the next set of operations allowed.", + "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", + "_exporter_id": "28499249" + }, + "item": [ + { + "name": "Authentication Without MFA", + "item": [ + { + "name": "Step 1: Authentication Request with AppName", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to initial /sso/v1/sdk/authenticate?appName=appname", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 11 May 2018 16:31:36 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "D92K30G1000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"ZThJpG52InI1.....mNB3tRgFpl\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submission (No MFA)", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n\r\n \"requestState\":\"{{requestState}}\"\r\n\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "The following must be included in the request:\r\n\r\ncredentials: user name and password\r\nrequestState: received in the Step 1 response\r\nop: tells the server what kind of operation the client wants" + }, + "response": [ + { + "name": "Response to Step 2: Authn Token Issued (No MFA)", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n\r\n \"requestState\":\"1YvkVKDJkSgg.....qKLin6fDEd\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2113", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 11 May 2018 16:47:24 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iigF90e0000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....UKofudtemmJE\",\n \"status\": \"success\"\n}" + }, + { + "name": "Error Example: User Name Password Authentication Failure", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n\r\n \"op\":\"credSubmit\",\r\n\r\n \"credentials\":{ \r\n\r\n \"username\":\"User Name\",\r\n\r\n \"password\":\"Password\"\r\n\r\n },\r\n\r\n \"requestState\":\"e5kwGYx57taQjDIfISyQI1cNprvZ0LfSue5FYzsfMOD+A8cbYvloD+cGNVaX4xtb9sSEdEHG5GoCNpWCg2wudHmSOPQH3E7u6QsD5TvvNN9Gqn2w5oJvnd2gKS6zGNwsC+fpkoRcYCfyKpfbO61y9vdEQC31IExsyY0Eydd5Ry9LxTUpnF/5IO5dn1IOmDLUQIZ2S0u4p7Z3F+w9KhKvL9I60WI3Tav3fhF6j7I5TXRtjWXIw8wPEJxCtXF6vArxknusQwYK+9uNkn6Ga6ZPYC2MCjvs5/JecfDjfQIkAwpgGSfRwOPVlDG1gRtGh+XY71wRpnnz3aIcfjDsPbnqzXvub3fCQ804trBYFnF6/8I~22ZokyFWXV8wPzO0tw0UiVECpPEiaS377qwzINfUBuA\"\r\n\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "535", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 23 May 2018 00:43:52 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "CURxY0n3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"failed\",\n \"cause\": [\n {\n \"message\": \"You entered an incorrect user name or password.\",\n \"code\": \"AUTH-3001\"\n }\n ],\n \"requestState\": \"e5kwGYx57taQ.....jyg3nEDFya\"\n}" + } + ] + }, + { + "name": "Step 3: Obtain a Session and Redirect to App", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/x-www-form-urlencoded", + "type": "text" + } + ], + "body": { + "mode": "raw", + "raw": "authnToken=eyJraWQiOiJT.....UKofudtemmJE&authorization={{access_token}}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/secure/session", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "secure", + "session" + ] + } + }, + "response": [ + { + "name": "Response to Step 3: Redirect to App", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/x-www-form-urlencoded", + "type": "text" + } + ], + "body": { + "mode": "raw", + "raw": "authnToken=eyJraWQiOiJT.....UKofudtemmJE&authorization={{access_token}}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/secure/session", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "secure", + "session" + ] + } + }, + "status": "Found", + "code": 302, + "_postman_previewlanguage": null, + "header": [ + { + "key": "Location", + "value": "https://app.domain.com/callback?code=abc12345", + "description": "", + "type": "text" + }, + { + "key": "Set-Cookie", + "value": "ORA_OCIS_REQ_1=+fxgW2P7bgQayiki5P;Version=1;Path=/;Secure;HttpOnly", + "description": "", + "type": "text" + }, + { + "key": "Content-Length", + "value": "0", + "description": "", + "type": "text" + } + ], + "cookie": [], + "body": null + } + ] + } + ], + "description": "Test authentication using the user's credentials and the requestState without Multi-Factor Authentication.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authentication Using User Name/Password + MFA Enrollment", + "item": [ + { + "name": "Offline Time-Based One-Time Passcode (TOTP) Enrollment", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 16 May 2018 22:09:00 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "WBAdy0V2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"IlmtqyuSZbFA.....G0no0njX8gy0\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"{{username}}\",\r\n \"password\": \"{{password}}\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the username and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"enrollment\" indicates that the user should enroll in an MFA factor as the next step.\r\n\r\nNote that BYPASSCODE is missing in the response since the user can't enroll using a Bypass Code. The Bypass Code should be generated by the user using My Profile or by requesting that an administrator generate one for them.\r\n\r\nThe policy evaluation happens in the background and the next applicable operation (either enrollment or authentication) is sent in the response." + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"username\",\r\n \"password\": \"password\"\r\n },\r\n \"requestState\": \"fP761UnR5Zr+.....cqnIAfitT2Rc\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2053", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 16 May 2018 22:09:42 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zl9Ay1L1000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"PUSH\",\n \"TOTP\",\n \"SMS\",\n \"EMAIL\",\n \"SECURITY_QUESTIONS\"\n ],\n \"TOTP\": {\n \"credentials\": [\n \"offlineTotp\"\n ]\n },\n \"SMS\": {\n \"credentials\": [\n \"phoneNumber\"\n ]\n },\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"zKhwYXxDMaoF.....YzYZhxoIwGVA\"\n}" + } + ] + }, + { + "name": "Step 3: Initiate Offline TOTP Enrollment Request", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\", \r\n \"authFactor\":\"TOTP\",\r\n \"credentials\":{ \r\n \"offlineTotp\":true\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to enroll in the offline TOTP factor. In this request, you must include the requestState that was received in the Step 2 response.\r\n\r\nThe requestState in the request contains the following information:\r\n\r\n- deviceId\r\n- authFactor\r\n- tenantName\r\n- appName\r\n- ecid\r\n\r\nFor the Next Step:\r\nThe client must pass the requestState that was received in the Step 3 response.\r\n\r\nTo get a QR Code to scan for testing purposes:\r\nYou must copy the value of the qrCode \"content\" value and use an online QR Code Generator (such as: https://www.the-qrcode-generator.com) to generate a QR Code to scan using the Oracle Mobile Authenticator App to get the otpCode to use in Step 4." + }, + "response": [ + { + "name": "Response to Step 3: Offline TOTP Enrollment Request", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\", \r\n \"authFactor\":\"TOTP\",\r\n \"credentials\":{ \r\n \"offlineTotp\":true\r\n },\r\n \"requestState\":\"3I2HMSRcPuzM.....KeuZ/o7pjBkI\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "5097", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 16 May 2018 22:10:21 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "NjvHo042000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's Phone-1\",\n \"TOTP\": {\n \"credentials\": [\n \"otpCode\"\n ],\n \"qrCode\": {\n \"content\": \"otpauth://totp/joesmith%40example.com?issuer=example1&period=30&algorithm=SHA1&digits=6&RSA=SHA256withRSA&Deviceid=d5601f02977d42deb9ebaf3786694cc1&RequestId=51c8edcc-0743-4802-9eb8-68bfcb05c3dc&secret=G7CQBK3EQOHUHT4IKO5COINDPQ&ServiceType=TOTP&KeyPairLength=2048&SSE=Base32\",\n \"imageType\": \"image/png\",\n \"imageData\": \"iVBORw0KGgoAAAANSUhEUgAAAPoAAAD6CAIAAAAHjs1qAAAHpElEQVR42u3dwXbbSAwEQP//Tyf35GJNN0BSrD5mrUgka/QwGMT780fkNflxCwR3EdxFcBfBXQR3EdxFcBfBXQR3EdxFcBfcRXAXwV0EdxHcRXAXwV0EdxHcRXAXwV1wF8FdBHcR3EVwF8FdBHcR3EVwF7kN958sZ+919jMfven/P/ybvzl81W9e3rq9v/mbL3nKuOOOO+64434V9/BVl4gJ/57Q/Ucr82ytni2A8N3DV+GOO+6444775dxDOmEJ2Coc6w84XIfhBW5uIXDHHXfcccf9ndzPumCtxuhZIdt60meL5KOruO1uB3fccccdd9y/r3ZvNeNa9eu1R4z1zubZZgB33HHHHXfcX8U9XCRhfR92Ns9wz62xucI6/OqZs4E77rjjjjvuV3EPC1l/8og/Me+OO+64447793G/pMU5tw5DFvVOYtgh3ezzXg8Gd9xxxx133Odr9/AptlRtlq3heWR4CBo2T+e+BXDHHXfcccf9htxbJ3Cbg+9nV3E2iXV2yeHKPLu9H11y+MO444477rjj/qzaPTyKm5ub35ygCqfZ5rqxrYVtiAB33HHHHfevqd3niuZWe26uORhe18L3Qutm2qrijjvuuOP+dO4Lh5fhad/m4FRr49E6+wxXS707jDvuuOOOO+535h4eFtZ/uAUu3IG0ZrNalDfvxhc2InHHHXfccX8Z97lGW7jYFs5ZQ9MtOvUlUV/huOOOO+64437DRmRrorrlNWzY1T98eBVzi3bzhBt33HHHHXfc78x9rn5d6IeGz6y1Mhc2S61bd7ly3HHHHXfccV9QHpaAdVX1/mN9PH2z1K5/d1wV3HHHHXfccW/1H1vNylZzMKyVL6mM603Y1rvPbXtwxx133HHH/T6NyPBRzT2zzdJ2biezMJXe2orgjjvuuOOO+7O415uMH71qjk6rP3tmaOEINmw7zt1D3HHHHXfccb/8F14vlLbhyeuZxblNRasuX2gcO1XFHXfcccf9+7jXH3m9cGy9afjuZx81rMJbV9H68LjjjjvuuOP+CO4tguHjrPfgwhXe2hq1Fm19i/XS2h133HHHHfeXcQ/HuM8+RvgW4bI5Exy+xdlmINwsqd1xxx133HF/KPe5qfSwIF7opoW18uZ3R33Y6z7nrLjjjjvuuON+k45k691D03Pt1LnT4lZLsXXO+s3/vAN33HHHHfd3/CaCVpUZluxzN7218WgN4tcbrAuns7jjjjvuuON+n0bkGYsQd6tPFyJoXeDcEFv9w9cH1HDHHXfcccf9cu71UntumKnVmqzPioU3fO70+uxj/NkN7rjjjjvuuNdr9xaduUO+ubL+7E9aE29nXyL1z/yurSruuOOOO+6P5d5q/J3dmrMiNXzSretqjZq1cLdWnSEC3HHHHXfcn8691TsLy8TW2Nbc/NbcDNxCk/Glp6q444477ri/vnafWxL1wrE+GdYqmue2GXN9Z9xxxx133HH/4tq91ZoMK/VWYb25u2jdjXBrdLb8cMcdd9xxx/2G3Ov14pyGBbh1H3VMl8zk4Y477rjjjvsNuddHl8IB+rNzzTmC9TGyuUfQWmy444477rjj/n3cL2lohoNTrTZoy3TYSWztiC7vNuKOO+644477HPdW9VxX1Zq7qp+zni3j+pJoDfDVO9G444477rjjfp9597ke3BnTObgLDcT6y1tfRq9oROKOO+644/6OY6awggwr2s3a/WxF1b8p6n3MuWeKO+6444477g/lHj681jxZ/VFt9h9bJ8qb3zi444477rjj/qxGZKtBFlZ+recaXk69RK53h+d2IN9cu+OOO+644/76mZmFh9cq4uvjaHV5ocXw1r29dscdd9xxx92p6tgQ0tx7tfYJcz3c+puGtxd33HHHHXfcv68RWe8AfnRn6y3F1rIJl/FZ0dw6eb1PcMcdd9xxx32uI3n2qOa6lmefOVy9LZT1crx1Xe/qu+OOO+644/76X3gd3qzWsml9sEsm3sKNUHjnW9sV3HHHHXfccb8h9/BVrbI+PP+b+4T1Ufg5yq3GKO6444477rg/gvtcidxqkLU2HnMPeG7ibbM5eNXJK+6444477rjPLYA6lPqyqfcE68rnVktrL/GKRiTuuOOOO+4v+1+R1S97rnY/+/DhfwoPpOeG4x+0T8Add9xxxx33nUq9XvAttAvr56Nz0+T1ZTNXzeOOO+644477IxqR9bp84S0WpuTD66pvM1rfOJdPhuGOO+644477Qu2+UG6ePeD64e5c0VxfLQs36qWNSNxxxx133B/LvfWqViNy4fNsPvK5of/6db3iVBV33HHHHfd3/FqluXoxnHxqPenW6WNrkxNuGBY+GO6444477ri/gXt9CCkcPZ87Oj076Vz4zOGSwB133HHHHXe1e6UDeEnfsDVc1TJU/1ppfdHgjjvuuOOO+525tx7DmZiz2r2+jFtz8+FtWbhRuOOOO+644/413Ovz7mHL7OyR18vxS5Z62Huda5XijjvuuOOO+w25i9wkuAvuIriL4C6CuwjuIriL4C6CuwjuIriL4C64i+AugrsI7iK4i+AugrsI7iK4i+AugrvgLoK7CO4iuIvgLoK7CO4iuIvgLoK7yD/5C10IfNWkcFFCAAAAAElFTkSuQmCC\"\n }\n },\n \"nextOp\": [\n \"credSubmit\",\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"Jbl8BW8ziNOx.....mJlybL2YHPPk\"\n}" + } + ] + }, + { + "name": "Step 4: Submit Factor Credentials", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{\r\n \"otpCode\":\"660928\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the factor credentials and the requestState that was received in the Step 3 response.\r\n\r\nThe otpCode attribute contains the passcode generated on the third-party code generator app.\r\n\r\nThe requestState in the request contains:\r\n\r\n- deviceId\r\n- authFactor\r\n\r\nBecause deviceId and authFactor are included in the requestState, the client doesn't need to specify this information in the request.\r\n\r\nIn the Response, \r\n\"nextOp\": \"createToken\" indicates that the client can request the token in the next request.\r\n\r\nThe user can also choose to continue to enroll in other factors. Should the user continue to enroll, an extra call should be made to get the details of all factors (Get Backup Factors) that a user can enroll in.\r\n\r\nIncluded in the requestState that is received in the response:\r\n\r\n- creationTime\r\n- tenantName\r\n- appName" + }, + "response": [ + { + "name": "Response to Step 4: Offline TOTP Enrollment Submit Factor Credentials", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{\r\n \"otpCode\":\"660928\"\r\n },\r\n \"requestState\":\"/YbsJ/8zHjLI.....bQQilpY2k7qs\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2086", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 23 May 2018 22:43:43 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zy5OP085000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's Phone\",\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"PEwy17PKcd+Z.....4l+7992A3c2U\"\n}" + } + ] + }, + { + "name": "Step 5: Create Token After Enrollment is Complete", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step replicates the \"Done\" functionality where the client says \"I am done with all authnFactors and need a session created\".\n\nThe server validates that no other factor evaluation (depending on what is defined for the policy) is needed and responds with the token or denies access." + }, + "response": [ + { + "name": "Response to Step 5: Create Token After Enrollment is Complete", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"8OU/pKMMPJfG.....GfVDaZZD/P3c\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2235", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 15:22:14 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "DbVW61z2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....bH_iVqco67XA\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "A mobile app uses either a one-time passcode (TOTP) or push notifications to prove that the user has possession of the mobile device. Only the mobile app that is in possession of the user's secret key can generate a valid OTP. Provisioning the secret key can be done online or offline. \r\n \r\nThis enrollment scenario is using the user's credentials, the requestState, and the offline MFA TOTP.\r\n \r\nIdentity Cloud Service users can use the OMA app or any supported third-party authenticator app that they want to generate OTPs. However, users must use the OMA app to receive push notifications. Use the Scan offline QR Code option to set up 3rd party authenticators.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Online Time-Based One-Time Passcode (TOTP) Enrollment", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "667", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 16:52:21 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "c00Hf0E7000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"MXrpgtmSMcoV.....XShQxyGE8yOs\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"{{username}}\",\r\n \"password\": \"{{password}}\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the username and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"enrollment\" indicates that the user should enroll in an MFA factor as the next step.\r\n\r\nNote: This assumes that MFA is enabled and a sign-on policy is created for the environment.\r\n\r\nThe policy evaluation happens in the background and the next applicable operation (either enrollment or authentication) is sent in the response.\r\n\r\nNote that BYPASSCODE is missing in the response since the user can't enroll using a Bypass Code. The Bypass Code should be generated by the user using My Profile or by requesting that an administrator generate one for them.\r\n\r\n" + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"username\",\r\n \"password\": \"Password\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1876", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 16:52:40 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "c00Hf0F7000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"TOTP\",\n \"SMS\",\n \"EMAIL\",\n \"SECURITY_QUESTIONS\"\n ],\n \"TOTP\": {\n \"credentials\": [\n \"offlineTotp\"\n ]\n },\n \"SMS\": {\n \"credentials\": [\n \"phoneNumber\"\n ]\n },\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"m3oIaGVOlHwA...../Fi+1RpmKmd4\"\n}" + } + ] + }, + { + "name": "Step 3: Initiate Online TOTP Enrollment Request", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"TOTP\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step makes the request to enroll in an online TOTP. You must include in this request the requestState that was received in the Step 2 response. \r\n\r\nIn the Response:\r\n\r\nThe requestState in the response contains the following information:\r\n- deviceId\r\n- creationTime\r\n- tenantName\r\n- appName\r\n\r\nNote that the value for \"content\" always begins with \"oraclemobileauthenticator//\"\r\n\r\nTo get a QR Code to scan for testing purposes:\r\n\r\nYou must copy the value of the qrCode \"content\" value and use an online QR Code Generator (such as: https://www.the-qrcode-generator.com) to generate a QR Code to scan using the Oracle Mobile Authenticator App to get the otpCode to use in Step 4." + }, + "response": [ + { + "name": "Response to Step 3: Online TOTP Enrollment Request", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"TOTP\",\r\n \"requestState\":\"m3oIaGVOlHwA....../Fi+1RpmKmd4\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "7904", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 16:53:02 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "c00Hf0G7000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's Phone\",\n \"TOTP\": {\n \"credentials\": [\n \"otpCode\"\n ],\n \"qrCode\": {\n \"content\": \"oraclemobileauthenticator://totp/user?issuer=example1&period=30&algorithm=SHA1&digits=6&RSA=SHA256withRSA&Deviceid=22f38324e67f4e2bb8e9e24583924a31&RequestId=9b428c1a-abb3-40ee-bd24-5064a87b638e&LoginURL=https%3A%2F%2Fexampletenant.com%3A8943%2Fsso%2Fv1%2F&OTP=eyJraWQiOiJTSUdOSU5HX0tFWSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJkZXZpY2VfaWQiOiIyMmYzODMyNGU2N2Y0ZTJiYjhlOWUyNDU4MzkyNGEzMSIsImlzcyI6IkF1dGhTcnYiLCJleHAiOjE1MjcxODEwODEsImlhdCI6MTUyNzE4MDc4MSwidGVuYW50IjoidGVuYW50MSJ9.Of0Hv5H3aRpDqdsiFLO0YkK2gbzq78k3jaJFwoWwR5LKOEH-9qTt1zjSiXujPD1T__8fEZDi8iKDyxXtL5zjAlEKd5wI026JjekG58ROPjW8gADWcMrTGQ4Lgw4Q0UPjk8Fm8AloQ1vS6xpDre6S-Vv620z28EKWZK_yGhUVSfAJVzSUxaypLtQhOQJBCNAzCElUgqyav7Vpi2z5eVQBQRtXv-Z_sTgrFXaVmVU3uSNVcg6zVX2x0fMQFgeO5lyC3U2Yy9JgA7iMfAMpuNvBzW0GjyByPAYRVnHSLPuHL1qiNx9ygpoVEcFLQJcOPuDLW2bW9ZwbUcVdS0F4L_2NfA&ServiceType=TOTP&KeyPairLength=2048&SSE=Base32\",\n \"imageType\": \"image/png\",\n \"imageData\": \"iVBORw0KGgoAAAANSUhEUgAAASwAAAEsCAIAAAD2HxkiAAAOtklEQVR42u3bYbLbxhKDUe9/0+8tIHVd3UDzRlQOfrkcWaLI+SYQ0PPnf0T0r+qPW0AEQiIQEhEIiUBIRCAkAiERgZAIhEQEQiIQEhEIiUBIRCAkAiERgZAIhEQEQiIQEhEIiUBIRCAkAiERgZAIhEQEQiIQEhEIiUBIRCAkAiERgZAIhEQEQiIQEhEIiUBIRCAkAiERgZAIhEQEQiIQEhEIiUBIRCAkAiERgZAIhMk1jfXPf/XTO/z9nf/+6ZP3/+mVP73z5MrnVzX/7j9d1eRKJt/rp9dkn7i9h9s1A0IQghCEnw1h9iDni3v7yOdgXC2gn77dLU7N5vL37351PU+sGRCCEIQgfA+EW3M1eZCTxbS1vpkRnS+RxpZn33GO2e31TJ5a82MEhCAEIQi/EcKJodpaqeZq54umsWTbcOI2tsmirCyIyrZFEIIQhCD8r9rReYj/+7bwakFsYevv9rYM2F5/ZtrnGzEIQQhCEP43Koqs6t0+8j56aZbOFo/G+jYDCQ1smTFWUYAQhCD8Rgjntsef/dnYGgj9GYTfBeETVnYSnzSBytZGNkNw2Zje9lPmpnpenGT1xtWVf+6iBSEIQQjCNoJvbElTAW+Liixm6I/t3BblWVGR1SpP/AABIQhBCMK3VRTb40iNDbsahcvqhwy/fpvLKpntVpg9nazeUNaDEIQg/C47ehvAZBX/HKosuriyXv1Rryym2o4xPBEIzV8DQhCCEITfAuF8cc8D9CtDlRUe/Sh2Zqq3xnhbhW+vPNsWb+8hCEEIQhB+alHRhDd98TCPTLYmc7twt5VAZgKz4YGr0fOrbZEdBSEIQfhddrSJDebwXMVC2SBbH3LMo53+zl8d75rfk+y7KOtBCEIQvhPCLN5oQoW+VGiQaEaZ5wu3jzca29wHKs2dASEIQQjCtwUz/cOeg91EKX14M7fHWdy//ZRb09jXJ1n8Y4AbhCAE4fdCeHXEqTEw/aDwVR1yW/dnB7KeGzDsLboBbhCCEITvD2a24cfVK+cxwLwGyD6lwb4pG/oxicZGXl3VdhsCIQhBCMLPhnAbXWz/fv4IszG3frTt9oDSNmrKNqnbY1bZs1BRgBCEIPyWYCYzV1mlntUD2zGDHqG+zt6a7fmVNLVEBk9/nAqEIAQhCD8bv6Ygzsaam1HsbGvIQpdmpPs2+Lkyt0+EOiAEIQhB+H47OgdmC2pjSq9ijO1S7uv+zLA1R6Xmd+y2SgEhCEEIwvdDeBtL3AYnz5nSLQbb6qVZ7vM7mQ1RZCb5dUYUhCAEIQhrC7pdHA0wW2OWmdWm2r6tTJpPmZj8+Q+BqyDH2BoIQQjC99vRLJ7p45PnEL39XlvTPi8Askgsi7WaiOulRQUIQQhCEC5NTjMYlS2s7fv0Q8/brWE7Pt4POfTj6dv7nIU97CgIQQjCd0KYgXF7pCiL3bfjXX0Ef7VArz4lM6WZ+W+G/kAIQhCC8D0Q9tZxG8RfYdabwMyybgfNr8KqbeSzvUvboOtFKIIQhCAE4VEosrWaWRSxrYMzjJs64QrRCTZ9KJU9qb5WASEIQQjCt1UUzfLdvn82orX9+6yW2Nqw7Ta3/a+NLc/uVXYNHw4kCEEIQhBGxuzqEFAG+VUl0Cz0T64o+nvyxJWwoyAEIQjfbEcbdLfhTfavsnfrLeXWrM7/pgmT5t/6drisD3tACEIQgvCzI5nG9nyCmckM87xw7z9r+xT6eqPZKJsQCIQgBCEI32BHe5PWPOZtST15ZT9gkH1iNhQ2N5bZGMD2+rN/y46CEIQgfLMd3VqXeVTwRHUxD0W2FisLTvpP7AfQs2toflA0wR4IQQhCEL5H26h9+w5bY5Mtzdt6oLGvfXiz3eya+Ge+5TnKBEIQgvBbIHwi/m7wa0KLbVWdHdVpavEs1nquwGhGLN70/xUQghCEILy0o1djVvNQJEPxdoSgMWZZ8dBj3wQqfYQGQhCCEIRvrii2P9yfqJWzCiSrBLaB0JVty0bkMpjn4L1uJA2EIAQhCI/CmGxhNQuxMZZZ8ZBZzawIycr3xuD1FU52B9hREIIQhG8OZq5s5HOhfxNCNHFLds3NuFxWVGRbw3ZrvvrJAEIQghCEn41fFsRvF/oTFnFrqPqY6qrYyLbCfovcRlDzewVCEIIQhO+EcP7A+hGn3pJlm8V2AWUlQRZHbeOxzHhvK5Dt9gRCEIIQhG+uKK4GqfvQfL7ItpXA74x3bTesBrz+Pjd2/XXDayAEIQhBWDy2frnPA56nI6XsU5o72ccbTUWxvaqszGBHQQhCEH5jMHMVXjd29Ba5bSAxiXm21n0bID0N8+9s3CAEIQhB+J5gJgtLmn81N6jZ9WRhyfabNsV6dsduQ6Am0PrwMAaEIAQhCGtTujWE27A7s6ZNKTL5jrdW8zYmyTbBJ+yisTUQghCE32hHm9Hkq2GrW6OVRfzZ/cnepzGcT2B/9a1BCEIQgvBtdjQbR2og3A6mZThtzfY8iJ/DP7e+TY2U3cN+ywMhCEEIwvdD2ATrzfLKrFoT/Mw3lCyaaur1vhDaDhX0r3xRJANCEIIQhEv8njh21NjUrQ1raoltWLLdtrbX3/w0aIqZzJaDEIQgBOE7K4osns4eydb2XMXi/eh5f2d+p/TPDO0TJQ0IQQhCEL4/mMkilj4muTqINC8tMqO4DZwaK769hj4KajZcEIIQhCB8mx19rhLoh56ya5sbvyYm2drjBrzMIm6LqOwTm60KhCAEIQg/O57pDUYzhnZVCWQmPCtjtt9ra+mv7H1WRGUlBwhBCEIQvseOzm9xP3x8VVE05UoThGTjDdvKJHsijUVsqojtdgNCEIIQhG8oJ7KFtX2c2XLMRsz7QefMxm83giv4+3js6j6AEIQgBOFnQzixNFn0sl3029dk32K76P+tgbJtKbL9cdEETtlPDxCCEIQgfEM5kdmqLLa+Ou7U2Okeg6aeyWKqq7CtOSR1FQWBEIQgBOEbLOjVWPY2qMhsZA/J1pJl4+DzK2nCkqsBtKurAiEIQQjCNwQzT1TY2WGZxuxtbW1mvbb3sIk6GpP5p1YGOQhBCEIQvg3CJ6xIdkQoM2lZ4dHXIf2IX2PCs+Gy+faxNdsqChCCEITfCGG2gLKavjmClJnqJ4ahm2HxrGpvaoYtSCoKEIIQhN9YUdwu6O0A15XJzGqVq8M+cwC2Nck2dNluUtvnvv3uIAQhCEH4Bggbm9fX8c1yfG4ZbU1yZv+ymKovS7K1ka0cEIIQhCB8QzDTH+TJln4zENdEI1kJ0Y+w3d7hLG65OjD10roChCAEIQjHSy0zJ9n41TbaaZb1dtNp6v7Gxmffa25cmwH0V8czIAQhCEFYoHUbmcyv6rbKzxZrFj71hUdTLWRbQGPmX2FKQQhCEIJwuej7ZXc1ctUEMM07Z9+iKWDm75ANCWSl0fYKQQhCEILwbXY0U/NItmPQ2SLe/tdtXNQcI7r6rCzcyoxx8/4gBCEIQfiGYKa3Sdt/uw0PGsCyV/Ylez/4lg2jN6P2zSA+CEEIQhC+v6K4HYzul8Jkg8hGpbdgNMVJ9n2b12xr9CsjDUIQghCE3wjhNuDu7WI2grw1k1dVR1PY9INsV9XOEz8xQAhCEILw/cFMM9DcmMCreONqkfUVTgbkrZ6rrLZPFoQgBCEIPxvCzCjOD8s0YwDb0GVyzc0rb6uXpijqq6DtIPtLUQQhCEEIwmVIsw0h+rh/HrI3FXNvTecBfWa8b4uN7Ltvgx8VBQhBCMJvgTCzE81RpgzOrfFrCo/bMqAfkd8WJFdozZ8FCEEIQhC+E8L5j/LbGmPyWbchUzZe11jZrARqQpcsMJsD5igTCEEIwu+tKLLw4GnLlxUS2djXFRJXwU9///ttrv/JAEIQghCEnw3hbRyyNYTPWdPbMatm/KAZSb+q0bN4bPs3IAQhCEH4zmCmAW9uWZuqdxviN6HIdvy6L28yy51tQE210AdvIAQhCEH42fg1Mf0Tn5jZnu14V7ZJNXHO9rtMruRq6K+pXoytgRCEIHyzHX0C3aww2IYQWVC+DSSes4W3IU3/FLKfCewoCEEIwu+CcBsYzBdHdggoG8hubHZ2wOdqIDu7n5mNvLKU7CgIQQjC76oosgXa/E1jbufYXI3UbQcAmlG4bIN4brxh+0oQghCEIHxPRTGPPRrr2D+kbKD56shvb8OaYbcMjHmo1h9JAyEIQQjC9wczt8NN8wihMZlNBD8ffc5GzJpDVVnJkQ05NMPZTRQEQhCCEIRvs6PzkKM5StNbu3mkkYUuWSXQI73dPprNZWvyX1RUgBCEIATheHFkN7QZ9b4KJLJ3yyqZrKjojXFv+PvNaH7HQAhCEILwPRBuF1AW0ly9somIemyeu55+1G4bGs1tc//sQAhCEILwbcFM8xga4zQPOeZI9GYvu1dXx6y2VVA/apdBDkIQghCEb4NwC+ft2Fo/xpUZpKvxsduwqg9Xsk2wKZ9ehyUIQQhCEP5KkLOF87bq2EYmVwNlczO5HbjbXsPcmk7saDMODkIQghCE7wlmsiM/2bD1HIbs3ba1+BaYrFrIbPD2PmyNejO21od5IAQhCEH4qfZya0G3w75XB3+uqo7toZ7MxGbFQz8G2KDyRAEDQhCCEITvrCIaK7Jd6E1JsEWiGfvOAvrt4aD+njSA9T9YQAhCEILweyFsYpLmyExTCTRl9BbyeaCS4d0URY2h3X47EIIQhCD8dgibOH4bIWyr5KujOlejz1eFRxaVNRVFdqgKhCAEIQi/t6LYRi/P1b5X485b49ffpe3W0Hyv7Ra5rWqyFQVCEIIQhJ8H4XMHVfpCuRnmmkcs2++YjZI1Q3lNUHRl1682LBCCEIQgJCIQEoGQiEBIBEIiAiERCIkIhEQgJCIQEoGQiEBIBEIiAiERCIkIhEQgJCIQEoGQiEBIBEIiAiERCIkIhEQgJCIQEoGQiEBIBEIiAiERCIkIhEQgJCIQEoGQiEBIBEIiAiERCIkIhEQgJCIQEoGQiEBIBEIiAiERCIkIhEQgJKIf9H8qQDJHpilTswAAAABJRU5ErkJggg==\"\n }\n },\n \"nextOp\": [\n \"credSubmit\",\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"8A317/A1JiQe.....ce5/paoVOWw\"\n}" + } + ] + }, + { + "name": "Step 4: Submit Factor Credentials", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": " { \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the requestState that was received in the Step 3 response. Note that the Request payload doesn't contain the authFactor attribute since the requestState contains it.\r\n\r\nNote: See Step 4a for the \"Pending\" response example. \r\n\r\nThe requestState in the response contains the following information:\r\n\r\n- requestId\r\n- deviceId\r\n- creationTime\r\n- tenantName\r\n- appName" + }, + "response": [ + { + "name": "Response to Step 4: Online TOTP Enrollment Submit Factor Credentials", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": " { \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"8A317/A1JiQe.....dce5/paoVOWw\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1959", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 16:55:15 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "h9cWg0T3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's iPhone\",\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"eyZa+10USFR7.....6I2vnfK82hnQ\"\n}" + } + ] + }, + { + "name": "Step 4a: Submit Factor Credentials - Pending", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": " { \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the requestState that was received in the Step 3 response. Note that the Request payload doesn't contain the authFactor attribute since the requestState contains it.\r\n\r\nIf the credentials attribute is empty in the request, then the following are the optional responses from server:\r\n\r\n-\"status\"=\"pending\" (This status appears when the OMA app to server back-channel communication is not completed)\r\n\r\n-\"status\"=\"success\" (This status appears when the OMA app to server back-channel communication is completed and the optCode verification is successful).\r\n\r\nThe client keeps polling if the \"otpCode\" = null every 10 secs and continues to poll for two minutes. After two minutes, the server sends the failed status.\r\n\r\nThe requestState in the response contains the following information:\r\n\r\n- requestId\r\n- deviceId\r\n- creationTime\r\n- tenantName\r\n- appName" + }, + "response": [ + { + "name": "Success Response to Step 4a: Submit Factor Credentials", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": " { \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2045", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Mon, 04 Jun 2018 17:43:07 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "N1hJZ1HB000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's iPhone\",\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"nofIeqDqCO5S..........7tCGS0O0hwsJJ47IEcGqdXQ\"\n}" + }, + { + "name": "Pending Response to Step 4: Submit Factor Credentials for Online TOTP Enrollment", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": " { \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1982", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Mon, 04 Jun 2018 17:39:19 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "h9cWg0l6000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"pending\",\n \"cause\": [\n {\n \"code\": \"AUTH-1109\",\n \"message\": \"Enrollment in the One-Time Passcode authentication method is pending verification.\"\n }\n ],\n \"nextOp\": [\n \"credSubmit\",\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"1bYZJeyi6bcp..........74RXYKmbdiZfVW8y7tNc\"\n}" + } + ] + }, + { + "name": "Step 5: Create Token After Enrollment is Complete", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step replicates the \"Done\" functionality where the client says \"I am done with all authnFactors and need a session created\".\n\nThe server validates that no other factor evaluation (depending on what is defined for the policy) is needed and responds with the token or denies access." + }, + "response": [ + { + "name": "Response to Step 5: Create Token After Enrollment is Complete", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"eyZa+10USFR7.....6I2vnfK82hnQ\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2139", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 16:55:35 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "h9cWg0U3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....Wyhr1erJFLbA\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "A mobile app uses either OTP or push notifications to prove that the user has possession of the mobile device. Only the mobile app that is in possession of the user's secret key can generate a valid OTP. Provisioning the secret key can be done online or offline. \r\n \r\nThis enrollment scenario is using the user's credentials, the requestState, and the online MFA TOTP.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "SMS Enrollment", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName=PCTrustedApp", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "PCTrustedApp" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 16 May 2018 18:50:35 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "_rMg50C2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"BbTXyWkDo/qk.....7nyW7Jpk/CSI\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"{{username}}\",\r\n \"password\": \"{{password}}\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the username and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"enrollment\" indicates that the user should enroll in an MFA factor as the next step.\r\n\r\nNote that BYPASSCODE is missing in the response since the user can't enroll using a Bypass Code. The Bypass Code should be generated by the user using My Profile or by requesting that an administrator generate one for them.\r\n\r\nThe policy evaluation happens in the background and the next applicable operation (either enrollment or authentication) is sent in the response." + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"username\",\r\n \"password\": \"password\"\r\n },\r\n \"requestState\": \"BbTXyWkDo/qk.....7nyW7Jpk/CSI\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2053", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 16 May 2018 18:51:34 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "h01ae1O2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"PUSH\",\n \"TOTP\",\n \"SMS\",\n \"EMAIL\",\n \"SECURITY_QUESTIONS\"\n ],\n \"TOTP\": {\n \"credentials\": [\n \"offlineTotp\"\n ]\n },\n \"SMS\": {\n \"credentials\": [\n \"phoneNumber\"\n ]\n },\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"g+6tpWoSvgDE.....l510kyzyC+mI\"\n}" + } + ] + }, + { + "name": "Step 3: Initiate SMS Enrollment Request", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SMS\",\r\n \"credentials\":{ \r\n \"phoneNumber\":\"15555555555\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to enroll in the SMS factor. You must include in this request the requestState that was received in the Step 2 response.\r\n\r\nThe request contains the phone number that is to be registered for SMS.\r\n\r\nIn the response:\r\nThe nextOp value indicates that the client should submit the factor credentials (the OTP) in the next step." + }, + "response": [ + { + "name": "Response to Step 3: SMS Enrollment Request", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SMS\",\r\n \"credentials\":{ \r\n \"phoneNumber\":\"15555555555\"\r\n },\r\n \"requestState\":\"g+6tpWoSvgDE.....l510kyzyC+mI\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2081", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 16 May 2018 18:51:58 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "h01ae1P2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"155XXXXX555\",\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"createToken\",\n \"createSession\",\n \"resendCode\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"K8fwlKlnedfx.....JjeI8bcrm6ts\"\n}" + } + ] + }, + { + "name": "Step 3a: SMS Enrollment Request - Resend SMS", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"resendCode\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to have the OTP code resent (\"op\":\"resendCode\") and contains the requestState that was received in the Step 2 response.\r\n\r\nThe requestState in the response contains the following:\r\n\r\n- phoneNumber\r\n- deviceId\r\n- requestId\r\n- tenantName\r\n- appName\r\n- ecid" + }, + "response": [ + { + "name": "Response to Step 3a: SMS Enrollment Request - Resend SMS", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"resendCode\",\r\n \"requestState\":\"xKzXeO8mAb3M.....FljVOQ3boctQ\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Connection", + "value": "keep-alive", + "name": "Connection", + "description": "Options that are desired for the connection" + }, + { + "key": "Content-Type", + "value": "application/json;charset=utf-8", + "name": "Content-Type", + "description": "The mime type of this content" + }, + { + "key": "Content-encoding", + "value": "gzip", + "name": "Content-encoding", + "description": "The type of encoding used on the data." + }, + { + "key": "Date", + "value": "Fri, 11 May 2018 21:22:43 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Server", + "value": "LBAAS", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Transfer-Encoding", + "value": "chunked", + "name": "Transfer-Encoding", + "description": "The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity." + }, + { + "key": "Vary", + "value": "accept-encoding", + "name": "Vary", + "description": "Tells downstream proxies how to match future request headers to decide whether the cached response can be used rather than requesting a fresh one from the origin server." + }, + { + "key": "Via", + "value": "1.1 net-idcs-config", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "1G0Bi0FRI00000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"resendCode\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": true\n },\n \"requestState\": \"pWbYwFPpUPYW.....xPFaYmmwpEu8\",\n \"nextAuthFactors\": [\n \"SMS\"\n ]\n}" + } + ] + }, + { + "name": "Step 4: Submit Factor Credentials", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"290850\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the factor credentials and the requestState that was received in the Step 3 response.\r\n\r\nThe otpCode is the code received via SMS when enrollment was initiated.\r\n\r\n\"authFactor\": \"SMS\" is removed from request payload as this is present in requestState, along with deviceId and requestId.\r\n\r\nIn the response:\r\n\r\n\"nextOp\": \"createToken\" indicates that the client can request the token in the next request.\r\n\r\nThe user can also choose to continue to enroll in other factors. Should the user continue to enroll, an extra call should be made to get the details of all factors (Get Backup Factors) that a user can enroll in." + }, + "response": [ + { + "name": "Response to Step 4: SMS Enrollment Submit Factor Credentials", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"290850\"\r\n },\r\n \"requestState\":\"K8fwlKlnedfx.....JjeI8bcrm6ts\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2170", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 16 May 2018 18:53:08 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "PK_rs0z0000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"155XXXXX555\",\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"oMxI7qz2yjVH.....fRnkIX/q2YVw\"\n}" + } + ] + }, + { + "name": "Step 5: Create Token After Enrollment is Complete", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step replicates the \"Done\" functionality where the client says \"I am done with all authnFactors and need a session created\".\n\nThe server validates that no other factor evaluation (depending on what is defined for the policy) is needed and responds with the token or denies access." + }, + "response": [ + { + "name": "Response to Step 5: Create Token After Enrollment is Complete", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"oMxI7qz2yjVH.....fRnkIX/q2YVw\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName=PCTrustedApp", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "PCTrustedApp" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2318", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 01:38:16 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "PK_rs0J1000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....LaTtKGVhjHcg\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "EMAIL Enrollment", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Connection", + "value": "keep-alive", + "name": "Connection", + "description": "Options that are desired for the connection" + }, + { + "key": "Content-Type", + "value": "application/json;charset=utf-8", + "name": "Content-Type", + "description": "The mime type of this content" + }, + { + "key": "Content-encoding", + "value": "gzip", + "name": "Content-encoding", + "description": "The type of encoding used on the data." + }, + { + "key": "Date", + "value": "Fri, 11 May 2018 21:38:23 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Server", + "value": "LBAAS", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Transfer-Encoding", + "value": "chunked", + "name": "Transfer-Encoding", + "description": "The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity." + }, + { + "key": "Vary", + "value": "accept-encoding", + "name": "Vary", + "description": "Tells downstream proxies how to match future request headers to decide whether the cached response can be used rather than requesting a fresh one from the origin server." + }, + { + "key": "Via", + "value": "1.1 net-idcs-config", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "7Ste^0C7F00000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextOp\": [\n \"credSubmit\"\n ],\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"requestState\": \"ex5H1AodvPT3.....vMcvHKOhrnzo\"\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"{{username}}\",\r\n \"password\": \"{{password}}\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the username and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"enrollment\" indicates that the user should enroll in an MFA factor as the next step.\r\n\r\nNote that BYPASSCODE is missing in the response since the user can't enroll using a Bypass Code. The Bypass Code should be generated by the user using My Profile or by requesting that an administrator generate one for them.\r\n\r\nThe policy evaluation happens in the background and the next applicable operation (either enrollment or authentication) is sent in the response." + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"username\",\r\n \"password\": \"password\"\r\n },\r\n \"requestState\": \"ex5H1AodvPT3.....vMcvHKOhrnzo\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Connection", + "value": "keep-alive", + "name": "Connection", + "description": "Options that are desired for the connection" + }, + { + "key": "Content-Type", + "value": "application/json;charset=utf-8", + "name": "Content-Type", + "description": "The mime type of this content" + }, + { + "key": "Content-encoding", + "value": "gzip", + "name": "Content-encoding", + "description": "The type of encoding used on the data." + }, + { + "key": "Date", + "value": "Fri, 11 May 2018 21:27:28 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Server", + "value": "LBAAS", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Transfer-Encoding", + "value": "chunked", + "name": "Transfer-Encoding", + "description": "The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity." + }, + { + "key": "Vary", + "value": "accept-encoding", + "name": "Vary", + "description": "Tells downstream proxies how to match future request headers to decide whether the cached response can be used rather than requesting a fresh one from the origin server." + }, + { + "key": "Via", + "value": "1.1 net-idcs-config", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "dC7Cj1EPH00000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"PUSH\",\n \"TOTP\",\n \"SMS\",\n \"EMAIL\",\n \"SECURITY_QUESTIONS\"\n ],\n \"TOTP\": {\n \"credentials\": [\n \"offlineTotp\"\n ]\n },\n \"SMS\": {\n \"credentials\": [\n \"phoneNumber\"\n ]\n },\n \"nextOp\": [\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": true\n },\n \"requestState\": \"rHmsA5+tJsld.....DIYG0UxI9jVo\"\n}" + } + ] + }, + { + "name": "Step 3: Initiate EMAIL Enrollment Request", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\", \r\n \"authFactor\":\"EMAIL\", \r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to enroll in the EMAIL factor. You must include in this request the requestState that was received in the Step 2 response.\r\n\r\nThe response indicates that the client should submit the otpCode that was received in an email in the next step request.\r\n\r\nThe nextOp attribute also includes the resendCode value, which allows the user to request that the OTP be resent again in an email (see Step 3a: EMAIL enrollment Request - Resend OTP)\r\n\r\nThe nextOp attribute also includes the enrollment value, which allows the user to switch to another factor during enrollment (see the Switch to Another Factor During Enrollment folder)." + }, + "response": [ + { + "name": "Response to Step 3: EMAIL Enrollment Request", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\", \r\n \"authFactor\":\"EMAIL\", \r\n \"requestState\":\"rHmsA5+tJsld.....DIYG0UxI9jVo\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"EMAIL\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"resendCode\",\n \"enrollment\"\n ],\n \"requestState\": \"cInDS7fNy61X.....7M9y7nkDm+6Q\"\n}" + } + ] + }, + { + "name": "Step 3a: EMAIL Enrollment Request - Resend OTP", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"resendCode\",\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to have the OTP code resent (\"op\":\"resendCode\") and contains the requestState that was received in the Step 2 response." + }, + "response": [ + { + "name": "Response to Step 3a: Email Enrollment Request - Resend OTP", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"resendCode\",\r\n \"requestState\": \"cInDS7fNy61X.....7M9y7nkDm+6Q\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1997", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 23 May 2018 22:51:33 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zy5OP0C5000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"EMAIL\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"createToken\",\n \"createSession\",\n \"resendCode\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"JnEpHgkfYxIN.....JACIoedel0Qwk\",\n \"nextAuthFactors\": [\n \"EMAIL\"\n ]\n}" + } + ] + }, + { + "name": "Step 4: Submit Factor Credentials", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \"credentials\": {\r\n \"otpCode\": \"091804\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the factor credentials and the requestState that was received in the Step 3 response.\r\n\r\nThe requestState used in this request contains:\r\n- deviceId\r\n- requestId\r\n- authFactor\r\n\r\nIn the response:\r\n\"nextOp\": \"createToken\" indicates that the client can request the token in the next request.\r\n\r\nThe user can also choose to continue to enroll in other factors. Should the user continue to enroll, an extra call should be made to get the details of all factors (Get Backup Factors) that a user can enroll in." + }, + "response": [ + { + "name": "Response to Step 4: EMAIL Enrollment Submit Factor Credentials", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \"credentials\": {\r\n \"otpCode\": \"213409\"\r\n },\r\n \"requestState\": \"JnEpHgkfYxIN.....ACIoedel0Qwk\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2118", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 23 May 2018 22:52:14 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Ao^0O0Z4000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"displayname\",\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"wKhrMXHoWyNp.....TSd2Y+0ucCeY\"\n}" + } + ] + }, + { + "name": "Step 5: Create Token After Enrollment is Complete", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step replicates the \"Done\" functionality where the client says \"I am done with all authnFactors and need a session created\".\n\nThe server validates that no other factor evaluation (depending on what is defined for the policy) is needed and responds with the token or denies access." + }, + "response": [ + { + "name": "Response to Step 5: Create Token After Enrollment is Complete", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"wKhrMXHoWyNp.....Sd2Y+0ucCeY\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2226", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 23 May 2018 22:52:47 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "h9cWg0C3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....P1l4oH1XQwhPA\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Security Questions Enrollment", + "item": [ + { + "name": "Security Questions Enrollment Using Accept-Language Header", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + }, + { + "key": "Accept-Language", + "value": "fr-CH" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The Accept-Language Header is also specified in this example. The appName is optional, but is used in this step for testing purposes. \n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + }, + { + "key": "Accept-Language", + "value": "en-US, fr-CH" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "667", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 23:14:54 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "WBAdy0c8000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"requestState\":\"gF1FMQ2Dmg0c1b/1gDLd6nbkAuJnmPyofeLJdcCEfr7PiLzxYxfvDGswki05OuscPN+iuAci4lmvD3wku0WqGP6JZZf/n8jEpLbk4qJAiqV5sFce8QVwW8fSG0/q1A0quT2CS5WgpyRpaIiIK5l/S8cTYUTVLY9EotuyTdy29mPOyZAdudA1tVI0w756qFKoQFUzpZKlC/3GBIuwXmowss2fY2RjVBV3HvBZcko67HfI1xc7Yh3Vt7TSbVzqgGgOceDcuQLFsBvdxTUtQFzOkw+T7avTiPb9s969sD1z+aY~Zx6HjrHCfR96LjDTz7pu0sJH5Kj044U890g+1r9YdFo\",\"nextOp\":[\"credSubmit\",\"chooseIDP\"],\"USERNAME_PASSWORD\":{\"credentials\":[\"username\",\"password\"]},\"nextAuthFactors\":[\"USERNAME_PASSWORD\",\"IDP\"],\"status\":\"success\",\"IDP\":{\"configuredIDPs\":[{\"idpId\":\"aeacac5ce62f41749a4f0ea77b85aa43\",\"idpName\":\"Google\",\"idpType\":\"Social\"}],\"credentials\":[\"idpId\",\"idpType\"]}}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + }, + { + "key": "Accept-Language", + "value": "fr-CH" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"{{username}}\",\r\n \"password\": \"{{password}}\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the username and password, the requestState that was received in the Step 1 response, and the Accept-Language Header is specified.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"enrollment\" indicates that the user should enroll in an MFA factor as the next step.\r\n\r\nNote that BYPASSCODE is missing in the response since the user can't enroll using a Bypass Code. The Bypass Code should be generated by the user using My Profile or by requesting that an administrator generate one for them.\r\n\r\nThe policy evaluation happens in the background and the next applicable operation (either enrollment or authentication) is sent in the response." + }, + "response": [ + { + "name": "Response to Step 2: Username/Password Submisstion", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + }, + { + "key": "Accept-Language", + "value": "en-US, fr-CH" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"username\",\r\n \"password\": \"password\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1989", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 23:15:44 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "DbVW614A000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"success\",\"nextAuthFactors\":[\"PUSH\",\"TOTP\",\"SMS\",\"EMAIL\",\"SECURITY_QUESTIONS\"],\"TOTP\":{\"credentials\":[\"offlineTotp\"]},\"SMS\":{\"credentials\":[\"phoneNumber\"]},\"nextOp\":[\"createToken\",\"createSession\",\"enrollment\"],\"mfaSettings\":{\"enrollmentRequired\":false},\"requestState\":\"z7ma/v+cR1Kl81KWEi9q+LgGrNMLaH1IiWUOXG/Z98CDaSj51sFxnMvTJHAqqczjN/Zn5MGWBq33EZz5srBiaFw2jzlhrpoKxyvNhJMKpmY1sdNeW7pBIyMud2hFaBztoZPWwCN4iWTnMREoWO7qZ1mXHW2bwbGMb0euz8iEWdddPlSgjol3ZWxHwmCGK7Dr0LxET4/dwbExVo7CPpMm+dydv5mchOTa+tAc1+VhjXDxysCIvfI0QGMvz/8WCM85UlxM5wYjQwxcmiw3j7OOJK7b8f5jOmdZGioW+sGB8lSufK1b2u2k7dd8x2HDlFxKJiLpWSvfOCasSD9j6ImiaOMZiojKmHvpX694C8R/gFjknXhzwPWmIZtqVlw1+Ur2vAAYt2zD0wqSObCxU12qB/Gmr9z2LjC+jHOzqdKqZq7HailyNrDmiuko5Gmu9plr/XrKuJzItcsoQ3JSYUhC072qX69Djgmcv4JKfMgY5MnY5lirJLNtoUUu9CgeO4xP2oQs32P37VDKd2wd93whgwPNADuKt/BqnvzM660gulaaqY2SmWCiNLZIKRqpoyIIhjVBS/XRTbXnfep6FxVqr/8YDDHIw8wgs7woFEXT5C4/TWvlqaZvXukK3DnhmBTo1xtgybAbYK16l3DVpJCHO0+2Ghj69hVBF61y1DnuqxZqpzbInEEYrOFu4koEIZ05QbZzC3J6idbDWwz/84y7Bm537INdYuk9AUScuX1F1sOLOnAmtMeKJIuOxXGOs0kiOmTMRgKjZyT6ktpsPErnCQNgG2tiTH0L80QSKbKISB1bnYPLKH1aLONG0UrS0Tp8hUOZUPU4srCz+9cwAsjCe3suaDVgA0YW7HPNGSrlPy3KRnFtVynQPm+eLxzRuoe2zzWW4/YPCoZzAQcN6sgEzg0FEijGqmWbWq3T23NjMXE/2vUETB4wGJAAj7TCCcvByEKfkb8Ab7ymkcuH2J2vZp0rVHQYMQbnz6J65V9MTnQjiskB46x09Q0seEzEiCWh1aHj3YA2Lht+Fo737XnNkd462diYCrdZzxW370DXuewHEu5wYUKQ8zYShtUmT9KY12Uo2QKrwvH7WLeIdm3yIyJ9H5NCnW3eifAjL+RmWvH3NtzyxghdaddDe+2omHRPwYB0Sa4PPwsVEMudPWHoyzK1CIs/A0EPjMkNbIkuxUYy/k2ND8vVDjxZudG/gnk3PX95qNzYHaSx6+d3J/Qw/1NOxYY5P15TQugmvXJSfE/Yw65yVFGJi/VnoZJNtC9Ve0Ay5ZIlqOFz0Xqjij8gMXZfhKvRdG/UNeFwU0xgRhETc4kL0pS8E0n5rNDojzTjsKEwSNH04jBa8i0dZzfIvZDne8XS6feKsTVZqdmq3OzR0uVdhCpUNKqhVHgMMOxt3w+xXh3Nc5h2b71CdEBESQZThqBNF827DUVyEt43BL8bMp8os/OhOtFnAi8eHRPSFH3bp6v+v77dQKd2hYOzdM/URMKDogKD/sz/TSDFjUr7zVPjuW4Fn5993Zj+NdLfJKhxBfug3RMod5F93dvCODCXUCAnKjoGxORzTPO273Ye5DySDXFqWmZpuyvMsaEKjunBUB+3p4KXK0J2NPCVLFo769x8X7QlG6GnjiijHHi7gI22D8c/1cAsv1Qn0ycb~GD87X1gZdG9WG4d2DaQ8DYrnudamx1L/UF1mMb8uGTg\"}" + } + ] + }, + { + "name": "Step 3: Initiate Security Questions Enrollment Request", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + }, + { + "key": "Accept-Language", + "value": "fr-CH" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SECURITY_QUESTIONS\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to enroll in the Security Questions factor. You must include in this request the requestState that was received in the Step 2 response. The Accept-Language Header is also specified in this example.\r\n\r\nIn the response:\r\n \r\nThe response includes all of the available questions that a user can answer. The \"numQuestionsToSetup\" value defines how many questions that the user must answer in the next step request.\r\n\r\nThe requestState in the response contains the following information:\r\n\r\n- creationTime\r\n- tenantName\r\n- appName\r\n- ecid" + }, + "response": [ + { + "name": "Response to Step 3: Initiate Security Questions Enrollment Request", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + }, + { + "key": "Accept-Language", + "value": "en-US, fr-CH" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SECURITY_QUESTIONS\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "5320", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 23:16:17 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "NjvHo0oA000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"success\",\"SECURITY_QUESTIONS\":{\"credentials\":[\"questionId\",\"answer\",\"hint\"],\"secQuesSettings\":{\"numQuestionsToSetup\":\"3\",\"minAnswerLength\":\"6\",\"numQuestionsToAns\":\"1\",\"maxFieldLength\":\"100\"},\"questions\":[{\"questionId\":\"FavoriteMovie\",\"text\":\"What's your favorite movie?\"},{\"questionId\":\"FavoriteTeam\",\"text\":\"What's your favorite sports team?\"},{\"questionId\":\"DreamJob\",\"text\":\"What's your dream job?\"},{\"questionId\":\"FirstPet\",\"text\":\"What's your first pet's name?\"},{\"questionId\":\"ChildhoodHero\",\"text\":\"Who's your childhood hero?\"},{\"questionId\":\"FirstCar\",\"text\":\"What's the model of your first car?\"},{\"questionId\":\"FirstTimeOnPlane\",\"text\":\"Where'd you go the first time you flew?\"},{\"questionId\":\"FavoriteSportsPerson\",\"text\":\"Who's your favorite player?\"},{\"questionId\":\"FirstMovie\",\"text\":\"What's the first movie you saw?\"},{\"questionId\":\"MaidenName\",\"text\":\"What's your mother's maiden name?\"},{\"questionId\":\"FavoriteFood\",\"text\":\"What's your favorite food?\"},{\"questionId\":\"FavoriteToy\",\"text\":\"What's your favorite childhood toy?\"},{\"questionId\":\"FavoriteBook\",\"text\":\"What's your favorite book?\"},{\"questionId\":\"FirstManager\",\"text\":\"What's the first name of your first manager?\"},{\"questionId\":\"FavoriteTeacher\",\"text\":\"What's your favorite teacher's name?\"}]},\"nextOp\":[\"credSubmit\",\"createToken\",\"createSession\",\"enrollment\"],\"mfaSettings\":{\"enrollmentRequired\":false},\"requestState\":\"I0ObeZeQR1uN4XcNql4aeby8zZCAr4pssbuDRDwYBiTtb1KzobYET4xdMpswjMmgtnf5OIZ0LwKyNb8uoOj3Nda9RXliHqjLG1z/7LDZCjo9o/sbsBjrZi2eJ67L6igB8w9pdAUhwge2hftzvy4CvfLCvGUJxLk5P2MuAycR0Ylq8uwiwNpJikLw1S5neZlHvFTNgP0w/xFEUxekPzhpnV8BhZ6sVYBC64ikRspQFaWVPCO2G3BozWtzmRE5rSfBN54ALiabOopCRr9N1sjBpGYKiBA3+7A0/66YxKGe84bUf3ESBspEmJIYZhwqdEaFAsDgN6QfDIA2IRdKt/pbuFM3VBUYNZNCOFKF3Nhq7Z0GN22awYQAYCh77CqPj5RoZ47IHua5qin3sgbw9OTGpkJEx4WhJpuCJVuY2OpsM56XzLsJRKPdB7kDXQGFo4yxqzPsUQIJhU0cmSGhL91mUNCOA1NFeqmFG9Z0dp0Zg5xArtB9OGjUaP6pqXRd6IPg7RY1zmO1nDPdKumvKZLPJAlJNnILjeayt2y8SAMYLDF+cpFCaUXOq98sEvZqEYeHTHkz7oln7oQFSbamldmSR/fewuvQqFEsMRYGoYjUQUWSbI9UpKVq9EdJToU6Wr+XMDE6PLQBXMbP9urajmzMN80hVzputayvaoArs2eV/YDB+4OyWmrGbe49Sr2mK9pNV8asWxRZF0OdsZuCgEkOy2BTv7tBR8QY55+gX0gTvLLI+AnCZyq1jp131WFW1NHl34i6tYOWkCB63gRIz/Q5cr2IvadMRoYrmTFKCr/oUps/zLiKIOTm0el5Np+7eG5o5YiOPEYqJUaROwBRfiBhaL9IWn9+40Nv+2Geudwb9uhYO93HprE1gBhcBY94oN2IOg9cN2eMKkPOH9iPfH08xdQhqMVEMFTDvoc4I2B/UtxragHfwHytV9u0f/7KNLuamZy7PupkbwukYc+VYhXM/zbns9mgHh+1RN1ILFYE6SyH+1iPJr1hfPKsdDOy3hyl9oJcklUlNm+78EVQ+Dn7E1GObtkZwTPu7Uj8ypwdJspmmymDfm4P8lcuyREwsZwSjiFwT0RiwFnmkwPw6B0xe2DTc2RnX/fGAWFUHtEJsn71wqteUIApF0/xCkwpbfndARCrHhhvk0Ag9iEWG36d6ZdhDhrEx7nOfW6LNcadzOpbaXwcLsCjQeDS4/TU5XuLImKcnNHa5jG7XO34Odcx7yFU/r5/K6XgR1or8pyV014k5tPACzn1YTKbH1a4GhTgarkBw6VimPoNUXzW9ek9LGhUMh9XZb+2HBI6IEuz1PY+7vMnOqQqz7ScGvvQHRh4QN9xNgRvFtqYgKPgzykUm5DQudLFhuvC/uRen6wY1OhW7Iy5CHQiipik1pyUaU/khlumCTqRWrOWMjxMw7Cy/TiZOvBK8YdYGO33kxvAzJSpAwtphDsLnAwbNnh0BcvYYCk61HPVrDvCiiwH8SdxDalaSQN3GY5/TR7VV7469qWic1QzcIj4Jf2DnU2F/kfck//LcjYHcTwqJumonXMvrwMw6SRbKQlrmrlwvwFmvJfqzCxNLV+VKtDpFYyZT9zLwT17qNCL3TAHy99rJPVx8TEPmY5AomuIlPWtzilccdnUvfIbBtJ8wwCeGunJkthOpsHqWZPjLKEewV39f6bzvFeR7V4AFK0/uNSYbJwMgGUbWPlM0tbTgz9yxUc1QYIgNgp/k1nQS8eC+00mE6C4KiE+VAFVOCTMmTW4f2jTWVKLb39zEHka59UZcFS27PlDV2iXdSlzPxeQ4ht0hCMe2VbCo86VapXNTG7AyBuLruYt6Vd9tHRdhZSkw+LfWPhwhAGPcwp4BM7IFVj09pYtelAoceFW/a7886N+VxyNv+4PSlNkC845iJCKeCLH2zTgavjfLZ+hahwRSFVJN9rb3ltRfuQrIJpE+J+cDg7GyNFXn1xdynTHiuNnph7JrCaR+ZBbW9ChhQMxvB4EB3WWdb5rgO6iZzx0GMA3wG2zb1WPHYl+6CO0yNbrvbEyBv51EkVBXxWj85yX4D9bxMEXyHwn8nC/ugO9q31fixowVzfjR1mJZUIj7mt6f6HAJH31wZE/HlPS6H1kcrkU4IaaYYl9O3tKC/T3c/34qpueZcY0CMO6JwPq4rNL4rjxVRYaQEvyOENs2tYrgjjUOPwCzEzWCfhXg2x16anY/P3ZQseYLOwbhCHyUw5b7v8l6AtinHJX6f2mWdn+TD7gLIlgm3RQAHmpJLVqcYiy6qvbalAFpS4VnWIS8U+tIdKItuNikfYBhPhtebNpnXsuu6230jY2H3FfgGQvnRtmoyR04jTstikdX5ADCjs2kIc6rCXLir4o12AT+vO4M3b9RqK8x8mtL64iBNW/YcUbx2CixUS52+NytyB0EJBUTZS9qG4TtOz0wtU3t0L/rK1arneFC8FqTnQjPinMTAoNQOzfL9q4fxsHtXXxMhxyBBKNy4w6x8sVa5BElLGeTIQNW592PuCxEY1Vel2ZRPJMbio+PHKvNPOyZ9mHiIaGH6l0r0hl2IE0bPvcx8VJG01t2QJXA2O9ymkwfLZB2W71RTkhC1v5EWiD9NyAxpDcbIV1EdyvfIMLEju7m/hPhAgbOa66Es5PlNW6b5fjwRUJ5qgqxO6O2i3uBvL86mkl1ANLPZZE/sbOxQDH2MFOa1hVFIF2Zo/uZKolYTfqkqJThiDqIJxXfM1ZwgglDtY/MiQpIrNLBWJxAwqDYqJEPWLmokqPLDAwiQPDY1JUqivRNGpOMGIX6sAeKejnAlZz6yfaMND6gNSQgwBiBED32XLOqh+JY8IUpUdNNJf0acAKHuymkvSDoP9e/Mi0QeeXWivnO9ae/o1doqZuWR2756AlgyXI0n3fdkgpSEN/AfteGEXKPotGnD9l0BKE/KdOfOuZ6ApcAE6ZGEFWpP7vyRzrhRktCaLrZ+X933j7G2ATiGx9LXQEKBGiaytNFp54ZAGpJx27H+ewRGQQ6V19/S5mFbkukGB5ReNZHMwvP8HsNv1mTpQfPfAoNCpGtQvcgvfO87yIC2vhKe5+p9iAT+sYumER30+oB0KjPE1MLtzbbu6hNIJ6Q5pEZxO1iLhxoeLVnBhoesSGhnl9/SlzX3sduu/Kra14qUwKMHhui8GTQgyII7uaR9VMJy4pNqRtnqcGceC/owKlld77E2/hO1lT1AHdAdm+Ec5G3e1z11dFyYu2vasV0XV28EHGKVk85azPHVzGxCCYTUtWPBJ6TrOS5UXJ2Fvft+5Tn4t8yFt4zV4YxmZds5BO0EkbxTyABMMZqHvWzciLrFc965dfi8VPMgcIqvA92bvSfb82TZS1U2xwsq7ywEEOrIy99zlobXy/Vcwf78IOpHEmbU5GmgSrx98gwGAPjipw4wJv0fNQ+EnwEjYssmgxTggLLPnsIgkS+79+phQ1ccjENn0Bm5gI7tveAPOmZHSY35/NjD0OiqK/Gu4shmeV15EVVkbnUj9ElaDwmSesUEcoyELNUAqboIxUITW4riY4dPVS4JVqYExEu6ZZeOLIyx9RaBPiBSpP05nY7RFcDUonT459/I0YtqWS0Y08nDtmRMgEr+0R5kWoUPDdxcPTDIo770QBqeYl578MGhV/JXuYNK7G17lg4qQDDocAgO3p8SMgdBbBtSFOQ5NmQFf7CXqZyPDvbEE+f9XkQ2BwxSH89QgPaJYPTGDYXLTyvjLPb1w4d0lVwz/PINO3YsY5EUlJBTjFCJjave+s4eFPH4kcg5Vxh9fctL4Ip4dtPhat1kYTabZdjO4moXInjuSlkki6sWM5pB+yqXrA88mlkkSdJYqFF9iNOK7e8g~VQzt6CUNYFydaJtbVEVpsS2DxJan+XKCvd+klBBs3CA\"}" + } + ] + }, + { + "name": "Step 4: Submit Factor Credentials", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + }, + { + "key": "Accept-Language", + "value": "fr-CH" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"questions\":[ \r\n { \r\n \"questionId\":\"{{questionId1}}\",\r\n \"answer\":\"Mexican\",\r\n \"hint\":\"Cinco\"\r\n },\r\n { \r\n \"questionId\":\"{{questionId2}}\",\r\n \"answer\":\"dogTessy\",\r\n \"hint\":\"dog and name\"\r\n },\r\n { \r\n \"questionId\":\"{{questionId3}}\",\r\n \"answer\":\"When Harry Met Sally\",\r\n \"hint\":\"Meg Ryan and Billy Crystal\"\r\n }\r\n ]\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the factor credentials, which are the questionId and answers (and optionally a hint) to the security questions that the user wants to answer when prompted to authenticate. This step also includes the requestState that was received in the Step 3 response, and the Accept-Language Header.\r\n\r\nIn the response:\r\n\r\n\"nextOp\": \"createToken\" indicates that the client can request the token in the next request.\r\n\r\nThe user can also choose to continue to enroll in other factors. Should the user continue to enroll, an extra call should be made to get the details of all factors (Get Backup Factors) that a user can enroll in." + }, + "response": [ + { + "name": "Response to Step 4: Submit Factor Credentials for Security Questions Enrollment", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + }, + { + "key": "Accept-Language", + "value": "en-US, fr-CH" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"questions\":[ \r\n { \r\n \"questionId\":\"{{questionId1}}\",\r\n \"answer\":\"Mexican\",\r\n \"hint\":\"Cinco\"\r\n },\r\n { \r\n \"questionId\":\"{{questionId2}}\",\r\n \"answer\":\"dogTessy\",\r\n \"hint\":\"dog and name\"\r\n },\r\n { \r\n \"questionId\":\"{{questionId3}}\",\r\n \"answer\":\"When Harry Met Sally\",\r\n \"hint\":\"Meg Ryan and Billy Crystal\"\r\n }\r\n ]\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1864", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 23:17:47 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zy5OP0IA000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"success\",\"nextOp\":[\"createToken\",\"createSession\",\"enrollment\"],\"requestState\":\"sjFVbYkLnPG4z80Wzq9aDQ+FnKz1op0cYsT6JCDpSa136oqtvcJDIde1GMWkJ6bsYtGNM5U0aSBTghAOw+EYkEHX3EFk52XYY+R+kGHNvBONCwE15xspscuzn5IQXYSZGABrClqdeFjCQbydLwsjoBEIzA0Mmog3eqmLYJC2ePFVnEgQNXAPPGzJlNKBXU8D1jc2Ng/KIChOn5FcmiDGkWFPKRatI4IvmaXL4a0Z01R6P3jO89GjuwHkau5yhLE1GAg4/y20UGJCPuLn4pme6q03iN5MVDKC8v799gVsQtA56ivM9l9W+WBpWkN/XRraGvJv9a/mBhMSdkNdT+39D05LejVNFoTmxC51Of68J8wB++fbE+jDHHjdygS8RlJuqgapJSgIzoD3S+5JXki2e/SeP9JOTHl8dx8cI9DBphefjoh+sUlPaY7/ePwwo23M3ZVb9T0zdni13Yp0GukY9zM/jZ6v9DHU2anBm5Gyc6mIGGUOR7wojyw26bd9iYCaZb45DPBiQ+Ufg1XlX0+FIXrPAZ9TzN5qNYgJdloxMSnlCxnnpObMIZXfBlRBT9wB7xosN+auXBMDrHKfMTuYCArniK/rJjYK4vm+4++m7yI0ipJYViwuSMjkmYfMxiTEkNnkQ7+JzTvtdbJi4cXL0EfOU5jLYKgsmYEG0MAY4fp7wTb6S69jFuUTaMSkTkPhS6CqCwouVCogdXihZe1z/VK97t2GtQ6BOxpuTwebAFV+TglSA3yBhJZ1WiiC85+ph136q6QDD/8yHUd+gpnCu8IhPoa1e0bJtKTx+wIQzV5y2ssYp6TMt/+KwUkHsalgFvGb/hoW9fjZy4leRuXdzazhHf7QPBi3pWs/D92e0vawbs/C27zsIWTMJLc60GNHSb57wIMpv/jpp+oLUdJdEs1r0fVaabyIxukV+ghVS16aQ6S7RIfPbobbEBGeimljuKQloD7RP2tIrRacvWd4SlgJEH0LGrUeM8d3g5aoV+os5j5fACdwfPC0FTuC+v9VtjdUUaOyGl2g/hYhhoS9Ja+H64Rq3UUoovz6xosfEoLs7PPnRivmC5tThPo22Q9CfQIA/aEpUvXuUTZSOyZyqs6i4Cx76oISVBT8vE/6KTwAbjUkARY0T8VII3NKYtzGs01WBbskDhLHmuctAY5AtD04wAGlHXGWGpk1doQVIFeraI+ViDJLf2q11WJVA/k/3Gqkw1iiH/3Djvu5SZ8TwYVe8LIxHa/76xaUB0Si2sYR0gphzT+mAMS7qk0ZnGfJ1pAGVXJGroHLpFhb4xqKGmySM7Pb/RveAKo4Xksy0mBMwJvpW4cqTlVwqFvsXOPXu9Wjfh0/9ZsqQGOQGpgO+w76286+q+z5WHUw9wQid3vFCU7oKMrhk/rw+U8eyRoCHeRT3RyZvVaRKPErTiO/CJSanmO5vcOxh6nqh0Hgj+J69YRiRCBURltefhwNE5WoM4ES3+9WOaM66Hn3Vg+tiLNlZEVvu7ytuoH+vH5g8FkeH++zsz26OHpVAkUkXtmKkqfPVLZJfbnZRH+2+zss0F3SZq3BbXRJwpJeGKfdqmEST/reIsV7+/+r/6AYmg5olew+LLbTvD+S29ttXPQa2gqXNnsN17SrJX2b7U/HrmyjbUp3lzwOyi88fH9SisqMtjZlcJsyjXhZZnriot3eH8JqItIEuoIxVDTbt3MRNooJqyRsI85d8tThVULngf9I~3emst3NDk5LcW9rbokRzxBNSHrq9j+lIPZNGgIDEuUk\"}" + } + ] + }, + { + "name": "Step 5: Create Token After Enrollment is Complete", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + }, + { + "key": "Accept-Language", + "value": "fr-CH" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step replicates the \"Done\" functionality where the client says \"I am done with all authnFactors and need a session created\".\n\nThe server validates that no other factor evaluation (depending on what is defined for the policy) is needed and responds with the token or denies access." + }, + "response": [ + { + "name": "Response to Step 5: Create Token After Enrollment is Complete", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + }, + { + "key": "Accept-Language", + "value": "en-US, fr-CH" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2154", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 23:18:12 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zy5OP0JA000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"authnToken\":\"eyJraWQiOiJTSUdOSU5HX0tFWSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzZXNzaW9uIjoibU41UWY1TE5BdHVqXC9aSkl4MEE0UW9Kem5pdFA3bXNvamFwN1dwNCtYd3cwVkpOaG9VemczK245WEhnOGFHMUFDd25obTVJQlVTaHZqYjRza0tnejlLanRPK0hHVzBGVVwvMmhFWWlPRlJZZFdEdTgzZ1pMd244VjR1KzRJVmh3TkhYWnZKSjZJTDhzZmJ5WXhqXC94b2VcLzNoNStUekFqWjgyYWdFSVF0VzhoK2ZuK2lDaDdSUlZhRnl2b3ZNNzJFUXEwd2QzNEI1VXc5SWh1cGJVWjVuYlkzR0VITkxmXC9YUTZkaUVIZkhtUHU2U21kOVhDXC9ZZ1p1RVRweTN1Wit6dnNWXC9NSWhRQkJ4Yzd3RFRWN1MySmVLYVwvRXhaSUloWFRPcnNxMURtS0dIVjUzUENVV3RWdXE3NFI3cUg5RE5QZ2Z4dFRQeER4OCtcL1A0Um5mRlNqNGxZaVlGclRUdGUxblNjanR0eEU4QjJpcUpjdEprVGFZZllvSm8zU29SbGFtc2FtYWJhQlltUjdld1prMzJleFpxc2VzMVlNQm1hMTFBeXRBTktnN1dITGlId3gzaXNWVkZiaXBuczQwempIa3p3MEtwNkpEYThHaVo2bnhEQlJ4QXVMd0h5THZISFRiUGdcL1dxUXgwQ3l1T01OcEFNekpcL1ZVcUdlVHhBd1Z3K2hvcW54bWg0YThucTVwTHp1b0VxSWpuXC9VUWZ2cUNVcnVhTm16bWdcL1pjQWxIaXhPNFpQVEsxeE9BbWI0STJESFI1WllXY2JWS1RkaGNOREs1UTdWcmlJaE00SlBKd1IxZ05JOFpMK3h0R2M4MGs5WSszXC8wbWRzRFA4OXFDNnlpZWRVemdmNkdkVE93S3NBNnhtSTNKSWhNT2FoZ0p4cDY0N0xBMnBQb2E3YTZyQzhyUWluUytsd0txU3VaczRyT2dJVWptSlZWRnFkQmE5TElab3pFMVRqZW5ZcUQwSlp5OHFvZHB6VlJpN2pqWEFJZHpQV1h6XC9yM3R4MFRLakZNT0dGK2dXSVk1VlVXbzFCVytDam1yZWJiTmNzSHNGVktsSXJIOE5uOVVaTng2Q2g5UkZqUENNQ3lNczFTRWJXQk5Ba2JPZ1BWN3RNZkRJdFV2VzhsZXpQeHc1bnBFZDFkbTBTeE0xREduRWw5RzRcL3BtaUpHdHViYlp1OWI5NE5aTW8rbGtMUXg2Q2xjN0NqTDh3K1R2XC9MQkozZTUyaWNHN2E0d2RMcmNKNGJLZTEyTUczMVNcLzlhNHpPcmFEREQydVJlaFdib1wvQ24weEhPaXYrSVExTzY2cG1RQ1wvQ2tBNEt5b2NOWVwvM21qWmlxYXdNcjdNUFRWWWhIXC9yUWRPOUVESzVLQmdaZHhCc28xQXZcL1RFRXo2UnNtN1B2N3VPY3pIY1RlWExwdk5cL1lQWWMraHprQWJPRnVKQXJCcHlOUkJPYjQ1Rk1JWnBMUERlK3FJV1cwTjU0MjRpUHRkc3FaQ2RJTEJXNDhJczlrfkdlWEVJQm9OelVQSVpTZFpleTVic0lWejZ2MEs4XC95cU5pbjZ5ODdLdTZBIiwiaXNzIjoiYXV0aHNkayIsImV4cCI6MTUyNzg5NTEyMSwiaWF0IjoxNTI3ODk1MDkyLCJ0ZW5hbnQiOiJ0ZW5hbnQxIn0.Xa7G4uBlbTmz-QvmfsALk55CuO_5nVcx_vSdb38kYKNnkii-mpoiyo8JW6oOJKryaLvzWEUSrF4APug3e64obeD-2TThLYFSr5WQ2WHM-3-s9lsbeaLIJvZLijgQ93k_Bi8CkPyPlf3i0sdYTV4ecAfj9qen08EvKRsj6uXbOrC0MlPVs852qGQNjR8498qNE0mSUZ3Lzm0Bb2C3SU0U2FyBAqYMZPc2iK8hj1Ia7xwyx7V-nIvwap9C0RKOxubVUDwzbg9wwh96m36BL2fWH_ayBDhCwCYWBObo6VTy2MlptmuFEOQ3IFgkG20AhpyEPcv7bs019f9h7zuXI_ZLHQ\",\"status\":\"success\"}" + } + ] + } + ], + "description": "In this scenario, the user is enrolling in security questions with the client passing the Accept-Language Header." + }, + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "667", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 23:26:14 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iigF90sB000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"requestState\":\"jEmJCxDOtAt6OmagmpE+RNJuXi6sqUai1W9ihhpNuzyST4WkAEZX6rYc3tohXQ3uHPFC8XPNz/upl1xFJIvMB8IwnJIaDfU+ZmlBpqET/7KGuF+4dAe14wnIpJBBV2JaZiCdspczys+00wK6u1ZrYLMmCdkaUZuhE82WMS5V8fquBW8gnI7kb9pkAo4OfHH6vOfu4d6dtg6f5SvsuXHH7Q/C3dy4n1p1ngfbe2uME5a6/8w2qMfzXHo7Smy3pzpHy3zqIWS0lvKidhbDDwt+hsAduXJehhyBzWx7cmp7m/8~45mDAWGUeFm7SNgIeIizD8DCpmR788BEfVq3P2xp8Fw\",\"nextOp\":[\"credSubmit\",\"chooseIDP\"],\"USERNAME_PASSWORD\":{\"credentials\":[\"username\",\"password\"]},\"nextAuthFactors\":[\"USERNAME_PASSWORD\",\"IDP\"],\"status\":\"success\",\"IDP\":{\"configuredIDPs\":[{\"idpId\":\"aeacac5ce62f41749a4f0ea77b85aa43\",\"idpName\":\"Google\",\"idpType\":\"Social\"}],\"credentials\":[\"idpId\",\"idpType\"]}}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"{{username}}\",\r\n \"password\": \"{{password}}\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the username and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"enrollment\" indicates that the user should enroll in an MFA factor as the next step.\r\n\r\nNote that BYPASSCODE is missing in the response since the user can't enroll using a Bypass Code. The Bypass Code should be generated by the user using My Profile or by requesting that an administrator generate one for them.\r\n\r\nThe policy evaluation happens in the background and the next applicable operation (either enrollment or authentication) is sent in the response." + }, + "response": [ + { + "name": "Response to Step 2: Username/Password Submisstion", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"username\",\r\n \"password\": \"password\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1989", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 23:26:39 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iigF90tB000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"success\",\"nextAuthFactors\":[\"PUSH\",\"TOTP\",\"SMS\",\"EMAIL\",\"SECURITY_QUESTIONS\"],\"TOTP\":{\"credentials\":[\"offlineTotp\"]},\"SMS\":{\"credentials\":[\"phoneNumber\"]},\"nextOp\":[\"createToken\",\"createSession\",\"enrollment\"],\"mfaSettings\":{\"enrollmentRequired\":false},\"requestState\":\"el7rHVfJJv7kWmHasMF5e6Vf1HXo3Qz5k/qy4UMxTYo2fFb2D4uEu4Ak6SnDl4f6NPBjlqtvbrq0RlrVXO3nPdbXOubpVt0lwEJur+VDB+wQa/06a0dnAtRu8SW0iCEdNrXsmQ/8Pvg65jWgK11p9WFP8a+RWI1fTvdwBJjmFFJ/huKIKA2bJebZch+QoAxALLmgh0+o6WU9mP43Iw73086PQ8PM3ApZviS/GcEks/uwFTIBojJk51rhPBbzjx7BXJ/9hXgmiXJEe4AEo0uPg7O8jPl0otD1kugFYXPTM4W1q5dG9MOyzxe6I4gP54TalHseqqWN5YhwbvHqkmkGtW/pwFx5ZPsyulaibfOgz+EKU8VzoJ6zErizKpCwQooJB0cPw+jlI610JZwLp1KC/+dNDS8jpI03+e7FRMezI7D2W9UmnLRJ7fbSi+QkGnSChMmSoWniyc426IH8D5SK7TfZt5ijBmD2JKtogd5SA9yjNDbWvzXu5ESw3HyBnRa+8nucuOyy/wy5P2LsmDLY8EKex+QtpT7grEe+v35A/iMHGlIKR4vy3kVnMLxquhkm8cxS2yPypqHPJi+bTBbHRLGg1pIe8EieCpNc5d1UupbYL2reUoLOd0xPLG/PJYauvVdD7OiRBmtH2Q9Jsr7f5N3Wfk/DlP5V5yazC1v5311ihi6FIZpjHZuZHHcALk4NEbZqKLKuZIbat73mzkwxbAvzY55x+7vVsQOXzwEZ8C/84gscNpe7cLI9E1o9+CWg5uTK4GwE7ch8llDwleH+KjPVLQvZnaP2YxqGtLswnhTkdS7laj1Is1/I2tcclZQmWNWY3oTygBnjJW1cQGknq5u2Ukgl14OXP7e3MFtf+SmPUB4t9mxda37fpTElfE4ouuia6SNozEaIs1bo19smRvZijZeLkmkQe4g1uEjbpOOERKvH/5HeUzGS3SIeT/px6nO78V79qnNYgbMvn3gRPGaUljgzEyEtY2NDXNaBtLNKX9oM5HLKYnvT5uaLo+Hz+C1J2D3adfHhrzpQ4YMCAtAtnOAzYGLLfJMzgvKGFusEBN99AD2Fwsn8mDvi1nFxeytLPazuXZOORyn30YMEBboVRk9VEq+oWlF24fVmqT1Dky4chYz+kc9L1L4nu/Laqo7mz9usqv+MYIXmIXTAF1qaLDx0ox9EJtizL4SXhLNq+HosSXb3SzVKg12o9sZq+OY8uqEqHhctuXXSa4mmeJmLyDh9cuW6L1ZzICvJVxRFkHgUd5KglyO2PhbIvmKixBLwm6IaDSlPvIf1wXzpjASUQzBeAqAhshPS0UCi2Tw0PQVz+xfJ1sC5tcF/8PVsnJZUon2IESsOkUo2hWb8di3Kj2J6LoMXSybgcn9XIkXYDn62rDCeBmsygnvU9abIWrluB+WoEPoK13O5LMOkWrqaW3/UTekgjiFqmjQonr+THjYtcWKkKBQZgklGeOerN8np4OAcqj7k6mdeGXNnbEPG3rBh4hMsfXYWbQuOHaNNAqFbzpS6c/+Qx+48MH2LmOnuvJOKsJbYlYgqdQ1yQtsR/6PVg41UqTYId87h6a7fnxTSJ1sNUORg5xxY9KbwbgDP0pPf4JFyDiUAEE8uDzbzaSt871NeeGwK+8YLqk5/GZBY3e0lVXt3/nwyssHf~7n6yeSi1lMRE/MDRJSFgRKdi9M7wk5LWU8vnY5XogD0\"}" + } + ] + }, + { + "name": "Step 3: Initiate Security Questions Enrollment Request", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SECURITY_QUESTIONS\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to enroll in the Security Questions factor. You must include in this request the requestState that was received in the Step 2 response.\r\n\r\nIn the response:\r\n \r\nThe response includes all of the available questions that a user can answer. The \"numQuestionsToSetup\" value defines how many questions that the user must answer in the next step request.\r\n\r\nThe requestState in the response contains the following information:\r\n\r\n- creationTime\r\n- tenantName\r\n- appName\r\n- ecid" + }, + "response": [ + { + "name": "Response to Step 3: Initiate Security Questions Enrollment Request", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SECURITY_QUESTIONS\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "5320", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 23:26:53 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iigF90uB000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"success\",\"SECURITY_QUESTIONS\":{\"credentials\":[\"questionId\",\"answer\",\"hint\"],\"secQuesSettings\":{\"numQuestionsToSetup\":\"3\",\"minAnswerLength\":\"6\",\"numQuestionsToAns\":\"1\",\"maxFieldLength\":\"100\"},\"questions\":[{\"questionId\":\"FavoriteMovie\",\"text\":\"What's your favorite movie?\"},{\"questionId\":\"FavoriteTeam\",\"text\":\"What's your favorite sports team?\"},{\"questionId\":\"DreamJob\",\"text\":\"What's your dream job?\"},{\"questionId\":\"FirstPet\",\"text\":\"What's your first pet's name?\"},{\"questionId\":\"ChildhoodHero\",\"text\":\"Who's your childhood hero?\"},{\"questionId\":\"FirstCar\",\"text\":\"What's the model of your first car?\"},{\"questionId\":\"FirstTimeOnPlane\",\"text\":\"Where'd you go the first time you flew?\"},{\"questionId\":\"FavoriteSportsPerson\",\"text\":\"Who's your favorite player?\"},{\"questionId\":\"FirstMovie\",\"text\":\"What's the first movie you saw?\"},{\"questionId\":\"MaidenName\",\"text\":\"What's your mother's maiden name?\"},{\"questionId\":\"FavoriteFood\",\"text\":\"What's your favorite food?\"},{\"questionId\":\"FavoriteToy\",\"text\":\"What's your favorite childhood toy?\"},{\"questionId\":\"FavoriteBook\",\"text\":\"What's your favorite book?\"},{\"questionId\":\"FirstManager\",\"text\":\"What's the first name of your first manager?\"},{\"questionId\":\"FavoriteTeacher\",\"text\":\"What's your favorite teacher's name?\"}]},\"nextOp\":[\"credSubmit\",\"createToken\",\"createSession\",\"enrollment\"],\"mfaSettings\":{\"enrollmentRequired\":false},\"requestState\":\"bolyMj1AG7Mh4fmUIOfGEOiavgiCTF9zHPMZ163vbTZt3rc+d5rg0OAWKh7AWFFd0XECjTyAzWZkadeUQs0p4IZQBtCAch19vYd7soIkGHS80Zk1QGo3cvD4cUFFZ+/elwkcMx1lcIs8onoletx7aS/8RKHBJAexu5hguLf1Om5wlc2a22olR9FcmclNLOo4F87lFZgxk7jerYVYLW7tR7AlZg/1gBc3xDDkXSLVOUFNMIersUqehcKJlNWL0qo4GpxUyfjf+RHBpokxuev6iDczsqrXbdC/tQG0PAU/qIL9UNUIVnY7YUxdCsX/RiV/lC2lETCCIP8m1m7ivMVtOk0SPUnlgDQypeoRB9A4yTrTUhULgjgqsNw3/oEW0DTPAi3aU220FUdIcEwMI/pKhFWrHKIoaxw8RsIdM7CKxslqzWsMN2n4HaL+nHyco+ZMUy8XIjFoK+FBqqH8MjOfz4oemB2IYDrpfRJ0JmH6zZChlAZ1b1IbaVU/V7LoVlioyhefAIolZifgG1XXT4vMWd4o8uTVWzOePhCbhL3wjJqHmnBWEgEVUf8HXC7Yhf3FbbV78pAkV6fav97i19f9msZcgF5wCBiEs/8iyu4Vc/6L3l7Ek0iyah4zl9PH36gGSnVmQAI8IuuNNCEbV8Bp9xaiasXMIQ59A4lsukaH3VedLawYBbBXbfOZn4A+QbsderAN7Qv3jiuMKz/3VUq/6AHHeujL3ONcLrHA07tmXq26yM0+t9QG1KoLnv8Uy/HA6h/JgNsLVMTBqmM+pMGwt0i7SCOGmRRDmCwRmUN//Vrw0/kIg7C8uCtkojgJsGghEhxqk2gqqmveDnp2MXTDLXaD4ngV2JdvUiWpyKPgmW2optUs/pshLQyXxi/cA3TZPArfTV8aZwwY6LyZm4+Fq00HpiwSvddY+2nDB6YMGP85CfHYCCuOi59s4oyOPoFkRNG+y4Rgf6sNwkKFwssYGeA5TS5OWIYe9LriTbUiQ4UhIAzf0juJe8PIIIAAD+Jh1uR0GglQsRDoczdrgfZi4miMVbxzri41YZ9xTZhb44uM6kV33jzOpM+suGKuGAH3k6GOsTRcU6zO48ZioTmvA2HnXRAPAdSZtjt2T7Ervj4DwLTy/EHdz8Zs+BO3qvnNpqRecvYa+qt1fwfx7KXgiWRckmxDNE8oWgnrKB9Nw9mnoXDVXglwauc9K6BX020/NijqJj1AkBHslOK6XAMDNPdw0xuHF/xZo7YH1jV2U8EYaw6Dq3jSpZgIX/SQXb4Jx3C054uN1ziXZ3yq72+IsLjJxj+GuFTkhLRFZgOgTgGge7HKEIAKo0LoV9fZwmXbpwGZbcHQIQXUIRmft/D0x+VVmEFHHgKolxPTCRimPmbtqo+fd2fa9dQMZX9y+JJzlpLRUYOV9Dscg+ujUCycLduPZHLhZ5EZMSGrpjw5wnc4MYvCF+Nafq7BWrZFGQrKX+drUn0fSBHi03OaRV4wNGsb/rcJMvQ8ezQ93qjwygVZK7rg+QBfVAPiwxNf6sFG+ArWtam7YwFFm8JvTxl/ZOLjR2UayclW44CpNgo3Cnooa0JDohoVAM91Cg+C8flLHV85rbp7nlKU/X008HaSPixFc3yx4RjuH6FIprBU1ARBpgRFTFSaKn6Tlpl9hhl6XYfIUUT9Tse4icw4tyDckpnmF05UW4D9Cde7fzXP6o9OCsMNfzTNeIHlsxN26FPslFfjN0xjD8c9+FXBZUN7mWulXjdXqR8t5lvF663Rila4/UFDmQ6FXX7H36F1QVFe9Kw2DQLzsr0++ZRoDj2g0iIEz5QEN9D4IKZI/NB3S1jJYbrUpq3Fylety0wM/bRUF4mYLzjf0EsbE3zH6/bj90XitQESTyDlbSKCbfosMeFmZ4ESkPf6n6ZMj6v262c4h8kcMx7WGoqAqGHyUDeiNEKPQDDDKVhMn+v4g1Snj2K3ALzaJptZo+cXmPZUddPMXDqnngNkICW9F4lql8vB7Qn5nmNtwiLn4siGhU+I0oNpwqrMusSuWCRoEayfRDCzqIgaNeHpIjF8tLt8nlLwnVSkRtAE8ZAZ4sKifsyvxTt/xcND5WQH/Fjxhx4v8ifZa9QmxVzApSFL3YHfV2i+1Yqr41L12t3fSudWgDZrnCsLaKfnvITlvHvSaW3aoIa1VBJX8Gmxj+CZh59dBBcoEbRVTCyDPtDqNefutok1vzPPrIOLsAS0fHCVvEm5ouYiwQ54IFKg1Z6JmH8HC/wfCi3AOxv6x+y1gNIg62e09Y7ZBgOrBJAu0lMqvzH9mPXCWVmNa5P17jewWG0o3iD7kC679EOG2Hi0tAYKjWtLcnoRaRZX8jyRXUMQySvd2Gqg8hMRTTiyUci+HRR8bdfhXjFN+mdEt91NprJbloj3w3mjSzr+s7gEaLsvaF361vwmX+ppMWG38VVQqt+foi63b46SmO3/qHK28JCRwyr4M7uHMOtYjrSuYRxierh15OfRP/iSE7+fM2NZ9XAmQFG4z5XO3KuhvLRSxu4S3dbeX8dXBFCUBDGA7w0HxkNGjFvTS/ApPBUOkMsMXf7rIGHTwiKP7z/dRo8rrWDIGDuQNDHuXrUr7b0pwioKzGKqEptmsRrayt167dhtUJCaj1TbRGcfIHg/JxpUDBH28OeZlLUwmmQ3ZaHfIzq0oQE9RoNwMwyrsyFEADTW3n/m03EXGwNi2FiXVhErjUWtxv7xYgDiyDitZeHCOv0R9TP+hdVi7cKfIYMfVQ4MZ8RT2PU9uFmP0RZjUdThdmoanCJJ0YSN/89xBaG1iSe7zyxgj0pI3FYaM1y4546kCStQeDZ9GlnCel/gwCcUk4kZUaluvtMkEHaA8UrBbG27bvzaWZ8fvm9YFaMa+D2dubzTLmPIzEHHNMX0RNEpkGqim57Vy8fbqXoA7DvH6gh222hHaVefQYzEsivvs7KCq9BaOvcWv7zmq1pmpWqi31No05T4LM0/22ey8vq4ShJcRs/LZt2lxh2jODhC8ZAVp0SwCKOUQg6IRMaauHQoAhhk2xycmT0bulL3fExlUJH65mgoDcmkLpp0MeeJcBQH+RHm1sY4G3X1c/LQHPkBI6eViJ5KJJP/SHMUvNsFYrtrL0LNsv/TXGUbjkblke7H+/KmxO6J1RprcXtd0prVPtIp3eWBha8AoBkx5cW9BzFIULH1cJaTM0wp4EhMkhcpZkaLq0fZtfLT5n6F+Hxbvp/p5BQ3Biv+MjKT4Knoyxj6yQyUoYSfgUgQk40fhlsAYu4Xc1301BVvvEuDKKyKp5ZewjVPIzLpU2E6fIkt1U1MN3+F7NwUuOTJJASrbNkLuNniJmyjTc/s1ZptPjWgGj8rdDCJoHE7MLFb19p/sepnKe84CvnpSrCAYuWXJmoM2Axpp5iVHNG24tg4OUtIEygOOhzdJKNKflHoh4bqvxf8qtCOyCugPo3PULK2qWyUfVAT924lXBpGX/0ioRxAHFM5LesMPlcdfDbkhend7EW1Pe1ZV2x8H42VXz2gBUiJJZgvToJfiFlSgrZfYgcBCZ6iyAhb5NaWMkH0Z3YiQBznnUxF31gC1C6VPltSkuyym9XzwALoPujbLyg6enY+v7pSobucbmKEtdqcWyBQiElZCWmeWI8H1w/RoP4oDQxDrtlp+HB4AbSrLF08sqlXXOF32pyv+PdVKmAMi92+8Vefw1BzOzn2DqMzzL6Zo5EvSqU8RlDHza3xfVuR1a41UGdKZ0WpyuZz5EbPcEu2BPLN9xWpi64FIAHEHudE+2UasVEkpdRRSKw74J8K/XtaPg+HMeCWUd9edUsMZoifXJKYYz2rca8ELwR5e3Ywh5tqdJtoHBJqjw~sRFrsN7nGwdnXrL6CkACrSL7kIWdGXcnSuL6M5kPJzY\"}" + } + ] + }, + { + "name": "Step 4: Submit Factor Credentials", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"questions\":[ \r\n { \r\n \"questionId\":\"{{questionId1}}\",\r\n \"answer\":\"Mexican\",\r\n \"hint\":\"Cinco\"\r\n },\r\n { \r\n \"questionId\":\"{{questionId2}}\",\r\n \"answer\":\"dogTessy\",\r\n \"hint\":\"dog and name\"\r\n },\r\n { \r\n \"questionId\":\"{{questionId3}}\",\r\n \"answer\":\"When Harry Met Sally\",\r\n \"hint\":\"Meg Ryan and Billy Crystal\"\r\n }\r\n ]\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the factor credentials, which are the questionId and answers (and optionally a hint) to the security questions that the user wants to answer when prompted to authenticate. This step also includes the requestState that was received in the Step 3 response.\r\n\r\nIn the response:\r\n\r\n\"nextOp\": \"createToken\" indicates that the client can request the token in the next request.\r\n\r\nThe user can also choose to continue to enroll in other factors. Should the user continue to enroll, an extra call should be made to get the details of all factors (Get Backup Factors) that a user can enroll in." + }, + "response": [ + { + "name": "Response to Step 4: Submit Factor Credentials for Security Questions Enrollment", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"questions\":[ \r\n { \r\n \"questionId\":\"{{questionId1}}\",\r\n \"answer\":\"Mexican\",\r\n \"hint\":\"Cinco\"\r\n },\r\n { \r\n \"questionId\":\"{{questionId2}}\",\r\n \"answer\":\"dogTessy\",\r\n \"hint\":\"dog and name\"\r\n },\r\n { \r\n \"questionId\":\"{{questionId3}}\",\r\n \"answer\":\"When Harry Met Sally\",\r\n \"hint\":\"Meg Ryan and Billy Crystal\"\r\n }\r\n ]\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1864", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 23:27:49 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "PK_rs0P8000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"success\",\"nextOp\":[\"createToken\",\"createSession\",\"enrollment\"],\"requestState\":\"KDqyuM45zMf9uUDfghIo3OG0Sizc/g9Y7ijpi/rRc1ttqh8pWufM9/0p0zvf1DnP+zmUDBK8cWL0ncpGiXWhO80C/S/xlsZwlX8BI/+hrE8B0sMwLnygxfRsGaDgRt8BAqzFg/7aBR1CqjvWfRBTeYFoyhP2XI9tMgtqm7sC8iadAsIjqaSLkxo3ivx/iij0NXIyrsW4ULxZpJeQZw6gt341j54lSK+1W6h9RcYe2DJPQntKkQ3xjQgxCZEWWlX+Vlw7Pzk9th0a44qckyq1b1j5qgH6yx+bSS4I3yw0moflGkFoO9spaFJ/4u72cUEGWt4u78ixMB+KXNXXP22mgp9DkGN5ekSODHgvITtqF6USC4zQkYn3fOEy3iP2ws5A06re1v0eLWky8CKXEtjaAosFCYQQ4oCeDjEP97yxdWQEAPM2vjSMn6GJTaiQhEF9JMc0fik/ddvvgDoll5xFJJt54p8k/fp7ZEJi+IG1N60B3lxnOc6CCZ/UrE1VxqJ7ci+LkWrJ9QWWfBnGxpGbwXIH2uvR5agGxJzcNxVXjkJ4vdD9ildcdpcFpXEg8ZJAs9H/3bS9cXf+Ce/PjFZ9WFkMBSVYKfcJK/RIhh5XVAVO/2AslFsYzLRuvAFC+tKaIRAhTdAUZ8TOfovedfWF/uvUDWSP9EQW4vSf+8rt2QwjFKGr2s5slySKdBDsoDx54Q4p8+5BQry8SeelwawzLz4d2pcj5jcDJ6z0En2I/JmPzqjTIoaBtRWPAEa7Jf/kkHBIZhlYzbcxPfJSHlp5N3AZRsct+MXrK8oCSbXTPLoc1NoVpYjilEpBU99abDfr1dPkk6dtr22P8WvuMzZf5VB+NayfAp1ninnkAP6eH2/wEMvx7u6jXtFQahOZNRnDOTUWc74dEttBe4+Ujz0bL9dQyqaPZ5KcMoKRecGb9nxP79CojgZM/aZEV4bLslt7FNMPdRTbzudgLU+E+9KfqO0W7AmdUGh4o9AEFdBJiFYKFk5fPuZ5U72iUGZL9tB5Er5sMDGYFaIgDqoukE679L68dFwFkX5ZFG8sWFBxckYmgh17MX8qFGUmyyzDXeLsLTFyG3ndI+e72+FrK2bYaX25IGaR9YBiiQCA4F2hYsd1A3zEu+Qr8su8x+cM/uBKCIc0Ml+Bfp/wIlXUbEGFvnj2iOjisCscz2Xovsk4SgkdV7FjgjH2hJ9ZTTf/tRlxA2/b2nPwseP6ouzKvvu9n2PgmhOANJ7HsU/Hgj//9BMH8meQqUbR9Ms119GdHlPmP2KIgzXJ/bQUzhNHDGbu9hKxTp+TjNkytCSoeWhcluEx5HF0hjv5G3JEVKW/TA9IfiDuio8bLURtXd5st7l5Wco0AK9klDkDKRmfjCMSaEeUI1S6/8BSsGRlXy5VvT4ILVt+jNm9VFmGRlg/JE050/eqfY65GOueo3nHkjQIeb+YUCv90feydFouHQpMzza/DNE/tUCOM/Pks/oleoNwW9G+w6gbmfRJCn+07cN9L7eBYlGtLa36gQXK+RYXsxjj+WuwQ3rbC4yCjU7b3dvVubblr6VwImE7Hk68lQnTYfdyotaQ6CDetkr+ah9/2wTbjRh1t+/SEMn2JLIDnMS2FJQ2TIm7S77Wcrj52SBUIqIFcFHSUe6Q5E/0QjkREHjp/FqShn/1VlGcwMpBOVEbgCi44RkMK4y2XuAw4nn+OgVWAAsNjdG00bUINoC7WHXD~pymBOecRYHnHRM9b1tX98AI6lhWcTpiXf7viPKpIPlc\"}" + } + ] + }, + { + "name": "Step 5: Create Token After Enrollment is Complete", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step replicates the \"Done\" functionality where the client says \"I am done with all authnFactors and need a session created\".\n\nThe server validates that no other factor evaluation (depending on what is defined for the policy) is needed and responds with the token or denies access." + }, + "response": [ + { + "name": "Response to Step 5: Create Token After Enrollment is Complete", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2147", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 23:28:01 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "PK_rs0Q8000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"authnToken\":\"eyJraWQiOiJTSUdOSU5HX0tFWSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzZXNzaW9uIjoiK2NPQU9ObUJjREdLSHZ3VXpQZG90YnBtRkVPVVQwSkFWZDlRMGY4MmdZSmlIaXRWZGlERnhjV0hcL1FZbFdGM2J2STZUVkM1YzdzWFZCK29TWVlzWkh0Q2hpQmFnQVhrbVFCVFBjUmcyVmtlZExXYmp0citYZHFGdnpqRllRdytwaFgrOGh5eGIrZVZkSVp3OHBQOHlZY1wveCtseEFYaTRxajltSFRLT0s2eU96RUpuYThWQkN2M1JQQ3ZaWCtRVVdLRnFSYlRFS05HdzZcL3BOd0paZFZ1eGtTeTBialg3V1JrdjJFMGhWaFFyZHJVdnN2N0c1aTB6ZmRxNXpQMjhEOEloXC95YkV0Yk1QMWRjc1hBWG5cL0p2Y0Y0UDRYVnR2YUhwXC9nTEZZVHc3Wnp2ak1uTlwvMEV4S0RtM0FOZGp4WWRaQmNLRnZCdEZ4XC91N3F4Vk1tVkxBYlBLa05aUDFPXC84T002TmpybVZGbGRTNVBEc2g2ZVF1UVJRM1dSWWo2SWpZXC8wNTVaWUpUV2JHSEp4djBvd21BeE42OGZQcDdiUmdCbWowMFZjZ1kydVk0aU5saTZxYXhFalo5KzUzenA1YktHYmFvQVlPMmFqbldqMmZwSjkweFNiSmZ6VTNmSFQwZzlMUXdvRTdtT2RPeWE3Mk5hZFBJWUoyRHp4UjN1Nlg4eGE2d21VXC9IeW9rU0NobXlnWjdvSHRLVmM4U2dQZVIyZDJPVmM1ZlltUDBTTGFDeHZ4XC82dEtDenBHaE1qT0Z0UXZPMjhTV3VaVHV5NUp2cHdRRlVmR2NjbzNNdlI3S2dENkVMMDJ3eCtxTnlyRHVOOFY2RFVoaGF2UkhEd0o1bmYwSVdEQnd5SzF0RWN4YlRrcjVzaTVsek5XWFhFMVwvYlhEVGhzTUhYTG8waFQxTXhCTW1Od0h4VEJpZUFqMW84a0lRVTdablB5dXNlcm9odTRYQUdTODg1cmdwUlRhMktUcGpvTGt4ZXNVRTRjTWNHODFmTmhnRnFRcnNkdWMreW00UFpWMUNMcFd1dmU0ZTlSNlY0SDJiSjVUMWF5SzQ3SHpEVWI4RzBLTDZZaTE1eDQ0aDFPWEVZVVlkNzJUek5TckdFYWh4MUZHY1JKd0RRT1wvODExcGd6Y2hWNVIrYkFFT1wvVlBJKzNBYXY4T3pXcGU2dzc1VEE1SnVSU1lPNU1FRitzVExXMDloQzZTOWZzaE9rbVBcL1RZaHRubkhaZnlaXC9GYk5sRVwvUFVYRHBadktHNEFXbkREbzl6cFZPVWpcL0ZvbTIxbU53b3UyTEdvOXlsazRLXC9pQXBmMnV2V1IzTGdrTkNqNnJIOXVFYjNua1JiT3Y1Ynh3Zml3bXdST3F5RVR2WnA2R0F2b041elRLaUZvaGU2ak01U3hNUFZkazZkdXpFemFvVTJRYlJxMVE3czlYa1h3MHloSjViRWI0eXQrWmd3alRsRGRBUGNOb2FTSldmbDJSTGhqdUhXRG5MQTI1NWJTOHA2dmN-VER2T09NOXdyNzhBTVFuYmZkd29zZnpVOFdMc0RPMUNrTjF4OUY4RHgrTSIsImlzcyI6ImF1dGhzZGsiLCJleHAiOjE1Mjc4OTU3MTAsImlhdCI6MTUyNzg5NTY4MSwidGVuYW50IjoidGVuYW50MSJ9.JkGV-PTDi8OzyJ8bbOrRH8GAGUvukMyqKwuMsrD3g6FNBgc2w-DvopM1SJAVMPKtyPnvlrHXeK3Siv1oZMWfSo3EVlbJrwnBpqb4ieRumy8UxpLgsdZ7v6rQH02mcFbWY48zrLXGpQI4xP0hADAZxpLuHHzPfEEodI1Cm0reZ7qGgaDD8wlr4MrNRVG69ohWi9KI0lcdmXIYvEs7EGCrOoMs6LViT0mOeKmC4HcuPA9QyLOqymU7eChodRnIdmY0BdUei6ZOXSmD4C_KdhhyqH4oxoB3xWtXDqZ_EbJcCU-FctYXhyR1ltUpL5fMieOAor6MFE7hTEy8eZ8tky67ow\",\"status\":\"success\"}" + } + ] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "PUSH Notification Enrollment", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "667", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 17:09:57 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iMSkD0m7000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"BfQq05C0JLoW.....f7pJlqUURg0\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"{{username}}\",\r\n \"password\": \"{{password}}\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the username and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"enrollment\" indicates that the user should enroll in an MFA factor as the next step.\r\n\r\nNote that BYPASSCODE is missing in the response since the user can't enroll using a Bypass Code. The Bypass Code should be generated by the user using My Profile or by requesting that an administrator generate one for them.\r\n\r\nThe policy evaluation happens in the background and the next applicable operation (either enrollment or authentication) is sent in the response." + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"username\",\r\n \"password\": \"password\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1925", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 17:10:26 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iMSkD0n7000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"PUSH\",\n \"TOTP\",\n \"SMS\",\n \"EMAIL\",\n \"SECURITY_QUESTIONS\"\n ],\n \"TOTP\": {\n \"credentials\": [\n \"offlineTotp\"\n ]\n },\n \"SMS\": {\n \"credentials\": [\n \"phoneNumber\"\n ]\n },\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"b2M/4/lN3uEg.....6s6kvVxesn/M\"\n}" + } + ] + }, + { + "name": "Step 3: Initiate PUSH Notification Enrollment Request", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"PUSH\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to enroll in the PUSH Notification factor. You must include in this request the requestState that was received in the Step 2 response.\r\n\r\nNote that there is no need to include credentials in the request, since PUSH Notifications are being used.\r\n\r\nThe requestState in the response contains the following information:\r\n- creationTime\r\n- tenantName\r\n- appName\r\n- ecid\r\n\r\nTo get a QR Code to scan for testing purposes:\r\n\r\nYou must copy the value of the qrCode \"content\" value and use an online QR Code Generator (such as: https://www.the-qrcode-generator.com) to generate a QR Code to scan using the Oracle Mobile Authenticator App to get the otpCode to use in Step 4." + }, + "response": [ + { + "name": "Response to Step 3: PUSH Notification Enrollment Request", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"PUSH\",\r\n \"requestState\":\"b2M/4/lN3uEg.....6s6kvVxesn/M\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "7963", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 17:11:05 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iMSkD0p7000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's Phone\",\n \"PUSH\": {\n \"qrCode\": {\n \"content\": \"oraclemobileauthenticator://totp/user?issuer=example1&period=30&algorithm=SHA1&digits=6&RSA=SHA256withRSA&Deviceid=57555b4bf9eb46d6bbd48e4f5df93403&RequestId=32764cf0-bb23-4793-bf0a-448274f29614&LoginURL=https%3A%2F%2Fexampletenant.com%3A8943%2Fsso%2Fv1%2F&OTP=eyJraWQiOiJTSUdOSU5HX0tFWSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJkZXZpY2VfaWQiOiI1NzU1NWI0YmY5ZWI0NmQ2YmJkNDhlNGY1ZGY5MzQwMyIsImlzcyI6IkF1dGhTcnYiLCJleHAiOjE1MjcxODIxNjUsImlhdCI6MTUyNzE4MTg2NSwidGVuYW50IjoidGVuYW50MSJ9.KYp2BBf2SouK7WY6qoaBATbz0SxrZYMrySILAJAf9UjWjO5wNfe-I1CkA5wut6kndOX0O1fbILHlQfZn3XNrtkpFohB2SEFu0HzKg17YGKOKEO3R2rEsvw-dFUnCqHEb0VUxC0fiVKEKxTBk6DmkNw2rRnYRWwR4KgSZMY3AGKorParxJ-ksEN98tL0dLb5m_377xhjhTDWmg1F4Q9Lox4FyfzEPEe-L7CVrGF60xJcvfs6t-wCzbbBLIH1KIn8UhLwE3ClRX54VCadOidhMqps7Hq5noi0yDPWAEY-F5rM5DWogvggheAEUK9TLwDgvkKJ53xkdJ59jzhZrCcrz3w&ServiceType=TOTP%2BPUSH&KeyPairLength=2048&SSE=Base32\",\n \"imageType\": \"image/png\",\n \"imageData\": \"iVBORw0KGgoAAAANSUhEUgAAASwAAAEsCAIAAAD2HxkiAAAOsElEQVR42u3b0Y4bRxBDUf//TyevAYIYVWSNo9EePhlerXY007dBkdW//iKi/1W/3AIiEBKBkIhASARCIgIhEQiJCIREICQiEBKBkIhASARCIgIhEQiJCIREICQiEBKBkIhASARCIgIhEQiJCIREICQiEBKBkIhASARCIgIhEQiJCIREICQiEBKBkIhASARCIgIhEQiJCIREICQiEBKBkIhASARCIgIhEQiJCIREIEyuaax/vn7yDpP3//dr5r/1X9cw+Yz//izZO//X+2RX/vv3+f11zq9q8tP5/28/LwhBCEIQfiqETz/OyeJuUPz9//xaan4fJvdk/vr5vd3eje0amN+H5jUgBCEIQfh5EGZLYW7ttqBO7O6VSdsuu2zrmW9GW5M83wKaTTZbDyAEIQhB+I0QTr64T5bRJKJoopfnNpfsCrd/dxuDzf9i84lACEIQgvBnQ9gs+q3h2UYR2XYwj4u2MDd3bBssXdVFGcYgBCEIQfhTK4psMfVBeVZRzJHoDXDzufr7ML/zWxRVFCAEIQi/F8JsbM2/f/K/ja2B0L9B+C0QPmdiM4vV27B5wJCZw8lPs78+Lyq2ZcP8vmXDDG9auiAEIQhBuIMkGzHbLpHsyMwWpKvfzZTd1f5rwvzp9CMZ7CgIQQjC76oospHl7MBOvylsR5Abc5htalsYsiGHW9O7LZyU9SAEIQjfH8xkw1DbGGN7pLU/VrPFY2vVngtdsk0nuz9NvARCEIIQhN8VzFwZsKvhpmaYqzGHV8HG9gqz+7YdUsvCp+wOgxCEIAThm4OZbEApM3VZ8PB/DZFv65xtiH97aOtqMO1qEwEhCEEIwncWFf2DaQ7p9Pbs6a2kqRl6o3gbd2WR1SsMKghBCEIQRsFMUxM3JrCPN64G3LLFdzXM1Zi9rMy4inxACEIQgvC7KorM6syXeBM2bA1kVrg320QTHTVm9XbjyOIuEIIQhCB8TzCzDayvIoE+4m/sbm+Vt0e9+t/tbXNTjcyfFwhBCEIQvr+i2D6eraHdAr+tCrLAvTFd/ZB0s9xv4cmG+EEIQhCC8M3BTG/b+nfb1iFbezaBtolqMkvWlDFNRdHEY80mCEIQghCEnx3JZIvj1m5tS47beqAZQG/AmEcpt5HM5A5kGzcIQQhCEL45mJkbjwzmLFzJxuiaSOP2U/Qj3U0J1GxwX2BEQQhCEIIwsqbbqn1bZlxFCz3M/cGfpry5CleaoGgbDm23PBCCEIQg/Oxgpgmjt0axOYK03SAmS+R2sW5DoCy+ujpe1G8KKgoQghCE3xvMbDF72o5mh1MbmG8Dj7566beGbEOc/PtFx5pACEIQgnAZJzSHO7eLqYnprz7L1cLqC56rce3M4max0ysEQhCCEITR0s8AaxbEE1VKhlxmyTIUG5zmNdJWzTYKQhCCEITfaEe3oUtvkG6Pt2YGsq/1b4/Sbke0+yKhOTgGQhCCEIRvqCgmdjT7Ot6MVmfHkeb1xvan82t4wkw2pVFWBWXP0VEmEIIQhN9lR7PYYxtqNyZtHiltq+rmGrLSor8P2yd4dc3KehCCEIQ/1Y5m5fjT1qgJmfrx6KvAqT86lG1VT5RSIAQhCEH4Bgj7Ead+sKsZOpvHHpnBzkqaLfAZzNmmtrWRVzUSCEEIQhC+wYL2ccjWTM4r/swsbUv8p0vwZoStv+YsoNpuuCAEIQhB+E4Is0fShytPjHRnFcV2SWVV9ZUpfXqbyNaGigKEIAThm4OZvhDPIvL5gphHLH2RvS1mtgBsw/3+mNj2s2RhGDsKQhCC8P0VRfM4Gzj7L/p/8ujQc2Nucyvelzdbq5+NvIEQhCAE4RuCma31yh7qfLT6KujPxsGyeiD7K/1A9nxDbIKl/k6CEIQgBOF77GgzqDVBYh6aNzF6E8/09jWLgrKh8C3YzdeH+U/ZURCCEITvt6MNqLePdht4NDHDFrk+Msnu83YryQKn5nATCEEIQhC+0442g0hbo7J98LfjYFtsMnv8xOGjrdm7qkyyryogBCEIQfgeO7otCZ6L6TMkGsO2DVr6RdZb6y1O/UBcE6GBEIQgBOHb7OifCTP60OWqEtja11vDfFW69BVUUzm8qLgHIQhBCMLaGmUxfRaNZAsos47NEFy/MTVlQL9p9tURCEEIQhC+345moUt2EGaLX39cqPl026gmu7aroe15uNU/wWYgAYQgBCEIP9uOXhmkrUnLrNHWPPdhfVNVb0HNQp0+nOvH2UAIQhCC8J12tLE0zahXA+1V4N5UFE/byGajuT0qlY1VgBCEIAThG+xoUzRfBTlXIN1auydK/+37Z1vYcxvoq4sKEIIQhCBc2tHtLW7Gf7NYJRtq22K5vUv9CHVTumTXcxsXgRCEIAThOyFsFty2EmgKjK1lbcaXszHxvgbIiqV+u2nuv4oChCAE4XdB2IfXjV3JAoYsctiGKP14XR8CXR3I2trg5gsCCEEIQhB+NoRNPN0UGH0Y0MQbVyVHY/myd2j+v69PsjsGQhCCEISfCuHWYGwHlLIAPbOyt0NnV4ePMoyvIpCs8GiOj6koQAhCEL4Zwu3SaQqGJ2zVFrPbv3J1tOoq9JpjkJU0IAQhCEH4vcFMVk5cRe3Nlczh6f9uU1HMBwD6J3IVGvV3A4QgBCEIPxvCrYXYWr7t0tyC1BQM2zjnquC+3RqyqGketl1tkSAEIQhB+B78tuPRV2NWWTEwXyhNVHO1xTQBT2PLt3XF/FNn9RUIQQhCEL6hqJj/1tMWsalVtksz+7vZcadsaCG7kqvtWEUBQhCC8LsgzAL9P/PTbUTeBPfNNT8Rz2wB6Mv67XYAQhCCEITfCGF/fGYbyWSLqSkYmqgpuzNz+9cU+vP377dLwQwIQQjCb68o+qjgiWWdoZWFKNviJKsTru5G/1Vi/v4TCNlREIIQhO+HMFvomWHLSoX5a7ZVeGPUm0qgj1iunkIzJvHh+IEQhCAE4WN2tF9M2RYwv/J+FCELNrJ3aLaYJzbQvqQBIQhBCML3Q9gE/fPlsj0Uk42DN1XNdtHPTV2/zc0h6VfFc38RhCAEIQg/A8Xb+qH/iv/EsabnooUrY38bwDQbZbYJghCEIAThO+3o0wFGU5k0A9B97T437U2w1FcL26tq7PcrYhgQghCEIIzsU7Notg+jwaOJKK6sV2NHt6V/Vgw0z7Q5UAZCEIIQhG+DcB5XbG/6NnTph7+zMbfsE01+9xb7DObsyrP4TTADQhCC8Bsh7I/kNMamsWRXtXtvgyfbUP9lodkEe0PuKBMIQQjC74IwG/XaIr0Nvvsl9dwWc3Xg6Il3ng8MPHckDYQgBCEIPxXCLBJoDt1k9XRjXLdhfRMCNUv89vqbMYCtQQUhCEEIwvfb0SzsnocT2WNrhsKaKnk7Fjf/reyOze/q/ClnFlQwA0IQgvAnQdhX831s8KvQ3Ppuq+pspKuHNnsWV8Nl/Z0HIQhBCML3QJiNWfVLvDGiTey0tY5NmJHFG/Pg6k8WG9kTByEIQQjCz4Yws6nzIL4ZEe7riu3CzQb6stAoK3i2sGUhTVbbqChACEIQvgfC7a3cLp2sRu/j8ivzlg0SNKBmVjA7YDV5ptkXChCCEIQgfJsdzYLyK9OSVRTbreG5Ie/5wn2ioshCpq2NVFGAEIQgZEc3y2j7pf/pSKkfqt6ORGebYLOUs4GKJgzLVgUIQQhCEL4Bwt5qbgHI3j9bjtl4WhPPNGZ1HkT1Y4a3I3KCGRCCEITvD2Yye3m7rK+Con5wua9MtkXO9ivD1ehZE1O9AkUQghCEICyigm0NsH2088phOxiQbTdZcNWHLllIdhXD/Mn7A0IQghCEn4pcZgu35m3+aLOSvTfV23AlG4Xbvk9TlGfxUjMiD0IQghCEb7OjWdmQGbP5ss7Gi2+P/MxLl8wkb7eerb3PYqTs9Z++yEEIQhCCMEcxi8KzIbLsIFV/7CjbjLLCYLvobzeF+fY0f+KvQBGEIAQhCE+/rPf1RhYgbf8n22iyWOiJ8rqx031F8YQlBiEIQQjCdxYVW5CuovymPm6M39VQ2BbUbSGxjbiuIrR+ywAhCEEIwk+FcP5gsgU3X5RPXPntK7PoIjvElEGbVS/ZcbBX1BUgBCEIQbi0c7egNuPXfbTQLKxb09sXIc9taltT+rriHoQgBCEIi+h/Eohn2Dejall0kYX7DbS3B4X6ez55CttXqihACEIQfi+EzeLI3r+vDSYGMhtl3lYC/aj0Ve1+tTluXwlCEIIQhG+DsHnNZHllcct28fXHnfrSotk4spGGq2Cs31wEMyAEIQjfD2FjGrMl0izTJqjo7WgWdG3N7XZry4x98+kEMyAEIQjfDGFvDq/sXBPH9+NvWf3QhEDb+//c3WhG819U2YMQhCAEYVQnZEaoX1KNqWvKmCxq3y7ibWSVxTzZ9TT1CQhBCEIQvg3CbKE0BnJbQM+j863R3Yb+2VhcVrg3FUL2bltTnf11EIIQhCB8v5ql1tTZ21Bka263xjILJ67Cm2yjbIqE7bMAIQhBCMK3BTOZ4dzC2Qcz2eu3GF9tEFfRRW/5tnj34Q0IQQhCEL6zosjC9wyzLOR4ojxowpLJBjSH4cqO3hY/c1uuogAhCEH4fgjnNqwZHb6qRvoAvRnNa16TIdFUJtnWOf/a8opIBoQgBCEIjyBsAvqtMcsqkL422IZPzRaWfbonrHWzEv56j0AIQhCC8BTCLJrfLq9spLgpMzKQ5jjNkXiicM9G/7Yxm2AGhCAE4bdXFP1hmdvie7s4spJjvh3M73bzPs8NA2wHFV4Uz4AQhCAE4ZH52YYKV0vqdhE3Bnu7rVxVCH00NTf82QakogAhCEH4NgiJfpRASARCIhASEQiJQEhEICQCIRGBkAiERARCIhASEQiJQEhEICQCIRGBkAiERARCIhASEQiJQEhEICQCIRGBkAiERARCIhASEQiJQEhEICQCIRGBkAiERARCIhASEQiJQEhEICQCIRGBkAiERARCIhASEQiJQEhEICQCIRGBkOjz9TfJ0zJHdUPVHwAAAABJRU5ErkJggg==\"\n }\n },\n \"nextOp\": [\n \"credSubmit\",\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"pRNcFhpTbIjX.....MFKDR5ijZRAwU\"\n}" + } + ] + }, + { + "name": "Step 4: Submit Factor Credentials", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the requestState that was received in the Step 3 response. Note that the Request payload doesn't contain the authFactor attribute since the requestState contains it.\r\n\r\nThe requestState in the request contains:\r\n- deviceId\r\n- requestId\r\n- authFactor\r\n\r\nSee Step 4a for the Pending example.\r\n\r\nThe requestState in the response contains the following information:\r\n\r\n-deviceId\r\n-requestId\r\n-authFactor\r\n-creationTime\r\n-tenantName\r\n-appName\r\n\r\nIn the response:\r\n\r\n\"nextOp\": \"createToken\" indicates that the client can request the token in the next request.\r\n\r\nThe user can also choose to continue to enroll in other factors. Should the user continue to enroll, an extra call should be made to get the details of all factors (Get Backup Factors) that a user can enroll in." + }, + "response": [ + { + "name": "Response to Step 4: PUSH Notification Enrollment Submit Factor Credentials", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"pRNcFhpTbIjX68J/C3RRDcmyBw/Brc7DLp4ErnxD8pHpU+XFY12KyY7O4ULTtwPmR5J2Ywh2qSiJN+LplPrx4EQLq6n6adC+jCK5Z0o0w/a5dqswY7xqpBnrk1NBxcoulq3SmOaUcOX78m0Bl1jA/S03ItMVk0WVEQf0Q5CiXJpIWlf81C/YhPGbcumUoZI2hUKLxnOoYdJrlB1C8Rlm5FJIzvdVLEn5yKkFbSG8GoBZItF748oDXbMgVdBBAhw23aBV4wumtKianUOYjmjY/G62ebLE7ZCf/tIzUL6ouoiEOyonDUrfndZ9p6MtZ5OPnyrwP7CZ9KRO5bGEn55NsZwTDznZ+8gVRprZZh22rhMZQNB4hOiO/Xsd9+zFxO4O1gsdtptiwJKd23aZUcyYOY/EkLFOUolM2nFRzVC88CoeXBpaq+TVSuBu0VJv8ijhXQlqirlEWJOLcYuLsl0KjCo+l6aUxfSPnOqzDnRL311jai7tOIa7rVbIUKZQi81OdsSM/XbWQSnkgaIRsBlf01an/8pWcCbNV0Dfn2p7anttnDQrvTPfI091DqF6+dsCPB+TgIOBQL4pLTLIDF2AwSLZo710QlslyNYsXQpgne3NbG8EaabwYdw2Q6knHNLOJ2NKKRCi8qaMlg2UOJa5XyvM+p30/FStJZJUD99bXSu+iU0uCBcv4FhWy1ND3acHLdUunkyIdmCvzWTSh7L9WWJsxFYtTMjU7O5/Fs8t8ppT6TwXSPkzU7UTmMAxXUd/pk5ytrGwe7J6VpItVZO4Uvbl7BGvfd5ImmTO8O/a0wj/7E0t/V7iXx48XpiIccogZugqlh81f6nU1t88X4ZkU9wHu7pAO5FfCu39QFeSei8ujSa/+yOo8l+Hwz+rMxVMuS/drVM9MV71jW0YwY6OaGIEwUSWiuaMIf8Rvst0XopHbwPwBEtQjk1anjh7K/ko8H0+CS7gkzQFfK/XGCtJvbFXJkF7rXAv441aOjk9HLrAHh+y1FDfqf1PgUywCLIcjX8s9Zn4ZkHEOo5IaQhyFZ5XXxF/9ilkIuv2pdEE1o9ySwzz+GnxTApdXgGEVGxYpvrGJ7Y4aZpjYp4D6/cV38xIVl1fkQA6+Pc5i/0pKn2GQcejER7nmZnFQwnFarZ9iIlvZXDJmTiSZGGSd11tjCzQYGyA0ibW2ZgSqmjEX4ZIeYhowcZ2RBpe11b4TbaLRCudho1m4nbGdlrbAOS0gzSrCPR8zX+bIDPdZDKb7fXf0ItrLqHNEsGH04WUxDctvAPaIWm1vi3JqRHaCQEVCwjHX4jmRdbL8YKrgoix7TzaAqk2Z+BnxQV76vnRe/Erq+lAK3zj5WHeqTOBcNXoO2CFMtux2BY1x5H6UBmk6d7jC0o5Rv/ttlYdsWX6sEDJKe4H+bssD3C3jGXD88Uqwnh1/HUdBF6VZQJopPBeuzSGWKBMzEouvPFYZfnZlPc0GTSLhrPpYwj81TrXsF6IRAK8BuG4er2pusK2/NB89wP2PkUmp+R3U/Wdkja4kJKpkzmbLz9zv8SQM8Pj5s4tBo8Aq510iV4UFmdb5zWj6ZY+BNsGwVCTjxxtqBhjZd0EUaXR0OgcDq85wok+zIk0AhXXZ90tKij+aw5bNKsnbX+9bnetKHXR8+Dxvqi6igxp0dTA28zRcqbWyfg3UCgTIw~KQzu8jrV6buKW/nOZctvcL3neasZLRMFKDR5ijZRAwU\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2066", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 17:12:15 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "05s1I115000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's iPhone\",\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"0qAS0i3BwEJH..........nsof/BnMqeYatY\"\n}" + } + ] + }, + { + "name": "Step 4a: Submit Factor Credentials - Pending", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the requestState that was received in the Step 3 response. Note that the Request payload doesn't contain the authFactor attribute since the requestState contains it.\r\n\r\nThe requestState in the request contains:\r\n- deviceId\r\n- requestId\r\n- authFactor\r\n\r\nIf the credentials attribute is empty in the request, then the following are the optional responses from server:\r\n\r\n-\"status\"=\"pending\" (This status appears when the OMA app to server back-channel communication is not completed)\r\n\r\n-\"status\"=\"success\" (This status appears when the OMA app to server back-channel communication is completed and the optCode verification is successful).\r\n\r\nThe client keeps polling if the \"otpCode\" = null every 10 secs and continues to poll for two minutes. After two minutes, the server sends the failed status.\r\n\r\nThe requestState in the response contains the following information:\r\n\r\n-deviceId\r\n-requestId\r\n-authFactor\r\n-creationTime\r\n-tenantName\r\n-appName" + }, + "response": [ + { + "name": "Pending Response to Step 4: Submit Factor Credentials", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2075", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Mon, 04 Jun 2018 17:58:13 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Arfkf1A2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"pending\",\n \"displayName\": \"Joe's Phone\",\n \"cause\": [\n {\n \"code\": \"AUTH-1108\",\n \"message\": \"Push Notification approval is pending.\"\n }\n ],\n \"nextOp\": [\n \"credSubmit\",\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"EEKexBOx5YiQ..........7YDCbtOBvgBkP2Ur4Akm4\"\n}" + }, + { + "name": "Response to Step 4a: Submit Factor Credentials - Success After Pending", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2130", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Mon, 04 Jun 2018 17:59:58 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "h9cWg0n6000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's iPhone\",\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"0qAS0i3BwEJH..........nsof/BnMqeYatY\"\n}" + } + ] + }, + { + "name": "Step 5: Create Token After Enrollment is Complete", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step replicates the \"Done\" functionality where the client says \"I am done with all authnFactors and need a session created\".\n\nThe server validates that no other factor evaluation (depending on what is defined for the policy) is needed and responds with the token or denies access." + }, + "response": [ + { + "name": "Response to Step 5: Create Token After Enrollment is Complete", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"DX49/ngHBuZy.....VF4i27Uo2nq0\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2147", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 17:12:32 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "05s1I125000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....hxuc4rV-L3kw\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Enroll in More Than One Factor", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "667", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 22:46:07 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "_rMg504A000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"requestState\":\"EYMJ1SRiFfVTKDYcAl+zVMCnah1DdDErjaTjUaYzF2GU5jEv4KHSq7AJnUApnoWv1MByvMrtSoUuDTn9jTqWsguqwcdP97PMuAx9VjWKUy0UQmZ0FRVD75j/VS+Bu6GYTQFDxMwd6e70zgFCxwO9w8fYNBhS3cx8VdIsOPFC1sVr5orQqpe6pz3LUJLEMQSaAkWmBqG8hFqcLYvmchm9lHs0XzUYX511Vv20ya6OO4VNqfHXmyIcjhdmGkw5qAlJX8CRsyd8ZCFLFv10qz3aUE3GEZTT+7BANKUVMQxgb4U~EImutlRaL8VjW9vbkFELdJUTdNkDMUMLMRcvUc3wyv8\",\"nextOp\":[\"credSubmit\",\"chooseIDP\"],\"USERNAME_PASSWORD\":{\"credentials\":[\"username\",\"password\"]},\"nextAuthFactors\":[\"USERNAME_PASSWORD\",\"IDP\"],\"status\":\"success\",\"IDP\":{\"configuredIDPs\":[{\"idpId\":\"aeacac5ce62f41749a4f0ea77b85aa43\",\"idpName\":\"Google\",\"idpType\":\"Social\"}],\"credentials\":[\"idpId\",\"idpType\"]}}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"{{username}}\",\r\n \"password\": \"{{password}}\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the username and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"enrollment\" indicates that the user should enroll in an MFA factor as the next step.\r\n\r\nNote that BYPASSCODE is missing in the response since the user can't enroll using a Bypass Code. The Bypass Code should be generated by the user using My Profile or by requesting that an administrator generate one for them.\r\n\r\nThe policy evaluation happens in the background and the next applicable operation (either enrollment or authentication) is sent in the response." + }, + "response": [ + { + "name": "Response to Step 2: Username/Password Submisstion", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"username\",\r\n \"password\": \"password\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1989", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 22:46:32 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "_rMg505A000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"success\",\"nextAuthFactors\":[\"PUSH\",\"TOTP\",\"SMS\",\"EMAIL\",\"SECURITY_QUESTIONS\"],\"TOTP\":{\"credentials\":[\"offlineTotp\"]},\"SMS\":{\"credentials\":[\"phoneNumber\"]},\"nextOp\":[\"createToken\",\"createSession\",\"enrollment\"],\"mfaSettings\":{\"enrollmentRequired\":false},\"requestState\":\"HSXguQXWplzyoFwMf5upwR3QGD7HLDZ313KM8NJQDO0Cmx3ry0sKvs1O+FAYq0yd3UWim8XAX847bv2z+lz2xQc2S5pgIqz/+YK4AoMkOZBv7GPnZ5FtkPth0g2gRZGVa02j3HgXAZiSwFadV7yNeDmdt5vSKhDQD1sdCs8DIKvSORbE7Wp5S5pit3UAz7rtpyVLmCz0KTSCkOJkJ+389R/uIOAdHvxirLFZI3e918xwr1XEQ8JvlY0nh+ExUTK3bYaaaP0H+0k2DWnPE3yza7UKnYY0JgX6D1gS2EBmo7RgCVUOsGBSHJtOzfrN4BWvozHi0ojU5Iwv64eHRU72a3Bq5c2VAfBD21gAJHA/dLsniL1ExzuXjMRIfmiRPVpm5+MZ3oh10JSO8IkdyH9GHlXG+ZHUAfiJcU3G3S4i/GSVO7q8+K46iTWWLFPRt3qjTzYEpfbB9GjdTng6TOEymYzequGQL9T0BUq9PEMDW2TvMjJ5v6wHk7fhXjLUsW/FnR9wQpmYJbEHCr4TIvylMqcMJrABp1UtVHSK0KrcTAxJEIA4DouFdc1XfmlZLSowrqMzeanTVH21byXGrp0KiBVZmhCvpBg9STVn0U6qN/BhboWntPzFOe4h6Xsrz0CHZQwq0E4YxdzgADPex/VwT3wQWp+E8EaLn8ifz07wylaNEAqDgxMrVPAlkWOKz1GM0sXiOiRm76r+vAGx2in+zsxTvvz3pwN7tawcKoh4tiJdCSTTcRaxvGvQNfRsStJ0ABa2W0Zn19kAjLypgxY3+SWZ60KMdV1ZCxXQ2F8VEjNaVVQ910WGXvnIYbxlUXRgvrrw70s/UpADGdeV01WF/KlVHoSZuHegAOKKnrrpgsL3sBrdG+mQjqNAkfF1+uLpr/a30F3en1QkZYxx4W5JYXYpaQWTdHds6Ga91vY2+cY63lUVIfRFYXExYWJSs380rO0OUcRsQ6Jdz3HXcm/DnK5GubmA/uny1tr+OBGDHN4vn5OsMsS2+rBw/R/Koi20jsa6vmG4wE5O5FDZWVMljEUa58RyCdIzbxK2Bu4z8Hn/GtOHqMTfOYodRcFdBM7BWXiFbuGyIh70/DYu72GtiXFz5QEm1TF07w3yQ1eZT2QCXAxuc8ZeQj/rnhA4FfhTqkrU0ttz5e3nwCFsSYM9mMblKlFR68yzFCo3d86gbzc7MW4Sgp9z30UlkVumPyIKqoau2Cb39ct0WIrB4c7A86sPNA1xq21/6rQL/cWsHE2cCcTsT3znnVnwt4nAjFZollji0IzuBXM+rHLMaEuZYaPAVI5pzqmFppqnOulrUdbJYcVJqgpPLnuukHMaRW+H1NH2++zol99kL3KTcHNbXVVRh7E+EYWyMSxyOVeakbXzr+iNkKHMptTFH4tiL8O487uRnaobe9UcfH84rdZrHVdSarc2exnlqC47QeI8vtFX+Vkt/qrnQLmZvruNAeX9/lWQdCIg1RzSL0HlbfTb39n7ZCV7DySKiYmNUnN9ogq4bXio/Zwk0xA0ZsobiPjrFWIEPEtitfxQN5kzjdxL3bPUhpCbbRgsSGaK3d/f8BgFR4HwDl8hvar1k0JaYPUpVk+w2Mq+Rsx8olnvSKS9uk77Cnl6NyFagTIuWogRHSAGoSPOslCxxdtXUYcU8d6z~zC4HnFJAS6tI1WlRmxNezW7yvs9JRZzFBKJdjrkrt/w\"}" + } + ] + }, + { + "name": "Step 3: Initiate EMAIL Enrollment Request", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\", \r\n \"authFactor\":\"EMAIL\", \r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to enroll in the EMAIL factor. You must include in this request the requestState that was received in the Step 2 response.\r\n\r\nThe response indicates that the client should submit the otpCode that was received in an email in the next step request.\r\n\r\nThe nextOp attribute also includes the resendCode value, which allows the user to request that the OTP be resent in an email.\r\n\r\nThe nextOp attribute also includes the enrollment value, which allows the user to switch to another factor during enrollment (see the Switch to Another Factor During Enrollment folder)." + }, + "response": [ + { + "name": "Response to Step 3: Initiate EMAIL Enrollment Request", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\", \r\n \"authFactor\":\"EMAIL\", \r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2052", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 22:46:52 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "_rMg506A000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"joe.smith@example.com\",\n \"EMAIL\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"createToken\",\n \"createSession\",\n \"resendCode\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"2Fx1RqH4R/25pvlX5VlEtDJ6kkg/eeUjLzwyx0SWShCNhSRmUOc3e6tYsWxufwto2uE/Az4NqaLnElrVxmIHCmkiFYxdfFfM4tbR94Vr1Q10i+TE9tC8LeUYMupj8iXqHx5MX19vTBa9mkPIw3GJhTGPQ3/CRY44DKeu5ADQJyfcRfHagFTjUpizViMf68qCBcfQZqALlbhPEBkYk2EbpDTs+HxIbRdeobWiPso9eohLuQMVjgKbxk2ucOQyqfwJZeR/QNw2VZYmTlxrn/kwIxFk1c3hj2xSRgi8QEOaI9zVc/+ZP6c+NsLye5RIbGoI2kzF9qYEloT07qDNOWgNJiZXBy1M9BGFWdurWdgjceCk3Pgy7VU05EodlwvOFnSkzDNtdhlxNQnaItvYq50bggW6XdnpvAd3ueyi7VVUyW52PDifFpS9AXWKr3eJN8UxLk2GBJ+dQUbLtjwCJqXaOpvNSD2ft5R3F9fDpwaimMBRIlc/zVH0NRWTTJxolqDRQeC/r7s1nQnqWEmQ+zy1P69UWqJ9nznk+uwoxldfyElhSnJCEC3vQrhFejQVMYqqUZ1tr/dkWYxGutazIdEL9nAE+93lT27gdQaP3V8e7+By6Jou5GXwwg/baK0rcaeHMt1FzEPoob+hqp6i479xa7llNmxV0JrJwoT+wZPHGtL3YDvtCW0MFBKJpHi+PGiXsquYBWluk3gMY30viDTxOYv/Mz/20A8l8hevUivEEcsFJFdIOlOoXn7LG/LjsVcsyBTzLfkpYGt4tiy9+gZgyPqEng4qpzv5fYBxgKY2eOMVVW9ZbXTcES1/2azBjA8W7Cx11P5nFQlpe7zhcy/2g/YH4sOq2UmdE6MJACU5kLo4sZwpVOtJ02mgM27L2nqqzNXURMShf+22spe4CXJE6lKDFWj8KOY5eFU5NWMe8Rocl5/I6A62mhbcOYuF9d70KiUzwKvVyH2aHOVzx1aRoc9nh44Alq4EERPlinxvNaSvUucFmm+zXn3DmFtNv0IPjvv/mWp+DtTWZAGlWi9M4WQZn2LrJX3Fneu3mTr+8lqQLv3KQMVWij4sxVQNs+7of2qypoaYMQ4mj5trd5VSQ1jJBheA1BFL18BYI6aMZquc/rkPM/3h6W+xZq5ik68AfkfHb01j/nIzbZPbE3vgqUFnhWBY98OiTH3earlic4PNxHrYoy7k/Xa1bNoVBc8oBypyemc9GzYqPzUBvUHxGMODANX/ITTdtrU0I0IWg3sU22WXwepT8FygKi8hdERCD9HbMSN0w1Wqa5HEmN+39o3tB9FVJ5jOigv+kUQnBfhUbpQsjE6j+M1xfKIUTVMkpp4TIb762w3X26727BQKNdeTGaAKXc4s0oGVyNVEF3QE18Ll8M6xcYJM7zfRtZvv9cZeG1BErump7P5I7Gfd8x40UGQHEzjdNqvZBXHWLiHQZZBWK6aBUv4jwLtKRVUDzfolWieeda3Th0mTNlP4jjxcKxiGiR/H2B3epYDNLigQvrz5wuwSw4yDo/2Ufjrf+15GnXK2Dw9r8MhquMAWQ4NGca1PP3/+wr9UIAR2c2KbY+n65vhG6eXrQ3O0zsGLJDtomdwlElQSrIU/s9ACbujyS0Rm2vkgNPO6g7S3kO1IH9WKxQInQdFo5HaM1jXzD8OXPP6y4FwTwIWaIV6NPIRIEyIIGLj7+p0smSPcJmblB7KfLm+ss97zhCs5Sv3o1QeSJsncBOw/K93GOid4O0lsFXU4R5zn4D9yu5uxrgk~0GaNJSNQL1OdPTQtG0NeEuQJqaSFPlW9ED/vPwgmVhg\"\n}" + } + ] + }, + { + "name": "Step 4: Submit Factor Credentials for EMAIL Enrollment", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \"credentials\": {\r\n \"otpCode\": \"404948\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the factor credentials and the requestState that was received in the Step 3 response.\r\n\r\nThe requestState used in this request contains:\r\n- deviceId\r\n- requestId\r\n- authFactor\r\n\r\nIn the response:\r\nThe user can choose to continue to enroll in other factors at this point. An extra call must be made next to get the details of all of the factors available that a user can enroll in." + }, + "response": [ + { + "name": "Response to Step 4: Submit Factor Credentials for EMAIL Enrollment", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \"credentials\": {\r\n \"otpCode\": \"404948\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2118", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 22:47:44 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "NjvHo0nA000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"joeXXXXXXXXX@example.com\",\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"Lwc5dPATbU1B..........XyAzwAsUcScmFiBrIfboXU\"\n}" + } + ] + }, + { + "name": "Step 5: Request to View Other Factors for Enrollment", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\", \r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to view what other factors can be enrolled in. You must include in this request the requestState that was received in the previous response.\r\n\r\nThe values for the \"nextAuthFactors\" attribute in the response are the factors that the user can enroll in next.\r\n\r\nThe nextOp attribute includes the \"enrollment\" value, which also allows the user to switch to another factor during enrollment (see the Switch to Another Factor During Enrollment folder)." + }, + "response": [ + { + "name": "Response to Step 5: Initiate Next Factor Enrollment Request", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\", \r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2173", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 22:50:32 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "WBAdy0b8000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"success\",\"requestState\":\"07dcCwVRXWn9C+GPx4Q0wgVbzUGzYAttVeIzwPZKWckT8X2mt93t4enQ51mi2F4Sj6f82RWtSr5MgdXrYSnZCXGPnu2HPMnqlQ9z4k7yd6P6YfGbQM80HZB2vb+0eYfzzcWh+PDoCbwxfqmMTDfmh5aWavOkzbtnC6Byb6jQQgVHVTcmQVyJp+9Fr9Thkij2XoHXL/c54Xqoq0V7BoBQAYzIwDNKuge5xeKbdvXCmMVLN9cTVrd764CB8cyE0flXYNYxsL0BdK7jaZk2BidaeDJo/SQaZkH883Mc1nQn0McNe/sp20R/nSbZl197peREAvYaLAEsakGySj8MAZWN9zmyWWb52lgaKAj2e6dI6Lp7+ZKX/OtGsepS570HYNEFKe+Adj5XiXDq0Ek3T1zLkSCTGel1+ITXAclDuHXXoN66VcwwR0JYJc35l8U4GKFlv8VqTPIGCyiauOgHZjUIZg5ojUbqT/6L3Qy11GeOEubVu8gRIcH18V1synRbK9h6o/xwfHAGm7p2LI2dkZpyU/ArRv5dXGuYiPAehytoccYPkbJGcAm0vYeZ5IP/cuJJO/Y7podDO1nbCtjySZUtoajZg+qCVQ72761fH4gdZiDh2hG+sxo+Ui5J06OesbxrHT+Bn/KUGXTqxgDTtEmR8GfiFghFQqt2B00mnLquQCWggOfNQCqLyfEwhkp9McPT8plyhLwk7SGpCeYFz6DBdRlL5EjOXmxBzxs+MSaLuxuU41sSpk4hESCIAsggshSEbs/vcI6EJJj9QT/wIPs0dxKSADKXBbwCfEUV8L3y9UNDHxMUMbl4dLwltVdVNdybGQjrYRDbGGz2A0DUZHFbWJlSMAdKeubgDNb8E945TD06CcmSCE0ymQ7gZMn9SGl0MKc/LMLHnw1RQUDmFReiNj25+8cO6uWbthKLXL1fyFtaFaO4EuDferQG7hPMxYjQVLjbqBVjq0QGebLyzfKhnRbXSOyQ+v7fSrgTDWGxbwf5nCJoOr08scAuKS/RaR6lxAC7o5Sy0l2s/8Xnk1h1wEHHb2ADAhpeT6e5lu0KPKK5S5lbEChTC5R6Q7p/S4DZUdJXhBTnH1Jqgjh3jjv8LiCd5ztv6AMfwgG6ZO5tpHT7wR3/qRhyvgZAk4B/rgB9xes9IAIi8u7FKPgIXr/a+JvrJuz/yA0Kt173y4WGfWGAaIFj6tXJX/pHcWsnBXzZgcI0zfaj6ogK6PEmWPwRfJYehEpOkLVEtWUt24tQr/lHmNjsXj3wISopN3Kt+gEKigKYfCzKVWFXasL4DRmgwSSKdoknSHjR7o+4OdKGf3E1dPfSfP5r0l9xuFfQzW2QOlFRTjq3OpPMfxhP5vyrea4wf/ghR7BFcFHnI0bTfbs7jvfVVA0S7B1Zne/NXCEcjwFyZk7dNX0990wd5Ap2fbK4qEsdnVsRqQVxFTFi4t8wWmBMpvIdjs5c1DAyQqky7I9MbSjOddErvM/L4lXxMrjgaUVrudf1wupavHuTSEMyKTgWoNxF8/hSwL3frEt2gV9b856tad2giLwxxNq/TfAoKpho7Hy8nAwBE3/TMUui9to/FcJh0fFsSZ5ypi8W0Nd97kcVt3xjJ7gW2Rg1Ncv6D/HfMjlpQLQBFDT3m1fEtqUX6iwRGMxkxKotwpJvuAJ3dzKRLwjjqyoShuOT+mh4vrzogYSo8Jsx7/LFNTCU7n8uVgZEMoKFa/ocS2tRVJprGzLFebIPJXqKadSWr/I2DZJ9gL0VcoU9gUPPLwUnmJc7LvifEdBfWDcTh5hUv+cAw0ykkIji1eeUpFpqssG/X33XMM8Q4psitBvtHLk1lTK4WS7q3AXcYV37hPMFnqz1+cvHO4XF/nUkkxeGtLktWJDHCEq1CB6L845zoxM~McxS1xAMjg1KPiwpsp6DYahW5+QHJ6Kg0EBlN0NrwSg\",\"TOTP\":{\"credentials\":[\"offlineTotp\"]},\"SMS\":{\"credentials\":[\"phoneNumber\"]},\"nextOp\":[\"createToken\",\"createSession\",\"enrollment\"],\"nextAuthFactors\":[\"PUSH\",\"TOTP\",\"SECURITY_QUESTIONS\",\"SMS\"]}" + } + ] + }, + { + "name": "Step 6: Initiate Next Factor Enrollment Request", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SMS\",\r\n \"credentials\":{ \r\n \"phoneNumber\":\"15555555555\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step initates the next factor (SMS) enrollment request, providing the phoneNumber and the requestState that was received in the previous response.\r\n\r\nThe requestState used in this request contains:\r\n- deviceId\r\n- requestId\r\n- authFactor" + }, + "response": [ + { + "name": "Response to Step 6: Initiate Next Factor Enrollment Request", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SMS\",\r\n \"credentials\":{ \r\n \"phoneNumber\":\"15555555555\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2166", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 22:52:29 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "c00Hf0VA000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"155XXXXX555\",\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"createToken\",\n \"createSession\",\n \"resendCode\",\n \"enrollment\"\n ],\n \"requestState\": \"DwxqhDZcveG4ju/oDs59LhU6VO77wlPfusJm+6pmlatC6QfvxHx6HO8GkNhFbANh4BfIKEmc9cG54fDEnk6ppdUp/q8oFRcrMtdM648ZGEOvzkvVZfHg01Lm7s3gqqnZvDeXsys2wVH90qBtL00c3HLPKLLoEQeTbhXHlmXpkamLIpuwVImrOTY0vuJYoxY7UxCLVUFUjYXLMAYjpM5zJsRUOK88GcDc7ton8v2ljs0gLSVUPvf6UqYF6fK225nQW0g+f5bTHio2JLP6ZGnhrdNgXdmWWqOl6GEII+Al8x32R+TVUoR+Ha7/TA5Lbo95xSfXFxni2LOt89c8UDuPHknbr8MG7dbGQequBYegSqYnyuHyXxtTKwBDDf51n8kc7Yp05K9huw7MTDYsQviM5Aa8jYfc+/S7Z+HzGHxpgjlho2ho69VNU6xbYxa6lVFAuiUY9VXpMlWtKo7XzPXAIqCHiOCBPdlpznF40usZZo4h/kESvs2dfm5Q5UQ8N5R9S0BN+OW7l/rfMaZGHxv/wjyinOPjNr9SQrkG+W6F8m6wUazFU+LO69KAH3LgmTIvy+PqjjFfmfl/+ljlTxdrtRRjsMooTsx7yAD/BBlVwBM9YMgPl32gWjUhvwKnelHGGlcGq0ye7+/MX2bbVFyfoNiu9Cs7tomMaqKloDEuQ45TJT8wkNR8RPmhDfBxtPYC/u7JZFeheQJBVT/bCcDUH0nQEBO4qiHiy9aP5y1zmvbDMpbDantYXoIwrliVtRs44vprJMdpojRs4FApfRIgns8+HGNbw5F+HQPZIu87ROgGHfNHN84uTt9MxR2hUn6e2TdXXgr7gutzI1jM254LrZ53WKx+C+17sezIHDiDaTZD+YFiFIKWOCshjmTlEjUs8jmtCVeBCEglxUmhyWNvUNnLWNAEJ0r6bwan+R65YR/cuJM9GlqB7gUir0g1J42zLJi/TkXfcXmIo8jdcw7Fvti+GyJxDmVRe0KSRw+UmnGLHp8EPu6+fd4geEvivoOG9+7wen0V6Vf0G3My+SSXLpdfPehhP671ZZHw4Q7hiWXSjJxiSPTSsFp0RDGVfyciBd9BjtTEl6u7yrrEiyoZhB/69huEQP+io19GWTheeu2uV8PQ9U4XPJYkIH+2pEaXD1aSRYliOoHddzwJLx5Vgmng0vmkk3FX4bs3+LqXExHk4aeHi+qU2sXXWm9GSnjJK2IL3O7/fbZeWNoHhQMDC2CfnIEh5l2BztZbIQvBWAUaf7itCQOC+xyzUsIVHn3y4HD9QE+0Eal3enDzxpCXtFLyyB0ZZ59g4K+o9+HnmEa+fPh4nUmRTfOxFKGwZzoTDZI6LQx/QwrwqUVodTaA3fGQnNcpt8wo4WGGbO9JNrM59IaOdSPaxxb3TETm5UXw5R5gDE/z5TSJpMxfuhiQxNJsVLVQ8NI4LDPPA34ZdZA3KaMgd5MW1Hf1AwCwwb4i1ZFNNBTaJx520wSi2xHgbQ2hSAL/7DbLQvlu2RJyb+W4QSaX2eVd8TU0wI8jgQUqeMVU2zLPKcrJ+Kg7nO2GUgBvL1fxrxc8ACPt6XCFLrQRlm47i15s85NanEOVqGsK98MXug3VmyA7t0djMALxQpj9WqYMKvcKZmsZrG00/bqNStgLrO5CMIP252tcAEU/1+92SrGlfwJjQQimjW8R7Lw/c5ls369FGDoX5lU/1mvRCfzfygp1RETaNy0k5O+SSbc96TtH/qOu6ok92+fOaHz8z5fg0ySmXwxP/xOil6hHMtPG1T6sLE/FzfTzNsOkkL27D3t2fanxAuQaXGw+G3zWfo2HqZoKb5Mh6mrNy7lYZCIfIjwQ4eAai33dpff5mI9QzC4ZbM23W1WfuEOz2zOfY9gfhFLZYnscYXOaOjJ/ylAXFbWIr70oaF1Kn2V2XUj8FRpD/FpxcUqslG4Qcw~TezA5rt4gs6S/XjW7G5urhwa6+BhAZ4oFTtrZtONh00\"\n}" + } + ] + }, + { + "name": "Step 7: Submit Factor Credentials for Next Factor Enrollment", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \"credentials\": {\r\n \"otpCode\": \"659136\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the factor credentials and the requestState that was received in the previous step response.\r\n\r\nThe requestState used in this request contains:\r\n- deviceId\r\n- requestId\r\n- authFactor\r\n\r\nIn the response:\r\n\r\n\"nextOp\": \"createToken\" indicates that the client can request the token in the next request.\r\n\r\nThe user can also choose to continue to enroll in other factors. Should the user continue to enroll, the client must first make the call to get the details of all factors available that a user can enroll in." + }, + "response": [ + { + "name": "Response to Step 7: Submit Factor Credentials for Next Factor Enrollment", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \"credentials\": {\r\n \"otpCode\": \"659136\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2127", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 22:53:27 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iuTbi0Q1000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"155XXXXX555\",\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"NNvQx0SCF9TOSNB6sk8xI1D1FkDRSWGKjyx/pwpXA7gHypY9nm+bd8R9IEmbgMNsIWyNfHBQioBdQnZYU0NZ7WImvsQnUv0ztcpGU9Y7JzUBjXF7lty5QcBTe2EmwsUQARLqR32WNuv3aJTod70KXeP21jE9Qt8VUF8j6T3KsoxL3TGeKgsFFRpjxCBkpj/S50jebAMDKdq2T8U/9KAULAQ8v3imdujLrYKlyTwe8OqqmiNN0ykTjSJSMeaaFxg9vEWNWxC7u0rzwY1jjeqIC6mvKVUwFLyaErgDql0RbA6oyAMGEWS88/F9MQ3v/PtWB9F03Ti8pxK8aqbt5zWZ2okWUd4JymNG748CV9UTozNwOEICx2fKpoPPaoAGwJ5McduefD/RzcNYyadTYvCQI0LyGkN72MmemTCR+NDcjT+UYa8/5BeSgjN0l93Qdb+CS0lSA6hpHI0yjzJ/wsTsqzfTdOvpP2PLMX3/vARZuiq69J36OJa1Ek9cTsw2t95FLgfYSO8t+ceLNKSdDqwfVCXuJxT3ZRwACGh85Oex+qiLfiFJ8hIjVddwZngEAue/HHKTgaixPi04Z1XqEz4TSMgymaVsKR/w9op5KQjNJFSJiAcDocTE0A86zKysEHNqzwDPWvUTfS1fRtmXq47zph3ywHg9NwE83rFwCoaXHdIPQk+qBOvoJqPNRWJ8HK/tWEG6cQApH3LOHfQktq/GMeLUZGGtOL0VMKBkRddcmzVg45OvSwbY8EIIQ3gp4pFxmb1ozSJ31Xj5awhRfus2+NnDVIqGuLzhM16sgdboJooElAyZKKTUvG+PDfzIOefDlRGw4enDMFkROhNmw4ear7eRitLY5njCLBAJfLHsY4YYIHsTXZF/6mdxP+0tR6QL3Dmr6l2ING+hA94IqZpMJTp/8B3Mmyf1XF/PXr0IcxRONiEa7+f1oK3mrAbeNgLp7njCRuk2mmdCfuhwNJY8hOAojQW5tcxt/bKXXvsvbAZqn06TCU3rQAkL6WGeFgeA8Zo7aiMamgmKD/NpQ2+hGnJN//V2c+bIEbUzltcYDFQZl58JbyKoPrOluid/fIUFjqMFTpu+m3+4kioJA6OdDsOY43vFH2UyrQfVIFKakLwP5lxQCb1VWxF9HwJ4iHmUp1Hrd8/b/jYEc4NtG3RM2do5QTyzlSo5bw2luSAfLIExedu2b8DhdlIvhcAGB2OcQ7e+o+QfQWdzICeYKdrnl1iKD/pXhbjPmPsabwjPnPX/9FLXPDxYrIHEUTxUCu+qS1YpybJpSYUreYTtpwWO/4v02dr8Hzu5F5MteLUQaF47Hr0C+irF5CRLcEeiqMHeW3PQLIrJPC/l81qCdClnb0lbcTF8+mrBi+vm0ex/Y/EmBKf6jzTkt0hsC1h7CFK1LcdbOo3PmpfKxYb+HpKcYE3fwvmC7375XhLKvqMZz2e1dIrPfvBeLvqQkY7Mog59fyIdss893jxwBP3bRWyTOTIGCpIbgN7flPv8bc7klgroUFunJtAoOEv6haDSw1nBO9ah/VBxTYCcCVzRgppQWRWH2S9rGX4MwUHw1bmKsJFp3cq5FjWk+nEFGYOxld4YRwcVAoGaignJmJOsRYIwwTQnUb7VkdvzYXLsBGGJOFstrQRuoidoPWgo8ygZ5/FgwBwzPpH5+x5mZs8rY5ZgFrpkid9q8SkAHI85TLhWqWRNGSM8PjKzSjpq00KNAkFh3irmLOTI9OIKG4kWwny6COvEDMmoei7MD7vf/lBGTAm+jmRmDCNnv5mEc+mSopUc6668JppTl+O6G2GtLnp4XwhdZXPBVUZukeY1x/nZDvPcgPjv60FpMff7VRCzmhZnnu5sdwPqM4fU6rXrIvoD7UxTKeDT3QXhMvZojDiSDdjZv0PZ2FF9IgljFBPBjKHOx101ZOMqMpcCwr9agiQtOXipW19rcOw+Gs+rjzyf/FQ~OiazRvM/WZW36Ev5DKPg+jviOO3IIZ0iMH9fKfU86eo\"\n}" + } + ] + }, + { + "name": "Step 8: Create Token After Enrollment is Complete", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step replicates the \"Done\" functionality where the client says \"I am done with all authnFactors and need a session created\".\n\nThe server validates that no other factor evaluation (depending on what is defined for the policy) is needed and responds with the token or denies access." + }, + "response": [ + { + "name": "Response to Step 8: Create Token After Enrollment is Complete", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2379", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 22:53:51 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iuTbi0R1000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"authnToken\":\"eyJraWQiOiJTSUdOSU5HX0tFWSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzZXNzaW9uIjoid3N4V1FkbnpCMUtyeklUc3JcLzZKOTZxbjRpZXZMMUk2aEUxXC9STnlCY21NYXJ5dGRUZVVIemxCaWVOQU5iMmtGUmFhV3c4eWJoUTVxQ1VObGRzZk9oSkppVGpVVTBhVEFGbDNNc0NkQThUVDRMdlpUVTZ6UzI2XC95RGtta250aVFidUozQ1c3a214OCtMNEVYZjE3OWN6Y0NldUx0bW9DSjVIMmNpQTYyaDEzeWorbXhuMG0rUFZ1XC80enB0ZFBEd1pJMXNFMnpDQ2FuWHJXSFZRVGNZSWFvMWxGNjhSM0JlRW1kZDl1aFA0Z1dWWUdxeUVHMmFWemdaNFhGNEpQdUV1aFFjZkphQVgwT1dcLzFtemRHNW8yOUtac29TQzd6UnBVY0tDdlRkN0R6V2pnS2IyZXFvcTBCZVhGMEFvUXI0QklxeUZNSVwvUnZxTmlXaVZQVFlSUHhVUGhOcFk0bG0zZE03QVpxVjNwbVwvSnZCQkJ2VVZ4UGNUenFhYkQ5M2hPOXFqc0ZQZDY5SExHOTY3cUFZcFZnbGxhM0grbm5Ya2ZiOWdNNSswdVZBSXhsT3NcL2N1OUZJZ2hqRUE1cEFTXC9VanFSSXl1eXZDT0ZOR1R0UmV0cUpHNFA5ZGN2MkswNXRJaTF2R3dESTlmSHB1ZnRtaVFuclprZGRmVmRvZ1cweEFGUkdhZ1pMTmJhK0N3WVRzK0lYQUV6Y2NJS1BiaHBuVHFwVjhBNlEyVjV6SkNFZVlxOUdtNkVwYUV3STRxVTQxN1U3TlJ4RVh0aUsrZFpzTUJTa2N5TTQya3doZ0RwZW84RVZCbUE5REgzY0o3eG5kNk5QbmNsODR1ZE9GYXgxcGpzRHUwXC90ZXBIRmlzVW5UakpldThVODZXSkl5N0NTSXRcL1JxMlNEbWhIZFwvTXFjb2w4Snh4NXdHZTZaXC9kQmt2VjF2eURTamF3dEs2OFdBRXJkV3RuSk1ycG45NGJLbkpWTTlRR0xnd214dEkzQlwvUTI0UjZzc2Y2UDc2RVRsbnhlWVNEQUZ0b3NJT1F3VE5RajUzUEtKSGhCUUFDZkhsQmZaK1BtXC9wR3ErVHp2VmZsM2Z0T2JncGdqemhcL3N0eHcrUExJN0lXT3RLcTlWY3ZPc0tpR0FLZFhVZ0l6S0lyaFo2ZGg3VHhPbmpRZFlTYVUyZCt1WGNFZVU0U3FpTnJmYThQODgrZGhMV0hTZ0NwYlRrSzA2dGRib2FHNUo4VFphT0ZwQlQ5Tk01UU5jN2RsTVwvZThcL3IrYm9GOHZqa2s1cXZDTzQyNG9zVkU3bGhzM1wvczJDOCtzempEcStGcysyWnAyUm0wR3RoR0Q2cGNOZ1hTNzY5NXhjd2F4RHBpNlNVUFZkTWpqSDg5RmgrSkNUY3V0bW9wam9KMVwvSW5tSnJBMnRcLzJtOEY5WVdVc0pzS1dnV0hFbEZ1aDZtbkhGR3FcL2VVU2R0bDNMY2padXpaN3ZDTHFiWXZsNXIzQWhwb01Ic2lsbmtWUGNOaE5nMldYT3lLM0hnMitPVlhsWHVNTXlNQU1oRXNpRlBuR3ZjVUxlWjZGTjUzbFBSM0JEeEU0V1JDODB0N2taNFBGTzdwUUE3SlNMeHJlMVI4V2hhSVwvVkt3djlHNHJFVnIwbVR0Z0l4MTdsMnpiSWtDZWtuZlgxazRJVzJhZXh6eWRUekVaamNOSlV0WVh1aExKWGhwRk43Tm80eVBaRUI2YWw0QjRyWFpsZlF-aTJHd3dla0JGUEQzamM5cjdPK0lqOWtFWDhQK0hmY2ZpZEdrVG8wTml0WSIsImlzcyI6ImF1dGhzZGsiLCJleHAiOjE1Mjc4OTM2NTksImlhdCI6MTUyNzg5MzYzMSwidGVuYW50IjoidGVuYW50MSJ9.O-c1lbLJSP0nKRse3ecX-p1LPTA4Zu-fb1T5fFu4xZ4LMM0mVKm2iXOl6XIJCqmLcyPQ9qtyqOguoIa1QwE-ZUi78VjidvRfgyWpRmuzDxhrqsCDOQCA7Jl0M9ABei62_hJj9iM1CIcqpiyJ5Fk7t3auGDyCML66XjKAv1Z4h6SR3XwjBiWlw_GmWYeNJ2pBMXjSbiiBbNMpThrmxri6yDJajjJQX5T6cm2ZSWtv9Z4GlhxpqzcB3-33ADgZN5a8-3BkY8tTUM22T3kR5U46FAR0EBjUel-tt2q-4_A05-yEDt6ZKODG_1Sav7-_esYKO8Xzt-Tx-p4H_4IacnWKSQ\",\"status\":\"success\"}" + } + ] + } + ], + "description": "This example scenario walks through a user enrolling in one factor, and then enrolling in another factor before creating the token.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Skip MFA After Username and Password Log In", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "667", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 01:07:38 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "NjvHo0Z5000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"UR8beba3FkR8.....dE1M5NYwqU/8\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"{{username}}\",\r\n \"password\": \"{{password}}\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the username and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"enrollment\" indicates that the user should enroll in an MFA factor as the next step.\r\n\r\nNote that BYPASSCODE is missing in the response since the user can't enroll using a Bypass Code. The Bypass Code should be generated by the user using My Profile or by requesting that an administrator generate one for them.\r\n\r\nThe policy evaluation happens in the background and the next applicable operation (either enrollment or authentication) is sent in the response." + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"username\",\r\n \"password\": \"password\"\r\n },\r\n \"requestState\": \"UR8beba3FkR8.....dE1M5NYwqU/8\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1925", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 01:07:58 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "NjvHo0^5000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"PUSH\",\n \"TOTP\",\n \"SMS\",\n \"EMAIL\",\n \"SECURITY_QUESTIONS\"\n ],\n \"TOTP\": {\n \"credentials\": [\n \"offlineTotp\"\n ]\n },\n \"SMS\": {\n \"credentials\": [\n \"phoneNumber\"\n ]\n },\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"huLbkONYw3Wj.....lvHOVpzF1ZoM\"\n}" + } + ] + }, + { + "name": "Step 3: Skip MFA After User Name and Password Log In", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to create the token if the mfaSettings.enrollmentRequired attribute is set to \"is not NULL\" or false. It is assumed that the user wants to skip enrolling in MFA.\n\nYou must include in this request the requestState that was received in the previous response." + }, + "response": [ + { + "name": "Response to Step 3: Skip MFA After User Name and Password Log In", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"huLbkONYw3Wj......lvHOVpzF1ZoM\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2087", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 15:31:15 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "c00Hf0a2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....nmX1fpVaOs1Q\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "This example scenario walks through the option of skipping MFA enrollment when this option has been enabled by the administrator. ", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Switch to Another Factor During Enrollment", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "667", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 20:52:29 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iMSkD0rA000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"requestState\":\"R8D7Ua8lFbYAq1jVo/lv8ArRwc5fX5XZCMlk9GWFyXjLUSoFCos0y/sDgiDZ6/rtbvU4zrvNFnTgG9tt0EDe36TEqhIQFAPBc4GhvZAUl6ekQHMPJPza64Of8hBqaCBq4lzqNvHCvQZ4ang/T7GgQQMA+PqRk3TtsxVIg/1itdrWySDvsALcu+X7s8QFXVcRafb99ZZVrX014UH62CCsSmkIY3NSPQVHW+D9lA/7qsZqXWaLjrTg+yju5qess6Cxmp+g9jKoOxg7xCxsbYiMpSdKRdoxWalj5OSmio2yMDM~V/eOpWq7S5gZrdWU8XDmPYxezKTs2+qlMd+jWD2pRLQ\",\"nextOp\":[\"credSubmit\",\"chooseIDP\"],\"USERNAME_PASSWORD\":{\"credentials\":[\"username\",\"password\"]},\"nextAuthFactors\":[\"USERNAME_PASSWORD\",\"IDP\"],\"status\":\"success\",\"IDP\":{\"configuredIDPs\":[{\"idpId\":\"aeacac5ce62f41749a4f0ea77b85aa43\",\"idpName\":\"Google\",\"idpType\":\"Social\"}],\"credentials\":[\"idpId\",\"idpType\"]}}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"{{username}}\",\r\n \"password\": \"{{password}}\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the username and password and the requestState that was received in the previous response.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"enrollment\" indicates that the user should enroll in an MFA factor as the next step.\r\n\r\nNote that BYPASSCODE is missing in the response since the user can't enroll using a Bypass Code. The Bypass Code should be generated by the user using My Profile or by requesting that an administrator generate one for them.\r\n\r\nThe policy evaluation happens in the background and the next applicable operation (either enrollment or authentication) is sent in the response." + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"username\",\r\n \"password\": \"password\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1989", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 20:52:47 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iMSkD0sA000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"success\",\"nextAuthFactors\":[\"PUSH\",\"TOTP\",\"SMS\",\"EMAIL\",\"SECURITY_QUESTIONS\"],\"TOTP\":{\"credentials\":[\"offlineTotp\"]},\"SMS\":{\"credentials\":[\"phoneNumber\"]},\"nextOp\":[\"createToken\",\"createSession\",\"enrollment\"],\"mfaSettings\":{\"enrollmentRequired\":false},\"requestState\":\"bH2aK8nVAsxJImzj39JU2Zz99AoGmksUCqkZ/C+aIi4fFnZSmOT0fQ5X0/ldcXLvf39kzRA51tJylUe5Dtyub6ljribgKh3BSBWNNef2KM4yUnQDGAYp9KmRioPjAA9E7gt9W1NYOdK01dl5cUBi0RzPtb9o2qstQ0NyJXeyvmOM3s+0GzGzsoEe2kA8vqtkKDb2hOTX3njBmGujHO931O5VlNldTgIlowrmXHyQYNuxlK63V50UFWBCFdgj2QsYrXJaev9fdf9/Vl+pEi5oBQRbATP3r6U0zWgiiFMrS++JzSwqgrrgZPHTZKJ51E43pQg0fDq3gs1FAllFkzhEOBPCO0ffjY3p/jwIz8hL4yC/KaGwsjIvD7QJO38HPfMkbbR5NW5x7+dprSehY4BCtTJzBO8lDKWbwoe9dM86AZBVct4Ltv8aWDfVuUV83tv1SP6u522lfOlu1yH2xYNLCHxELyvLxkfeDVAHugn8yDEEJ8BcO94Lx/I+a5PNfoRcwVqsXeVbxFEuVwe+74YbAT5IuE66VfvgzPehWxnHBrkHt59N45lbd8x6GJFnrHs4OBPnlBgb3gd5/ioMkG79TMtWwMaWS5QCqQWIgg95XbXRru1fcZIjG41u471tjXPhr8Lz5wMyuk2cYH15jhhhglcjAVJYAoAoNKl9N7ohxNXzFRtTnKH3ufeb1E7iklCJH1zkCnOH6AsGL3VoFLm4Wt7g/VuR8UEFZ3N0gJUNz8rC2uMh6U1K+oitT7Pq4a3JFu7MUc0xJ5pK/HxDsiP4bdc3TALHT1n7MdULJY/GsToNXgalb2BU/geJgpEHl3b1/PlFjlvRFvH37kt6HyNconIWcn/ZPnpLQaCq//8Ggp1CBbjT9mz/nxUySRiUpwNglceImGilKz4Hl+Awt5eFHdy5nNsHGVSvb0kXskzydFvRuaDayx/7vE4dMvImMFaXHkp0Zqfp3gDcbQkE9m1WUAnbH4edLgfILN7a+sGtx4tPNbGPAarXq5hJwQvhJJ8YbHfRiV2b3LMfoh9JwQN3mlpC2ren21KKgfHHJxs/KLuwQ5eWE/mqh5wMyGds5a0HBeOz20HcfF4zW7pmOHKWll1NBQD1r7/xGTUS4cxFvo/Y65QWvBkxI5+B5RRb35bnbkBTEJchaoQ49ScjFhIsaqFDj8RwCsIPrqsuMJkoH/3MDBLRYW/6Jrqz94BBrOSSxjrBqPdpLE8Fz50BhFQpQgqtMWgIS3V2HQ8pto9e9tSvusnv/5TMmayRjL/vFQjQ87I4+kIjOppe4Q8W52G2pAutyzTQRQSio2XXbS7/1ZgF+OyIxqRHt1kBVxt9NCdZFTtt/AG0B9De9K24M5BiirxE30n0uydINUdST3EDe7yOqP1ksfuDxgEbFjIK0WxUADx8q3PGOD8sD+EQhpyx+YKE64wNa0gVafGUXhpHCgJabFpcnQ+zvnrAVOGffZOP9bJ2wB/P6l0cA4zn2294Z0Yf9zuXKpU32uFdgKNJPuI9cwKY20xiJ/Ndl3csTDfQdHsf/x/imKQM4xLKyVE+i3cVmlDinRh2470ag4rXRDL1yZ65DsmHCjDF6/bit9+beIar6pOChzK9JhCnGTjsDyPd+cYMVPNkFX5h03WTpG0ok5MGM48+ZCOul9MlD+Tg~x3Ur9ficlA5eah8a4XYtJ9Hr45yK+Rbgm5Tf0P1s6To\"}" + } + ] + }, + { + "name": "Step 3: Initiate Factor Enrollment Request", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SECURITY_QUESTIONS\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to enroll in a factor (this example uses the Security Questions factor). You must include in this request the requestState that was received in the previous response.\r\n\r\nIn the response:\r\n \r\nThe response includes all of the available questions that a user can answer. The \"numQuestionsToSetup\" value defines how many questions that the user must answer in the Submit Factor Credentials request.\r\n\r\nThe requestState in the response contains the following information:\r\n\r\n- creationTime\r\n- tenantName\r\n- appName\r\n- ecid" + }, + "response": [ + { + "name": "Response to Step 3: Initiate Factor Enrollment Request", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SECURITY_QUESTIONS\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "5320", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 20:53:07 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iMSkD0tA000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"success\",\"SECURITY_QUESTIONS\":{\"credentials\":[\"questionId\",\"answer\",\"hint\"],\"secQuesSettings\":{\"numQuestionsToSetup\":\"3\",\"minAnswerLength\":\"6\",\"numQuestionsToAns\":\"1\",\"maxFieldLength\":\"100\"},\"questions\":[{\"questionId\":\"FavoriteMovie\",\"text\":\"What's your favorite movie?\"},{\"questionId\":\"FavoriteTeam\",\"text\":\"What's your favorite sports team?\"},{\"questionId\":\"DreamJob\",\"text\":\"What's your dream job?\"},{\"questionId\":\"FirstPet\",\"text\":\"What's your first pet's name?\"},{\"questionId\":\"ChildhoodHero\",\"text\":\"Who's your childhood hero?\"},{\"questionId\":\"FirstCar\",\"text\":\"What's the model of your first car?\"},{\"questionId\":\"FirstTimeOnPlane\",\"text\":\"Where'd you go the first time you flew?\"},{\"questionId\":\"FavoriteSportsPerson\",\"text\":\"Who's your favorite player?\"},{\"questionId\":\"FirstMovie\",\"text\":\"What's the first movie you saw?\"},{\"questionId\":\"MaidenName\",\"text\":\"What's your mother's maiden name?\"},{\"questionId\":\"FavoriteFood\",\"text\":\"What's your favorite food?\"},{\"questionId\":\"FavoriteToy\",\"text\":\"What's your favorite childhood toy?\"},{\"questionId\":\"FavoriteBook\",\"text\":\"What's your favorite book?\"},{\"questionId\":\"FirstManager\",\"text\":\"What's the first name of your first manager?\"},{\"questionId\":\"FavoriteTeacher\",\"text\":\"What's your favorite teacher's name?\"}]},\"nextOp\":[\"credSubmit\",\"createToken\",\"createSession\",\"enrollment\"],\"mfaSettings\":{\"enrollmentRequired\":false},\"requestState\":\"Z3yksGqYcNDk60mFdMXY2c3wcEfVThJ0iBCVYMyazx5jBXFEeXFSCfq+P54ZF743ZV0boyEW142GBunajsG375lKQc432QXhdXyXNLRfYUM2VE4qLT2oxMaF4JMxSEckpbMcHAZ4EzCB0Rn6yqusIJ2DKJScRzDtpY//3uXepwGhyPIUudAuYK34dptlZZTyJ1hSdDg+qN/SI++DMPOO/oZN8U8JzMX8EW1xYdP9cjDUbh7Vll4WqXUSTS8CFwb5p00/1XnDnv19un2yljzhCCpk078Se1Qou2WYR8riK9OQ7IlPQjKi84lNJwa3dNUHI1PZpefP+Qop4fbLmUY+6Yq1HbVHkvliALIcaXyK7l+Y3NcfcOeEQwA74jCg38FpJgJzzodFSybGPzbF5pWhWObNS7MmryF0nOlM9evFFfmwG31kEN1AZ9u0xdejXRgkPyJrXE6coos5lLFGQYwH+Sf4nKYr7Jq3QI8txUlWyMBy5XQrmYdKLVYXqJ01SFW0CkwdOLwaY8mxAOzQfXKoEWOnzuLS3VOX8APoeSY3M7+0lzEYWpRb4QWCIjGaUdjZW7YkNHdbVhRLtEtiVpPg+gI8Y7arIC4Cozba5dZg0h6OXpYL9x7MfM1hbfF9tICEwjRFy/O+0Fxu8LMALdmiqbZ/hwU6Izy/AFrYbEgM53x/dVDvtJ7gVopym81r0u6rR2JBVgQslfeRZHLbj9l45UtgHBVp6FD1i4a0l4mA7wFcEyQuGm4fYe6aUs3frWwu8OIBwwcktu8kfgTDOotmZa1WVashMRv/PUtbsgnQAk2NxgZhDPW9k96LqyJY0u+RCDrczv1Zdz5YLCyontn9jPhELixMckTXKpYS9A4SAsTASwgXNZACJo/a2kB4EDaf5smg5xvbUz7siaDRoHy+v/Fs1LKDBb7/bKw2y+h3vSxo7FrzOXHgl8012zUyjsxzjerzqbw+C30eAJ1MbIgM4m+cFVJYVAQ/1o5G4t9Fj6a2clqqBNoAxvhJz6TYr/mQB7mLzm+ClLo0hYmL/XjDEVa5zd0kAvwaUbHLx8lKR8bg5yES9bpL55aQBPmq4BO8A9+HECyrAHmGgpMmzzWibCqU9F5zs+MSseFJb39PB4deNg8X4R9JqTBMsm/P8wTZv7g5GXGQ/dumoKNEbpvLtJm1l4U1D6pNRAIJCMjeaTyAvgfrwIwMRG22lbFZtzTdfWZPM3ecFVQgAC5p2+llAiapiDQ8N55pYYlePclnqlVK4SMPvl/jx6ieM/i5uaeSWOjFArh7CXpWKXxTecFB/mwT873n9rA8qDBEKLB32pAlnpvQfA95YFDQURoXnQhB7anAHH4pni92HiQHUYe24n0EudA68dh+zR1AiIdh5LptbjBQbWyHVy2DQsZmiRJZibjLgcLhtzayJQ+f+blmXa5BN8HZLSWmEbwRgM3jBkhpJjVIi4fM5mR26EOqVI5hM6YwHOEUEYTIYWOivxt8VKMOt2O9RTe75rFGo1nho7jXD2Ay1hDSEKw9l9JuM2WOQE88SzopSY1pttQ6qmzkfWcu83KHdig1MzAse8s6LK4MLacLjN0z60I7iO58raudzBkiG/8dwEo6qURFku1bKTHnKTBY+zrcTdb++A056HPxIp46YZEFXLM3a5KtZy8Kk3mh7jVOxrazrntPdQvzOvxzP0ZeMxzgSpPWiJsGCrZwRspw6bQzFv5Gl/Spgjt96kgkkMMkFT5Bh4ZtW8fHaQl6oQT+p/WYQ24zIhZp1oQG+CqTrVUaT4Wa4vsysipcSoqkO9H1IqLOBLkJjoI4hLIvUuda6iH8jzUPHudNUVLNeO6YoPqpket7GXF9H5l4ImUaA7XFELnLzFavpEfRaFFa5iQp5QrO+onvu4wlPbCCaAP5JJRT3JVlBBv0QqVt8jWwzstJvpvm9y4k78UdfZExEFdoontuh533oZWUauZFf3Vqqt72jMXPfOeMCFAjeRD8jqi3bYS8c7/euJ/ZczeyxfQwyVl2cth/jRdvy4CaTNznu4OO3Nnp4nTpnP0B9g/6W+oI++q22UovTWA40vrmht2v9EwTcoGkG4I8iFbobZ8t1HsGxB+amhQSU1KCfa99mbCVQN2+m50xcyHbL3rW8Mv+KVwGNmGDVCIk6la/NN0PT2M7V+XFrqiPyA5FIdNFKrOTbbnxck+NwMVkIqaIhLyxaliVuJp2HfGl6/a9o/jOkBhrmjbXt0Cn9Kxb8pFTMaB1BTABvQyh9eHTuUjOYsZV/DO854mXLxuz4+Nbw/dPkJa5IItCpWhlQY+G7Yxw2iXQLhM9uD2B1CkYR2Cl5sUOyeaGXNVGRv4q2EJ2MlgPSHRcq5hCOO/8fnHzqyJt/Ew9KulVElwNqcha92N/yFZDkF44KDV7ggCP85Q7AHF/Ua+v/aikgsjkDqh3XUW1c65mgthrXiXrfXE4CgxhcSlwpKdrGoHARd80CdeSCMwwX53mW6KzFS/uRlBNbzJl8sMYH/4UZJoE7B0er0aZdZtg+xrN72+JyYHmQQdiJZDLl8pb7irhDToU8VkSAUYF/418nJ3mFOmJnNURcnHxrAMlzWSbumRVwg4+OEqh7rxCrn+z4ffx/AOngj0N0SmCQJFyoPwU3uSEF8UP6c5K7uK86L9+s7I75fNyh9ge5Mo3u2pXp8uAgpxVCBPClGvy3uVlKXnsXyB2rQw2FnALq/sx4GoQtQLFfpLG8nV/CZG7mAq7WUbB7AGD3ArKCXmdFaT0ZZMVpW0iJJdMQy+HKhbz1sAbxzG7eaHvL3bRlQa9imOQ+IbiyPxpHzoXL/cmVnNx+rnJCkfR4P3alQW1KcBPXDVTYtfhpCg3wO5wIn9kpW8paEuuwVisPmGCefkh1EalQBbNnrc+mKt+YDpZohKlahoXsKZlfr6Lx0iTK5tkvQmqpEtOocHV8H+Tl7AweBf1x0kT0K4ynqBt/SsZ7TJ6MrK53Af/x3QOngy5CAJf9vDwgRduxWG8Zi8APSi4hlk4dbWMCJ/FO1u8mIXlPSabwKOz4NJmtpFaHgabco5XE5QohfaiXayHyz+GWcUsEbT2jwNu1JnrNHsp0WYTQfAd2dFixfcWWndj1MXiggRs6+l63D/ZpYQzizl7DLpLaGG2PehTIfS0DO03j5avxolbD9VcZDaJ4BnQ9Mz/EZ/vgbO9vXOi/t6rya8u+BNnCKPj5eIsYOZB7cYZMycaVXE7M0xaK4RAl7fY/AHuz2zumog7myE1WigHgurA17CF5m7N+pg1JAREEdQDOJmfnhxWmzzL48OBv0Jkk3Bq1+hJbDH0J/Y0a3VcwFxGQLbQ3EY2y1C3nu8MEtigC/rmINAr9KI30chAFCdkVpm6mR7Wkhd1iZaWPT0cgaSuxokKJqlnOzmIdnou3EI+1LOPQzOkPdheGaQadlq9TlsXom59Gfgh5pNmVk0P2W2WXrdFtyKuKZG8G0m5/b2l1+7Eu1m09OfJAZjisW21B5cwtZ9ix4AmUIha4pKoHFrG/ftzO30kd7ZugzQJ7Zhpu+m4vKVo2t4m8If/Q2Hc2FDUntGOBxlWfSvkzByMnF+4Zh0iTMrARI7vC5iDOXm3f+FGFwiDZDF14V3mjZgeTkViWvdXUPcSqp/9Pyn1Tzbso0M2yVu/AA/XisGCD6idE/I6VdZ+BY714j5qBsFN5tvt//hu5dXkGuALXSFY0dDhEadXltOrMia1RT83lZKQzy09CQfSmDtzuIaKzExXe3N6TmsbIiRV/cKCA+EsROStmg9HF1ObikVPfvrMcYmbk88Y7IPsv3guz5eS0AIUe/FB5VwNRJJOBDiaZWltbVtW+GlbBYJPQzZSApBLavEIkw~zMmzAutaogMHCDGyqmmDjmTy9GpW0InTHpg43PV4U0I\"}" + } + ] + }, + { + "name": "Step 4: Switch to Another Factor During Enrollment", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "During Step 3 of enrollment, use the provided requestState and \"op\":\"enrollment\" again as the operation in the request to change which factor the user wants to enroll in. \n\nIn the response:\n\nThe nextOp value indicates that the client should submit the correct factor credentials in the next step." + }, + "response": [ + { + "name": "Response to Step 4: Switch to Another Factor During Enrollment", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "4208", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 20:53:26 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iMSkD0uA000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"success\",\"nextAuthFactors\":[\"PUSH\",\"TOTP\",\"SMS\",\"EMAIL\",\"SECURITY_QUESTIONS\"],\"TOTP\":{\"credentials\":[\"offlineTotp\"]},\"SMS\":{\"credentials\":[\"phoneNumber\"]},\"nextOp\":[\"createToken\",\"createSession\",\"enrollment\"],\"mfaSettings\":{\"enrollmentRequired\":false},\"requestState\":\"O+ND9CQtwaShmfESFENkYXnNTju8to7q1Gf7jQx4Kl9OAUYjvLXSE5+lgYvbSAXxtJe/+WnONaadyNqSxVdXKSIRUEjITrsLPgEIEFu6kR90Ao6V5zKLCOTebFkDldFKhA880DUhifSZ1k9c1HeO016G+IFTwyUttAwAjpuWFHVJ+Gwfe+YnOXOFeinNjsIRnRmQGpDL+FCljhF2V6yf06r8D1qXzH0yR3FEMdl/RUVne2pAl4oFfm8mNhUmpREGu+IPU7nftQh4izs1WqC1HtAmvYQ5ILyizwRBwgBbEWvIwszW2VanjXFn78JBmp3esc+ayveFLvdNrONe3s+yU8LaeoGkgMX7OfMiL1UpQkyWT+H5MAROysKrnOFOIGDmLHDBXEqnJPS32+KFfoVTxLcwySNvDAJtNlZM6TtbXgxkIj3zs4De6sgW9SLzTGHZW7vXZSwdYpfCbY1XNbDOqBGSpBXJ5pRANcaBhypykUQv/zwSRF05+XytSkpJZmm25ecCLMX8I1kraiW0bg7O9wZJLku7M7Tpk4JaSyuFKK9wqFtDbTHYw32blBr7ZfdONMshSaerfWv0pZEJhKGAORpR5OQMTOMGmN05V+aE5Oslg0xEsnp/9PHrzO7xNHiaDUSPG8Y6mUpRHq7eo8t1Id1gkb24VdINNYfqqqHnFTYIj8RWCgaJmmlgQpnyKGfTWB29tx+qGJK3hd9VZD5Dvn79EqvaTN/LfAJe73YzTQI6CST412vE1yo1/rAKAhspmdhBkyaxI408fS3G5JlV4QSnPd8rGK9uqV9d70lP7u5XOJA9KiQCbQ7BfzrGeivbm4KYNIoUA6bJWARbMyioLRgqmec/PSVrYLr0x5TwPGdL16NKGN4mwxv5SBILO2zrveOzADcndlc1anEFd8USLHjmXEp2MaXEz0xR/gth72Yneu/yDN0/WXLHqrygAT4mJL9g9ElUfBuUiZwIAr7QfZsoviaHIcezux1WLpcotIvGKjjLz7XW6akcgs3VMzuhmoxMa1Upbh+Z07WaZkFrQS8jU/B8BUjNnuAh7NDnezo556xFz8lHlXq0Hq17vAm1pySRl7rqYXcUGd/WsNSqh+GEN8o9eNth/YLlV/2H2pL+b2ksd7hVPymNjoOBJwUsZXIQXZIh8KkeYm7WFGJsUbWvtvlI4X3wTKKYZxUChpQ5sCIhDs0Jjbajm0O1c9KttEadPeos3FYWLLZQfSt4Mw8KdHuIf3Xs/tmjsZeu3bDZOsoVP0dYT4FIq+Z3PbjNPxB8+9ZtOeTFruUCDUSiZVPZ+YpSynrgk1MqmgPGebulTaR9MpmrRyscTmFlteJFDbihv+iyUYDE7cdlN7ax6F9HY065CkVgOyDDzvhWXDitlRE5UfORLsPeIfVglCvGHYU9dt1gIEaBG/3ISBY1/6mgCqpYwePwi+x8UV8RNzd7/iDc8gwl9tMjB6SM5mBA2d7LnS8XOFBHamlGVhPZJ4TCzTbdVbIzn++NAp7OgLhBs0/7uNDGSSkq1pV2zfe5pidgexQmlP1HHjoK7WX1ZtHNSLlYA1BttuzhI0zCGvpLH8GhLNy/r3DMzgi80nDxcect0VAks8fcrpTm75s3V95PIckV62X459jgOOHfZWBQoNEhH7hYEdeH6Ny2w7ExXRIUtxC54gFHaYbFcio5wTWp5LJIHuBGEdHJ1If4nQbSCVnXd9wFhccvX86rJk4CZyvq82Ng1UDuAWnwlqPH241wcAlzLZmS+l8uaiurD9Bp8tntAhnnNl/SEQgbYKLYZQ+pBGiK8NmsdHyM41gjoADzKMYlbYSLCjIIZFLq02omfwRVELluQYt69yvs4GPf3+LGQfIlvL07OfV9yPxEy2y1/1RROmPRpZtODaBbHX+unUVlzBcYeHJlRQNJBqrZTTg3GgM6wJ+OCBu0aZ1ZXycB1lleOwUXzak48CS85q+8UTzdJn4gohuVA9oW1KOnhCK/eeTBOwtizN+BDbiYENs0Vq3DJg0/i+VECG0BKVMsnoMImQb3C41JjWhVCpHYKoof8W255xWC4n4M3rYigHQpUjfcm0MXCmmV7sTI8SuwyvRr71i2h3Z0INYp3+moBba4rXQwLGOfrIl5JnaHQoCdRAykbXPNubJltDqzfB2Cm/TteT/Pr1AGxTz2n1HdQtYgQGgU9PP61NXHM+gS5cRGBEXDx71ywVMW/TVdiA7ErKqYpMFY2i7qgSXS1/72bnHHGN8lUXsDga/mK67H7iUzrOdzDk/Dde1rw7S5CZKla4OB122rRcVp6Z5jlGWad3oIdAHLD8wthJeat3Rl3OCKQf4kBdlvucEm9xfKW16OAbethqeCrsnxpyquLaPTtZhX6yoHQGGzuH/QD17XeVn+2bYg6ebyymU+zmgS7IlE+cf9ggs5NEkKqL+AsPOyX2QEZfMYps98QWVC9mV0piN0hSYm/UrD3ZN+dTmXYSUESeJK2MDOJfuhTLJB5pSv9S+id6Jzt+ADR0s08HUbOBlLQyzxo9X52TNuz+Mggb94puC+i+IvsHwn1/eY0Fjd/bSNU6lwSqSrwIK7tYgn+XnRQnaB0qeDN6hqSpgvA42CJEwbcmS4zq2zCn3InqXgLhFaQDBwFOER6Gk5hAX66pxnfjDlKevTsEZEOwDXyfvDMP6tJK0Rh6fVUKWJlvu+xt/rc9HFFCSPUa+Sw/UlUQ4uYj7VqbEiu+idgDTtSaaHJrM0zwhHq+dEYDSPtd+Q1nUur1ueWRi3nO9y5+8jBnMUL0ECWoCzhBFclcmv+6l22Bsvn4MBYLaouvJRdCICvt77uIpsLOdZdSQVY09V+uJXzWE4xsJAMvm7QC9iIvGKMwIloTGV0P5fkoGXpUVpONI61CR7y3a+zAvpXDj5QUIBQLqp2Dt0ZjyiCy2ArSJJhNM3Evvr1dfoRQK61/mKgnWc04wh+KiV5xAOsx5hhR6Tolw2+X0gjJCDCFgT5/bDWY2nTl0vIH1O09wgCThGHXWrf5Z8Rh/3Ld9/TKRMNbtZhdIETpCAUoUSgVKx0EZ//cYIJvJ0iP954qcTSfFbxCDlPp5JVPTFSkhzJYksm7Dsb+D64Pjojp7SwP6/ichQrGJgM1RcvO4zbCK5Hmah9zFqM69TusLlFOAN7ULauxa/qTUAU3kcIhFmINBK5yIt9YKH9AgMxmWdCs9j9zBS0bqEb8VosHlkoFuh3atgvGk0iyurtYscpivHJzA1ZCpbmvAv9mdUqI2p3mFLMxk4pqkohgv/MehZ6YbSfuCrwIRzLxb9alnyawVLJ2EF5acUQ3WxV/XibrSz044AULUoVfdqi1uaF6T0lMa5hg/8k3URemtSTmohG9rZUkkCHLKvH6GZ7gdLIlmBhbtGyiJs10hOczf/3erN1IwOLqlTx1RuNGcniAaW0Hvuu1o0o2MKUCAdngqEj5YBSe5BVcheKt1VaLJMNHUKQqZm510pQnWbI2dzLZR8wuYFD45wA5eFwXIIfEh2T24wTLELW9ES22nEPilrgfsYXhCwWNdHy9llzczTmMGXbqFbwiAe3+611JYkD/GaDn+W5hbWwRqHsq4Bj3ZBhK/8l1tlnjpQChpIYkLd8kbu7QWXtO9z4/uTepBKira+8DE4yAgN+CLOpkLenfOjoFY0FezbnPxHpIiE96j5S1+EaFCcZblnAvzZovoVosqq+7Wf1unD4t6nbGC27R5UUEZRRgCxXLCRPF5IeCEzYbcVpk4wlaMV4Gyou/PIxw1c15Yw5Y3RPVtW/cEMRxRetVNALZY5N7WXr4Da9PtJqBqbz51q5z5qCWv2hVBL1H3bM1CcyastUx/heeqOESRVXCxLjiL87wD2WQRmRs95svRwLrarguuK53w~OTqWxwdnNTLFKRayTyuCwUhdpBF2ZRuTWl4ruQv6pdM\"}" + } + ] + }, + { + "name": "Step 5: Request a Different Factor to Enroll In", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"EMAIL\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "During Step 5 of enrollment, use the provided requestState, the new \"authFactor\", and \"op\": \"enrollment\" again as the operation to request a different factor to enroll in. \n\nIn the response:\n\nThe nextOp value indicates that the client should submit the correct factor credentials in the next step." + }, + "response": [ + { + "name": "Response to Step 5: Request a Different Factor During Enrollment", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"EMAIL\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "4271", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 20:53:42 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iMSkD0vA000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"joe.smith@example.com\",\n \"EMAIL\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"createToken\",\n \"createSession\",\n \"resendCode\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"t9+2lJ8TRV8KlXb15l7nqG9p8NM+lN2WY/9+EvfON+oAwDfXfgLpbWdO1GHh9wNJC3ESxEOY3WooUGtkKffV8hcaPpjLZ+B8HsEtes7mbICZlX/PGifddvUcNNS1ZVNbECBEblLtltfJYIkO/rfFl2/V67oBvG5ox8dPNv8Xx7JBVIQxqHzD+QJotcopukpIjsDQHmB//9V3OTnByotg8DiwGq0er6gH2xVrpKBlj8FdOwvLaAcckW27ihn12XGldzp7eEher/JTFRUR+V9bG99F0+qWkBkGc0ATPchHc+oPot+UlcSCRvuWNRZh2NSgUNVRRv9NdsqPpT37A9WcMcX/VWLm7LR0ljAbrjP+2xlMW76cdm4gDKlxb5NPchRb7BNhQiqPBSc+Ga8H2HyS32vZhzQ5EgkYYZBx9PSraJ+Szkju44Mc4UkcQoR4luLDlvY+y8+Ky7xrhhvrCJE5CqlMvdjqAKL+wP0xQTGWvhJg2H66QN4m5iUc5khKC0/BhG7GTiyIMY6cuBKb8jrr3BMbN8Zq5la1dCugPYUquwttxvQSyIVejN/1GifIV7ntSSoJOfBAFMstxGE4j+96caA2XV+0NZlDdrIo85mOqcj9i/pPI/6ejTGRY3jzVM/vC73sYYb3/GMssPUMFNI/CE42jT5q3nffjl4KVlar2NbS4m6zi5nhAGzWlRK2Kj+CB6uqjJPs8B4VYlyHBPCqfmtYNiw5+semjhvYd044KAuY3ChcAk/h+Z1eOCZqNDPCZws6BBwtsPj9Kgtd3gqq0mIZV0c7p4wjAgQh6RJsVF6q6omqb84a0bqnoAvU5ADOH3MLuZWuvVrPY/OZEO/hNlzV9DodTiE0vc86y7yCbgZVHiRFHbd5n8Kfo58WdWQd93gjuUWP9xq5/MJirPcP4adSIk/ofGWOjcGPsBk/B0sY2T2TFGgKVsYqQXDQiVCE3SW2YaBmUI+ggPcSBZ3tYkjVO9SaYGaz5EfY6E2CIjfigeSiQ0e74or2BC2fIj3OrFJowRZm8OebWoEtku0ElXl/WD5GlPUESuxVwJHzjj7/Zv1TyxdiBtBdrrDXcHkdUemmsJ+NTSThfcbrEzQCfdmCqMSOmodOWKibLmZrACFqFa+fpF8Rurb7+fWwp2GjNLL0AzCpqIGtxqOXyCmMqf9DmYApcZcij1pdap9rr0+qRHXH3WkbjeDYSer4NpBzMipFnXWkgFL84x8XBENyl5gsPnERxBYUxw+APUplIbx2yoKH6Hzb+RmlpUD9yOce+rqtvFKKUnZPl9bMnc64EpPfsdoioStH3BIPwWmkFV8bt22ckCi6fN4FkY8tZHj4AXJA4U+h3Nbm9sAsKo+SC8Jh7XLd8/5JmNbqcD8Iv453JsshDEU/P+irZPQwojlSvUjVDxQVz+gQWG8Bi3jUVdLkgboyJSog5jJ7zreq7ZLyUq0hw6Yd0cCrLRboOtQrgi5ty0GaySINJkUuO6Vd8qmstIDxXS6cip+6UacAtoWnQ0EZ+Et4KFA0/ZKATYOA1KuLb+l2knflgGnZtUM03mjeVjTd5cBO1sE0tZRlboJUwsWophdqc7OQz2x16/zhRNKMOgXt7M8yX32f+MmdbKhnPt1d6/YHukZkIAYOk84CNXzArfi5sn6QEAc3uklm8Q6k6WMcTZce6L3a3t/5SSenBTpGpeijFCFUndkCOhQ9Qhbi3SUtpeZhabeuRpukm84/7+4O2lMsFi3MANfp4SzAt0ohl3sxF1mezr+5kLPnm/PBaaF6UKT/+ExYD5N0ELnhY2G3OHALXYi/+u99oP2cpzXTSyl2ibEUItYnVEEV+TA0LULj/4V25uV5BYBjoGwp5+hjWKitb3CI1HVGvzXCrhv6KqC92N46ucMRpbL6VoT7sEGP7HSmF/60NDBunlef83KUKoBlDOFLMGsAbV9IhWI1BDxTxwGgRWW8CWF6aPSaWp80OTDMA+3cmMRQVEE1RDJ7mjPL3YJ1ijdgIV3HcNzlEeoHD/ahHB92ul+02B66InLy/IGKgkx+6VBRzjTBo+xU5VeQWGjlHAZeEGgLZ2gJKqYkk/dPV+s2oV7EiwXUIuc728qkh+pCIz0oZGDTuvvQ6HEY9n9jAmq6fvT98HPN+VTyxOfx9gp19muAIGqvCY12u5MdhgTecFUOXqbNHLhpOHlhAEOlscoYSG0BiOG/aONbqLx9CStXXUCemLNnklfh9pc1G3QrBmAJv7SuOQbY3cwyDODkziwteb74BpcPLo6n5DwF3zg2YzTAqMcbZfpdiT37P55+mNxldB6O4+Wah6X53H/RDD7IuXw3MX4tycDld/uoct6HITVSnvvBYS3G4JUgroPsOEIXtiUUAYXM7IDCDw0LhHOv8fNh8vFp9Mou5qX7y5v1tQ02KiAJgG01COgE74YvfnBsvDOH1ZCPH1fCR/r8x82fcGLWHcI8z2Keuo9IniRQ++txl4bEt62vpSB3vVWVZ1mhEANgM5SGQ+rzU0wQXqPgII+LqPdkw17NRNh2dgWU6VQ8F4yhYSg2u82Bo6RdPsO4CfPpc87cDhHZPy6isV9SVFxFQXL+sggDNYuoAfgQ8GdmmTIlQ5zX5wmeHgJv1As6R5LZYhdCh+VtGAPDFhI9V8rvm9bSYP4n/7Cg0NUi7jkQCV/Qf2R/3FGVtYaNa9elmlAdOWKushrHuQVSzzCMqbh8fguCLPS0HKF/S9ffn5er0txC7Pf1qivmC9P0yGSbKu5dkCkIVZuk2Eoxfjvp/lYllfx1IkvNJMZJQ7gMuto4m9Hvw2pFuGa5LvS/YwHIGxzmzqJZ4c8FZuXzA2gn0HksqlMBYVZlhzCkTbGwaq+4oLuv6JNMn33qhfZfzyM2ZMpiQyOUClBNWIj++OV88huHKICkTzPoLMjcwjEBubIJaEUJqkQVvvsDAHrFa6iauSkLhZlza6cmd4lWPPL9FPLcylAqeO7ndLGUytoF+ObU3cwFt26j7ZqlBhTKBMtFvhe4ez/cnt5JhNiBeHpyxVSP17SAKk5Bnm4KKO3wpDdX7X35EZ8guWuwQDMscax62bSBojiSkZhuQ3IRgIfl9xHx5T7ioxk5z0EYQYlp/IPAEItNMSr2NHqNEhAVx7AwLHOa0SyMCOoPKTRusp+rPQfYDxVAk8ufzKwO8Jrai2CZG9Wv50azFHLLCac0pg2h9gLTOc/g3xItbxL2yEpiI7uRMz1mA4YAE+bMzsvUuU142Af3+hoXIKSBJacqYExiePjLx6eZEL7nT8WgxMeT/ijznACxusagh53Hfd/ed2hMxr5CNZDqn5BRk+NImQp9jMVSbr17NxKG/UCCmnOXmyNg/+NFiIbq55giHGz0BvGqSxpgkWTqjit/TSKAch6eVC82IvPsVXLl0ihMsVdTOwfap3/HXxGpA6S1AmswWzekluxv4WLEkxVGuyxpCbvk3dNyNDACWpPA0tQS1Aj/IkWxtH7VSpkOTVe6fLfGyl66kOZ//GYXu8SEK1Oqw2ytZQ+WpIpjKjT+DsMjDaRs4/tEmKxGFcBzDp3oh8uWxLs9DK6aeiINmwfwhk+e/atR/PSFljutq2Mt+ryyoNDdqXVfA+vVO8BN1Glypy3ESwRIXmA/FQWESC3zLcEYig5Kxv6d2pg4HMZsw7Akdb43p6jdwpk3LmsMAI1b9eU5/rI8J+3DrP5yw73hdcOlCEbrA1B+/h/5EKrFMo6NGz0X6FK6mIwm0YszHjaMbDRXB8V7zXS5grQaKa2vGa5scC21XQd2KZEc2vhuB/XYjsy9yjB0mNvEGm5gXLs2hzaM4NIl7ZuZAHPjnwuXbr/9+/44eHBw9ZrbbPTdu7MVDaQCnQ7u7u7Y+ZJamuddFEXupc7k4DHdIxrMx4wD+nEzolPuMBhO6iEHtxSD2tmFNuZO1rpgolxY3TdQjn5lXpkdXULLrX83owEpAKWNZw9xqycRE2S5jTgPkN7HLa1xO+1/xw~UwU42+uNLdpL3FBLxshq/sUgJO+C+KuPSFGKRamnYU0\"\n}" + } + ] + }, + { + "name": "Step 6: Submit Factor Credentials", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \"credentials\": {\r\n \"otpCode\": \"496856\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the factor credentials and the requestState that was received in the previous step response.\r\n\r\nThe requestState used in this request contains:\r\n- deviceId (for all factors except Security Questions)\r\n- requestId\r\n- authFactor" + }, + "response": [ + { + "name": "Response to Step 6: Submit Factor Credentials", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \"credentials\": {\r\n \"otpCode\": \"496856\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2118", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 20:54:09 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iMSkD0wA000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"joeXXXXXXXXX@example.com\",\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"9Oc0v5c9TdVKCXWRE5vsji6mRGOzvx6PRUBuVzu/FSGdvTEBoygLOhiGBiS57XKl8sdcKiQrMafK3fYCDMUcHgdLOwNmBYowk6KTSLisoU2uNUM+vwNeWEfupu/DHZXIUihSfFgDnh+RBnGeELNC7ZEPG7SJGty4aV/SzMo7/xjQ9uDT8of2+mQCDwzk13rjYBNXVuet1lMAOqD//SZ5ozJWUpEpF62lLoSbVoUYSWWWsecx7XH24+p0Gw9R9L64Rhpl9damc67i6EImc/RuBexODQ0y6umdO5yD5hha9RXzZKy06kwgfB07Gjf5+J4R4T24A7TDSDsriDkVBfO+xeW3iEFQ8klLPNZByABWxpzcyIdiXjJcWL4C35nNZ5JXoj108Su7GZDd+GnkHKfYn+zN4qgOgRkw+dHAkuRIZVn9RmFrZ1Fih2x1/11b4hd/0TPXcsACt1GCwkdvo8kUf/47GhubKtOrcG0/ixo76apjGvxwMAs9ASh33jmGmjf1SQfMnLaJQSqy/1Ch2obw2Fe/y5a/DirmcXA3oGemGNJzUifG242FL/2l3c6DMBnKM/LGTt3djevyb6crGNWAadbUe0GVpZEPRR2imcaSU+dd/KTebxj91jIox+Yyh2eY2e2bvNkRb8hFewFicq+OSuKbF5Goq5FTfz0j7XDoMALHlJE7at9dnCdHs22hUOXEfR0KcRA4oqG4BkZ3gnO4qQcI0iNUHIY6r+91363MJtTxyRDzJ8yqyxuhNodAzCDcpAA/VvFjzkeThsw0H7E92rqvA8HoRG+yZXigMLRw6fMdxXzf8pxvyaTF+rbguIcfwd7DkdR0b4AYdFKeBWWgVrOdutmO6YHpPTC7HGmu6R5p+cWFIC+plqdgnAdvnxPyZgp1yan7gt9dB7roQ47s9H0X5a/jeUKpEG8Yo5Ke3cFCjIROQ/5QCaKrcB75Iyveq2czS7SbkRSwFi36Wl1PZYCwN9GcQjxQtHZywM2R25B0GE41nhL+G9EZE9BRv8DJjkzIwHJOGal2oIa1h3tzOf5S8kSqXiefRzh+7kgG0jRolsKF/TzkO17+coFebhWxbU+1CM5rlnS+5WwGZdRI6u9FSSyCfrmNmXjS5t3P6IBoQbPj5G0yJS3w9SF94cy1daqOyAZW0Mm6yJc3Yh3FXzoKm0KXGNtSe9//NmcWrHHRps/dqnsggWuzOXnACBkRyzB1G3R9salkzVKHfu42q4trUq3e971ocd2YDIbdwdST1C0MHoFif7iA1++1mnkJaWTwVLRHaJ9atTgt/l6Vta/N6PH2GEjUN54aJ0sE8hW7dKOoOwuMGXKGrbzxlX6jPJr0Ml6+Y3teAdd3PN2okOOUUzkdPkve8vq+vKu64n/jNjeKYVdE2Pk9q/7WwufOL7bEuogeuOrSJpuySUcAI4pIsleLiBqa6epAbxDK9fChTHOW8KxlbGnoGIURWGhvt/2MNZu1iODM4e3TN8gdwqflUiMxRLJxSJqKO0QztWCeeeMUcjul6cDCmFufrZtb/a8QiEl9Jdny+SdRVXZkRu/qtRtkU1GRgEFa3kM3Wzlf0iQHP9C5h8Es8LoZ9D2nRl2X4UG2QCNIy6L1oipPeMdigQ7gIQK9LwUIK/W5+RtYj3HKsCZsb2W6IgjU4o8/dOFppqiC51ChYSVfNezH7wTDy8MVStfgA6uc3I6x9d/LHIRVspdRTnfW0UHpYWUBMgJeWgqm8+sOJTVgzE33PxivqnUmTz3CVTX1xCWtO3lD3uYCel0M67Ag+k00TehSV2weLkD2egsjtgw4YaE7QYddlwNnWSr5KvZWJH+oFzhJgxz3OnCowEgAqWwW/ND7bGSsqEx4Ur2d0WlLFsfQ9DqTQiES9N2uuLKV4SGo7/DODpb7Aw/eIzPSwp9OxBM567JMm1bJtZgdunkoKuRkcQ~9UXj8ii9zlmHo7pcr85beaSv4HpeLVpRrB9JBjidrL4\"\n}" + } + ] + }, + { + "name": "Step 6a: - Resend OTP", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"resendCode\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to have the OTP code resent (\"op\":\"resendCode\") and contains the requestState that was received in the previous step's response." + }, + "response": [ + { + "name": "Response to Step 3a: SMS Enrollment Request - Resend SMS", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"resendCode\",\r\n \"requestState\":\"xKzXeO8mAb3M.....FljVOQ3boctQ\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Connection", + "value": "keep-alive", + "name": "Connection", + "description": "Options that are desired for the connection" + }, + { + "key": "Content-Type", + "value": "application/json;charset=utf-8", + "name": "Content-Type", + "description": "The mime type of this content" + }, + { + "key": "Content-encoding", + "value": "gzip", + "name": "Content-encoding", + "description": "The type of encoding used on the data." + }, + { + "key": "Date", + "value": "Fri, 11 May 2018 21:22:43 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Server", + "value": "LBAAS", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Transfer-Encoding", + "value": "chunked", + "name": "Transfer-Encoding", + "description": "The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity." + }, + { + "key": "Vary", + "value": "accept-encoding", + "name": "Vary", + "description": "Tells downstream proxies how to match future request headers to decide whether the cached response can be used rather than requesting a fresh one from the origin server." + }, + { + "key": "Via", + "value": "1.1 net-idcs-config", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "1G0Bi0FRI00000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"resendCode\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": true\n },\n \"requestState\": \"pWbYwFPpUPYW.....xPFaYmmwpEu8\",\n \"nextAuthFactors\": [\n \"SMS\"\n ]\n}" + } + ] + }, + { + "name": "Step 7: Create Token After Enrollment is Complete", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step replicates the \"Done\" functionality where the client says \"I am done with all authnFactors and need a session created\".\n\nThe server validates that no other factor evaluation (depending on what is defined for the policy) is needed and responds with the token or denies access." + }, + "response": [ + { + "name": "Response to Step 7: Create Token After Enrollment is Complete", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2230", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 01 Jun 2018 20:54:24 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iMSkD0xA000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"authnToken\":\"eyJraWQiOiJTSUdOSU5HX0tFWSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzZXNzaW9uIjoiWDdtMHlFOFBwUU9KY3o5dFpkTU5ocm9OQnBMYVJ1b1dQdXFpUENPb0FxeXJ3aUNRMXk4aWFUWitUYzZCemg1Snp5cklyVTNENE1OVWdac0ppU3M2aHFkVGJUT1wvSEJGU042M1VqaDlGT2Z3TDBtMDhPYlhsVjVoWnl6QSt3UGdoXC8wZTZqVEo3QnVKZEpOZVZxRmZBUUd0YTNKcWt3d1wvTDFRRm80Sm9kRGJmbXliSWZ0bG9WZTBUbWQxN296OXJYRHpnMjR3dHVnV25JK2VvQ01KQnI1N2FaKzAzK3BpZ2NFQUU2bEhueURQNEE2UW1QUXhSNHNSV29NTjNFTWtoU0I2S1wvOTBqbXFQcDdwTW9pUDg4WHZ4TmJFeUt1VDdvMzd5XC9TKzllY3lVc3lLS2ZCR0hBZk45UXo0OU81MHVmamRvdTZqMHZZUFhNVzcrK1NFMlNIM1N5SmVIcDN4YW1pVlVkemhXaWhRdjZ5WUJEbGk5SWpKVld1TTdGM3JFZFI5ZmNReFNzTUU3b1I0ejBwMzgrU3MzVXVvc3NXMngxb3JUT3lKaXpONGE5Q205TjZLMmZKdTdCMWlwaFwvV043eVBtRUNXUkdmWmdXWmJna3IycmhYNzlRQkpQWFRWWlp5SlFTNnJoQ2t4blRGR3dQNlVGcHhQSkVNXC9MSEJiOUZST2R4V0xxMkRzd3JnNjF0bVY1aURMRDM2cUFRSWphY0J1SDBIZ2F0VFhKa1o1ZFhvNUtxYnZOQW1nOVR1UHRxaUZrbXVrS3lwaGZaRjJRVSszZ2Vubk9Jb1NhXC81T0FPRHFFaU5nOTJ6OFhVUmdlYmsra0ZxQktrZ2k0d0dBZzV5MnBxSHQ2WVVjZUdWU2lqTDNuQWlUWkxtOFZtaXM2b29xXC9ZRU12ZjdQb2RlWllsbHFwZmZXZnJhWkhYQ1wvNGhHeXR5bXpRbll6bjFPKzRrOHJXcDFrcDArY2w2NjhXdnlYXC9yOVdBQ0ZGT2c4MTd6SG52MEE2ZVkzUTdYR0QxYUowSjlvUlRMbXVSQU1sS3NLYjhab3ZrOXRwVlBEWG9Za21FMWpIZmlndmM1K1VnZTNtNnorQVA3R2xFS3JrbEkrVEo5NDIzWU9WdElrOXBVMGlUWXNrcHRrYnpvellPVlZBTjR3blltNFlJc0JxWXF2WmdwWGtzWVpUSWVOYW9iaWVReEFoMnc3a25rTE5ybDVHUVwvTmVsSUZLR0grWDV4K1ZEOUVhRW85UDhWWmdIMHY5SHVBdGJRazhhV0xTVmhcL29QUDg5THhcL3RlbXBYaitObWFJV3pvN0dPU3QyR1wvSjRnenlNdDZZZitSemF2T2o2ODFrME52VjJUKzF1ZUZxMGZVYnlRMXZpUXNuajc4UHU1TWFSRXJUdFhBUkFDTGNOSEJyZDl2UFNmTHhqQ0FVQlZkUVR6cHp0R2lnMW93aEgrMFV4ZzZWcnJPUVF2cUxOMktKTE5QZElaaVpTbE10UVwvcGlSaUluN3JwVk1RWkZob1N0SDAxNmVhSGdDc0ZwSFFQUnNcLzF4bnkwbUxiWTJPcGpkXC9ETTgrK2RlRzREMkxCV0NJMHdBNlI2Z352NWo4S01yeWFWTDgzM2t2ZmJTcDdGdVRYazFWekFsMFFwRTlzdzFXUGRVIiwiaXNzIjoiYXV0aHNkayIsImV4cCI6MTUyNzg4NjQ5MywiaWF0IjoxNTI3ODg2NDY0LCJ0ZW5hbnQiOiJ0ZW5hbnQxIn0.SIK5PjlDg3CmIcSdxoAeNy2vVb8EMzANhfFJGSjyN54vSWhFuLEkMBGmaCABdCWU6aLBZ5y3yTVCCIsWH1EvpCWs8Iaa9eiTo9w_bX0vdPXNwU3zDTE614nLO7pLgJqs8D6220iO5cvYjkoKlFmk6C8gmfYkvaoTWFixx8M0V1Qv_D3SOzDtTKDd93uF8rRVGdw_YGgVAEn5LISP1MAFXMjfnralhFa8sVrTkvFcmmrjXcXjmFC60Mbw66Wj5rUbDTchHlAlmJgcL6YMXQj8Yub9qUZnUgybHLLhEfiNwcIOaC_3Ipc1UOD8dHAP1wA27nuRFzkaGNEXcjvVqbCYfw\",\"status\":\"success\"}" + } + ] + } + ], + "description": "This example scenario walks through the steps of a user switching which factor they want to enroll in during enrollment.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + } + ], + "description": "Test authentication using the user's credentials, requestState, and enrolling in Multi-Factor Authentication.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authentication Using User Name/Password + MFA Authentication", + "item": [ + { + "name": "Security Questions", + "item": [ + { + "name": "Authentication With Security Questions Set as the Default Method", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 23 May 2018 23:07:39 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "c00Hf0e5000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"Kx/PMIUhDoHt.....TWzUHQLsXVZk\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received from this step: \r\nThe client is sent the details of the user's preferred factor method so that the appropriate credentials of the factor can be submitted. \r\n\r\nThe option to get the backup factors is also provided (See the Get Backup Factors folder)." + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"Kx/PMIUhDoHt.....TWzUHQLsXVZk\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2059", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 23 May 2018 23:07:57 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "c00Hf0f5000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"SECURITY_QUESTIONS\"\n ],\n \"SECURITY_QUESTIONS\": {\n \"credentials\": [\n \"questionId\",\n \"answer\"\n ],\n \"questions\": [\n {\n \"hint\": \"Cinco\",\n \"questionId\": \"FavoriteFood\",\n \"text\": \"What's your favorite food?\"\n }\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"Gaw0tIMmlGiA.....eJI/vBdfGRD4\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Security Questions Factor Authentication", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\": \"credSubmit\", \r\n \"authFactor\": \"SECURITY_QUESTIONS\",\r\n \"credentials\": { \r\n \"questions\": [ \r\n { \r\n \"questionId\": \"{{questionId1}}\",\r\n \"answer\": \"Mexican\"\r\n }\r\n ]\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the factor credentials for the user's preferred method and the requestState that was received in the previous response.\r\n\r\nIf the factor credentials are correct, an access token is received in the response." + }, + "response": [ + { + "name": "Response to Step 3: Security Questions Factor Authentication", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\": \"credSubmit\", \r\n \"authFactor\": \"SECURITY_QUESTIONS\",\r\n \"credentials\": { \r\n \"questions\": [ \r\n { \r\n \"questionId\": \"FavoriteFood\",\r\n \"answer\": \"Mexican\"\r\n }\r\n ]\r\n },\r\n \"requestState\": \"Gaw0tIMmlGiA.....eJI/vBdfGRD4\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2173", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 23 May 2018 23:08:25 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "c00Hf0g5000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....pgoi1rlQjNCQ\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "These steps describe the authentication flow when the user has security questions set as the default factor. After the user submits their username/password, in the response the client is sent the questions that the user needs to answer. ", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authentication With Security Questions & Setting Trusted Device", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 20:45:46 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "CURxY0P2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"TfoSHKpBv7s7.....YQQ4qnF6tpHo\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"credSubmit\" indicates that the user should submit the factor credentials to authenticate.\r\n\r\nThe response includes the questionIds of the questions that the user must answer.\r\n" + }, + "response": [ + { + "name": "Responset to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"TfoSHKpBv7s7.....QQ4qnF6tpHo\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2059", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 20:46:14 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "CURxY0Q2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"SECURITY_QUESTIONS\"\n ],\n \"SECURITY_QUESTIONS\": {\n \"credentials\": [\n \"questionId\",\n \"answer\"\n ],\n \"questions\": [\n {\n \"hint\": \"Cinco\",\n \"questionId\": \"FavoriteFood\",\n \"text\": \"What's your favorite food?\"\n }\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"JcU4ySjM3oea.....cUVXSl5Lw0mY\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Security Questions Factor Authentication & Setting Trusted Device", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\": \"credSubmit\", \r\n \"authFactor\": \"SECURITY_QUESTIONS\",\r\n \"credentials\": { \r\n \"questions\": [ \r\n { \r\n \"questionId\": \"{{questionId1}}\",\r\n \"answer\": \"Mexican\"\r\n }\r\n ]\r\n },\r\n \"trustedDevice\": true,\r\n \"trustedDeviceDisplayName\": \"Chrome on Windows\",\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the factor credentials for the user's preferred method, the requestState that was received in the Step 2 response, and then the trusted device details.\r\n\r\nIf the factor credentials are correct, an access token and a trustToken is received in the response.\r\n\r\nThe trustToken in the response contains the following information:\r\n\r\n-trustId\r\n-token (UUID)\r\n-userId\r\n-expiryDate" + }, + "response": [ + { + "name": "Response to Step 3: Security Questions Factor Authentication & Setting Trusted Device", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\": \"credSubmit\", \r\n \"authFactor\": \"SECURITY_QUESTIONS\",\r\n \"credentials\": { \r\n \"questions\": [ \r\n { \r\n \"questionId\": \"FavoriteFood\",\r\n \"answer\": \"Mexican\"\r\n }\r\n ]\r\n },\r\n \"trustedDevice\": true,\r\n \"trustedDeviceDisplayName\": \"Chrome on Windows\",\r\n \"requestState\": \"QCPwb8cBBZ9k.....QE8hU7WQhlGI\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2415", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 23:45:04 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "NjvHo0h3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....BdMT7rngGnVw\",\n \"trustToken\": \"N9I/agxNJIAg.....CH+nSj1lBU\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "These steps describe the authentication flow when the user has security questions set as the default factor. After the user submits their user name/password, the client is sent the questions that the user needs to answer. \n\nAnd in the response with the security question answer, the trusted device attribute is set to true: \"trustedDevice\": true", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authentication Using Security Questions When It Isn't the Default Method", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 15:55:08 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iigF9043000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"ppS31TrQXDz5.....kfvQrIy2IoZs\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\nThe client is sent the details of the user's preferred method (the value for \"nextAuthFactors\") so that the credentials of the preferred factor can be submitted.\r\n\r\nUse \"getBackupFactors\" in the next step to switch MFA methods from the default method to another enrolled method.\r\n" + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"/vagjZQA7NHR.....RdRock7lYq0M\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1880", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 15:55:21 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iigF9053000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's iPhone\",\n \"nextAuthFactors\": [\n \"SMS\"\n ],\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"uxLofMDiBlxO.....YKVGatn3CQkQ\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Get Backup Factors", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the \"op\":\"getBackupFactors\" and the requestState that was received in the Step 2 response.\r\n\r\nIn the response received:\r\nThe client is sent all of the possible factors that the user can switch to with the deviceIds required for all of possible factors and the questionIDs to use if the user wants to use Security Questions to authenticate. " + }, + "response": [ + { + "name": "Response to Step 3: Get Backup Factors", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"9GTg3RqnhzSH.....zw7vOTOKOlw\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2863", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 15:55:41 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iigF9063000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"TOTP\",\n \"SMS\",\n \"EMAIL\",\n \"BYPASSCODE\",\n \"SECURITY_QUESTIONS\"\n ],\n \"TOTP\": {\n \"credentials\": [\n \"otpCode\",\n \"preferred\",\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"784b08bccbfc4ad6bb898109548afbc6\",\n \"displayName\": \"Joe's Phone\"\n }\n ]\n },\n \"SMS\": {\n \"credentials\": [\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"400170a6efc646d991bbf980987719fc\",\n \"displayName\": \"Joe's iPhone\",\n \"preferred\": true\n }\n ]\n },\n \"EMAIL\": {\n \"credentials\": [\n \"preferred\",\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"3395cbf8e17c48d1b021eb3132e07ada\",\n \"displayName\": \"joeXXXXXXXXX@example.com\"\n }\n ]\n },\n \"BYPASSCODE\": {\n \"credentials\": [\n \"bypassCode\"\n ]\n },\n \"SECURITY_QUESTIONS\": {\n \"credentials\": [\n \"questionId\",\n \"answer\",\n \"preferred\"\n ],\n \"questions\": [\n {\n \"hint\": \"maker and type\",\n \"questionId\": \"FirstCar\",\n \"text\": \"What's the model of your first car?\"\n }\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"IDajdFgWQxuj.....R2sSVrKOpzXA\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 4: Provide Security Question Credentials to Authenticate", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\": \"credSubmit\",\r\n \"authFactor\": \"SECURITY_QUESTIONS\",\r\n \"credentials\": { \r\n \"questions\": [ \r\n { \r\n \"questionId\": \"{{questionId1}}\",\r\n \"answer\": \"dogTessy\"\r\n }\r\n ]\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the appropriate factor credentials and the requestState that was received in the Step 3 response.\r\n\r\nIn the response received:\r\nIf the credentials are accurate, the access token is provided." + }, + "response": [ + { + "name": "Response to Step 4: Provide Security Question Credentials to Authenticate", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\": \"credSubmit\",\r\n \"authFactor\": \"SECURITY_QUESTIONS\",\r\n \"credentials\": { \r\n \"questions\": [ \r\n { \r\n \"questionId\": \"FirstPet\",\r\n \"answer\": \"dogTessy\"\r\n }\r\n ]\r\n },\r\n \"requestState\": \"FLeLjFpzIeXg.....jHgjqp8cH7AA\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2295", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 16:05:43 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "NjvHo0c4000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....yzMAiqkF40fA\",\n \"status\": \"success\"\n}" + }, + { + "name": "Error Example: Security Question Authentication Failure", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\": \"credSubmit\",\r\n \"authFactor\": \"SECURITY_QUESTIONS\",\r\n \"credentials\": { \r\n \"questions\": [ \r\n { \r\n \"questionId\": \"FirstPet\",\r\n \"answer\": \"Tessy\"\r\n }\r\n ]\r\n },\r\n \"requestState\": \"bnvhRJIn0esjHKQjU/Cn0G9a3frOP8UYvGJct83nU8hYM77ip4UZD+YePFipwkveZF87r2p34+sQ6lGvHWKDJogJBT9TjX41vvRwbpa806Tj4MkueTYgPEIDq8qB17AqCbipJ+TB8bK0tkLYklJESxFxvqHG8+gkzEWi8Zr0Rn1NJdFt3JWVjkE/5MJHQMc/j6kyOysYnnMJMPbzrO3I9Sl3+MqQn2AkUDMMYqmJwtOlYSdtJ5TlocBoxkPlTSQco3PKZQyijXHqgyMZ2gQTpwH96winb5KfBaeovBo7ag9U9XUWB7w9+KfgQ884rzp0YizHI/HqJNtJ5YHs3sOyFqKCt6aNI9zSRN6tHPeSTVEVmg2j6P8VMWEd10D2u1aUOEkBHNQAw82HYU/xiZTJbYunSn96OkgpNjaa7pckEzIFkUrIMu+Pe9Xlb3nY5IxwAQMELI65pNZdLaYQiO3Jl50znCuFx3FiXfO6WRVjMdHXnu+9+XLhufWKWp/SaX3kY3CGdFIT3GZMC3uno3DhrzWMk2sGMxDOvsc/qVSonxalZpyUIOPxZlL/qw5FhuPr5C/TMkeBXbcl8rvISr8FdVRVOx4mI7tuxchKczdW1V2Fq3Unm5qX8Ve+o/6awWjq8vbh8PcqGlsCK3QaIsARyu3ELz+RwBDv/wKyUJNnkfm0GEIqEWLl7zMdqndM4M17IGCqBQBbKcOhxYg9mg21KaP9mnDExSgfBhhd2ykSuwMyWD8/h8zenjv14qgc3ad8n/1FYdls4l+dGjOvUfxjk+Q+BKB68VkIpfpSPkutH7iQcq/6xtjouBpbfle22PafNiUkr18C6hBHSBNS0ql53Bu/S2hyix6cVg5dtZdN63Olehtkmu0u1ZejyLypOusPdQr5FVXruLgd2FqZDPSgUNUyJQ+rGwS4Kbo6UK+00q4coSnH0J2Z+SH60wNQOrMAaZiOuxCVa5JyENRsRXPn8QZCl6KdMRGaL2wu+PosZR698D29ZB52jq/c+K1dVsvBA3z1aoVq+6EPbD/rqN+hrqNvBCV/eS4KyH4n/Osk302wwumGXpgdCrtqfMcHEFqgxlNdyLmG/t6Lmj9zcWOOyfhpOm7uBBYDtTBuDN0mKOUCRT6zAHaQXrxrpLlZ9JMCHC1nBp6Av5V7OgFkzx8C4g2xLe/BR4NLxJbcfctnsdDI7VCqZ4jCjOTHr/NPP+dz+sftR3I6izqpT3h01UhbgDFKDN8P4slL5J80w6xJAJnz55a+nPwI52F9ussAjMFbgNIQc8NUEvDjkg1gv6ECyaeXj1PI7n5DusAM7/eFU0t/1vHpsPGJ7uPPgYPCsVe8tuHGLpvsvhDa0lI4ladzwSkkyJGOR1WNdYp76cBrcSQvkRFKBYARqcYBRSMd0XZQGC/maaTZdVnE7raS+qUFSbtMbPqpDxgvf95eG/Wt0BJpWASTvux4NYIMYZvcnUfliTCrvmTlWCWFledpVNydxYDe6MakJS4Rk7X2ERj7Sc2FAEwBrFkJOzvXRa0xcEdQSv8g19Jr5fqbQggKVo3dz1kpKT0+K+Km2lBPmQwOMFWk4lX2Ts44KSBxghGQuSggZmv3jAZKkeHLz3o+7kI3NyV80S2Xvc57eCfoBxsSXhegOn4Eh9acFRuwiRrgdE9xhMK+j08CRfVdY2iTHNkgW9Fu01U50qtlVJjVdLQoHvERtjPi1+5llCQjmko4/3NrnpzHR51hKOY3QNR1crHdLwk7VIwLw/zQn6R7m2sNh0yGK4LAajlaiewJuvHOg3hOhY6m0FRC8hny+LH1LNbCZqrRiwm6qmxAhPiLqush73gYd61Kq4fALpGYxz/f5qMw~a1oVSLN6OEpbylrg4z+UzdfuLsun+dATShOEVlO9LHE\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2239", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 23 May 2018 00:54:37 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Ao^0O0k3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"failed\",\"cause\":[{\"message\":\"You have entered the wrong answer.\",\"code\":\"AUTH-1026\"}],\"SMS\":{\"credentials\":[\"otpCode\"]},\"nextOp\":[\"credSubmit\",\"getBackupFactors\"],\"BYPASSCODE\":{\"credentials\":[\"bypassCode\"]},\"SECURITY_QUESTIONS\":{\"credentials\":[\"questionId\",\"answer\"],\"questions\":[{\"hint\":\"dog dog name\",\"questionId\":\"FirstPet\",\"text\":\"What's your first pet's name?\"}]},\"nextAuthFactors\":[\"SMS\",\"BYPASSCODE\",\"SECURITY_QUESTIONS\"],\"trustedDeviceSettings\":{\"trustDurationInDays\":15},\"requestState\":\"Za18WeNu5bmVNu2Q0SV8QSTlzYtRUo8LNJMeo4a13kFYCv84TWPCqFSr+5YYV7XcpcScN/RK//ihOcBOyHRq4CYYNp61qa28mMdSd9kaxYFGFXJTx0n0WyBNNQsfBOZ3FX0F4RE79lGrQMIxziJUhtr7RY8lQ1Q9FnqyrUvUUoIsQV1OIlLjTEsi1Tk5Weo4NZVRw07TYWaf9YcVGFw+6oZHhXaIQwV6jjUQQD0r9UFqxVaG8GUuUhOdQzyy7QCbxANKye9YnGqVGRKO6PN86uiIqaqvlzjiVjCFqYUcM8kevY7HGTcOGxHO3sdGXzkhgIYBgxUQZuhmvK27wN13e6pe0D2DC9+AgpseESFHxQ6TQNLATYFnGKmWiLUspZojJeeLg2us0QNZJVm+R2yrBWXjpkENn87ofGPC5rOqMdaYpWS4VaLjEWwBZWOR4yWDZr6HxLDMphlu2NOFS3i55fwVK9H6MV7fSeDQZyHt3zCv/UJxPoO25lvFCuCYtm12vBTlLZvPdyufZuzjB9kgrevnFZJ4X5D9d6Au9jMyDzenpckQH3WWRmZf3KXMoPABSC1jDWNdhvdn6gc3qhiGV3TaEr7qyuloLa0FXPUiWqgwQ43TaKsH+kUsziGw6HVXGEy7da+5Fc7Gshbau2WHCwzvg/0SG9DN3QJDYtAKZzZ80kDNG9LfJD3EqxZsEEU8uFCjWL5bljhKDS28nmOTdSqiu9r3PV4C0l6yRQ+77GV9cK7X3YdOwDD1mSvqqfT5H3ChUA2E7A+DNE0y72mseGzb+3nw51s2hLmkOpMdUkWJxsWgyMIwrq3sHtdOYc/76IeUXxIaNLzIm43RuzEJgo1kyCv2fEOjzMTpfcS2RxDncxbm4T89OKkIhimhheFL5vamOcedurn3wVeGF/AdaDPX8rz02SSnQgDN/fWWqiEulwDM3z5qU6vEWlxQ30UhzerkecMyitzhO9MU5ZYKMkbYeNgMshoho4H8RHuv2lXoz351ZFKQFTgm/gR1ofKDlbXrcHcDi9BG2JZapyDMWC/nJgOht3JFzYR9vZqDuMnZVjw0SFCchG2DMOdaEE42lXvL3MOt2rsPqy3HR/xRicOvyopgxbtBvhza+Aqz377eqB6uaMbU+P4l6qhVsLjI0nYhL4WPDP4dshfZviec7GqLbARt503Wpm/F1Tz4qe6Rq0P6C3cFzuEZyyi7zePa1h84DfT1rfm9mB1wCsEJbJw/JpVTDMBZaGpd3krA4Xi+DTjvfh5nBdShRvvyMlcYViY2+yqg0ts1r0YoXUZxjBb72B62iT9FkLwcbUujyO5oUPYw7br8YNRRCAUGbw1uhFVJn3+s4FFUMT02CbpQb2vUUjfQDbcPJLJ6o70+v9p3f/rMWb+3jS0woJZE1rB+SeY1ADXEUspzTcl3i7fps9yuwZYyOsA+cvEduuCJTLgeHNnjZ2EJauH35GBNhC6JX4xy1QOmqjVKBP/qpkH0fqq5SO89NLkqF+ZGlejdrx9d4x4VZ6T09Udmk/tp8YCZml91UebJXs5l23ztcumsSam3ir8U12CTJ8Ob05j9jnpswApDeyMEC5eKvuPwxvzUX2n/eDYGsc8SoLTueNj+sM6secq08wbZo4/EeX+YfHU0E1xrF9bjR4IRiJ2cAtfkgaskxadfecQ67bSU2pXQQQ~AsR7Ko39X+yc5I6w4eGM0OZD7TrJ3FqKkvEM3t4utHE\"}" + } + ] + } + ], + "description": "If a user wants to use Security Questions to log in, and if Security Questions aren't the default method, the user is required to make an additional request to complete the authentication.\n \nStep 3\nThe additional request is to obtain the backup methods available and the requestState.\n\nIn the response, locate the question to use as the security question backup method and the requestState.\n \nStep 4\nFor security questions, use the question provided in the response from the request to obtain the backup methods, and then provide the answer and the requestState to get the access token.\n ", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + } + ] + }, + { + "name": "EMAIL", + "item": [ + { + "name": "Authentication With Email Set as the Default Method", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 19:54:51 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "27cJe1R2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"4wwcjONj+bqH.....Y+0pSGqAUg58\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the previous response.\r\n\r\nIn the response received from this step: \r\nThe client is sent the details of the user's preferred factor method so that the appropriate credentials of the factor can be submitted. \r\n\r\nThe option to get the backup factors is also provided (See the Get Backup Factors folder)." + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"4wwcjONj+bq.....Y+0pSGqAUg58\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1936", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 19:55:28 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zy5OP0L2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"joeXXXXXXXXX@example.com\",\n \"nextAuthFactors\": [\n \"EMAIL\"\n ],\n \"EMAIL\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"ALFsYZ0iSMGB.....Utmgm2Nzxt/0\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Email Factor Authentication", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"815940\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the factor credentials for the user's preferred method and the requestState that was received in the previous response.\r\n\r\nIf the factor credentials are correct, an access token is received in the response." + }, + "response": [ + { + "name": "Response to Step 3: Email Factor Authentication", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"815940\"\r\n },\r\n \"requestState\":\"ALFsYZ0iSMGB.....aUtmgm2Nzxt/0\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2227", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 19:56:20 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iigF90b2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....LNwils9qJq-Q\",\n \"status\": \"success\"\n}" + } + ] + }, + { + "name": "Step 3a: Email Factor Authentication - Resend OTP", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"resendCode\",\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to have the OTP code resent (\"op\":\"resendCode\") and contains the requestState that was received in the previous response." + }, + "response": [ + { + "name": "Response to Step 3a: Email Factor Authentication - Resend OTP", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"resendCode\",\r\n \"requestState\": \"JxSvR6s4utiX.....y/bKMf37jNXo\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1760", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 23 May 2018 23:16:55 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Ao^0O0c4000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"EMAIL\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"uWYeocjKiU.....Yr1K/OWSu8Ew\",\n \"nextAuthFactors\": [\n \"EMAIL\"\n ]\n}" + } + ] + } + ], + "description": "These steps describe the authentication flow when the user has Email set as the default factor. After the user submits their username/password, the user must send the TOTP that is sent to their email. ", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authentication With Email & Setting Trusted Device", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 19:54:51 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "27cJe1R2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"4wwcjONj+bqH.....Y+0pSGqAUg58\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"credSubmit\" indicates that the user should submit the factor credentials (otpCode) to authenticate." + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"4wwcjONj+bqH.....fY+0pSGqAUg58\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1936", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 19:55:28 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zy5OP0L2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"joeXXXXXXXXX@example.com\",\n \"nextAuthFactors\": [\n \"EMAIL\"\n ],\n \"EMAIL\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"ALFsYZ0iSMGB.....Utmgm2Nzxt/0\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Email Factor Authentication & Setting Trusted Device", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\": \"credSubmit\", \r\n \"authFactor\": \"EMAIL\",\r\n \"credentials\":{ \r\n \"otpCode\":\"416245\"\r\n },\r\n \"trustedDevice\": true,\r\n \"trustedDeviceDisplayName\": \"Chrome on Windows\",\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the factor credentials for the user's preferred method, the requestState that was received in the Step 2 response, and then the trusted device details.\r\n\r\nIf the factor credentials are correct, an access token and a trustToken is received in the response.\r\n\r\nThe trustToken in the response contains the following information:\r\n\r\n-trustId\r\n-token (UUID)\r\n-userId\r\n-expiryDate" + }, + "response": [ + { + "name": "Response to Step 3: Email Factor Authentication & Setting Trusted Device", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\": \"credSubmit\", \r\n \"authFactor\": \"EMAIL\",\r\n \"credentials\":{ \r\n \"otpCode\":\"416245\"\r\n },\r\n \"trustedDevice\": true,\r\n \"trustedDeviceDisplayName\": \"Chrome on Windows\",\r\n \"requestState\": \"YqCeyknuKkN7.....aWxZUoKlCvg4\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2491", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 23:51:54 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "pIqsD1R3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....r+qONDlGDD4c\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "These steps describe the authentication flow when the user has Email set as the default factor. After the user submits their user name/password, the user must send the TOTP that is sent to their email. \n\nAnd in the response with the TOTP, the trusted device attribute is set to true: \"trustedDevice\": true", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authentication Using Email When It Isn't the Default Method", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 16:29:13 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "27cJe1u3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"SwOFT2sUS4za.....+I8OwArPeIyIgE\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\nThe client is sent the details of the user's preferred method (the value for \"nextAuthFactors\") so that the credentials of the preferred factor can be submitted.\r\n\r\nUse \"getBackupFactors\" in the next step to switch MFA methods from the default method to another enrolled method.\r\n" + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"SwOFT2sUS4za.....8OwArPeIyIgE\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1880", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 16:29:53 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "8s_^F0v4000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's iPhone\",\n \"nextAuthFactors\": [\n \"SMS\"\n ],\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"pO8Fex4RVhMi.....1/zGb2Y2+mFQ\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Get Backup Factors", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the \"op\":\"getBackupFactors\" and the requestState that was received in the Step 2 response.\r\n\r\nIn the response received:\r\nThe client is sent all of the possible factors that the user can switch to with the deviceIds required for all of possible factors and the questionIDs to use if the user wants to use Security Questions to authenticate. " + }, + "response": [ + { + "name": "Response to Step 3: Get Backup Factors", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"pO8Fex4RVhMi.....v4a1/zGb2Y2+mFQ\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2834", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 16:30:09 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "8s_^F0w4000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"TOTP\",\n \"SMS\",\n \"EMAIL\",\n \"BYPASSCODE\",\n \"SECURITY_QUESTIONS\"\n ],\n \"TOTP\": {\n \"credentials\": [\n \"otpCode\",\n \"preferred\",\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"784b08bccbfc4ad6bb898109548afbc6\",\n \"displayName\": \"Joe's Phone\"\n }\n ]\n },\n \"SMS\": {\n \"credentials\": [\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"400170a6efc646d991bbf980987719fc\",\n \"displayName\": \"Joe's iPhone\",\n \"preferred\": true\n }\n ]\n },\n \"EMAIL\": {\n \"credentials\": [\n \"preferred\",\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"3395cbf8e17c48d1b021eb3132e07ada\",\n \"displayName\": \"joeXXXXXXXXX@example.com\"\n }\n ]\n },\n \"BYPASSCODE\": {\n \"credentials\": [\n \"bypassCode\"\n ]\n },\n \"SECURITY_QUESTIONS\": {\n \"credentials\": [\n \"questionId\",\n \"answer\",\n \"preferred\"\n ],\n \"questions\": [\n {\n \"hint\": \"dog and name\",\n \"questionId\": \"FirstPet\",\n \"text\": \"What's your first pet's name?\"\n }\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"qNKNOFWwBYcf.....tSd7D8VmdTksA\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 4: Provide the DeviceID to Obtain Factor Credentials", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"EMAIL\",\r\n \"credentials\":{ \r\n \"deviceId\":\"{{deviceId}}\"\r\n }, \r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the authFactor that the user is switching to, the appropriate deviceID for the factor, and the requestState that was received in the Step 3 response.\r\n\r\nIn the response received:\r\nIf the deviceId is accurate, the appropriate required factor credentials are sent and \"credSubmit\" appears in the \"nextOp\" list.\r\n" + }, + "response": [ + { + "name": "Response to Step 4: Provide the DeviceID to Authenticate", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"EMAIL\",\r\n \"credentials\":{ \r\n \"deviceId\":\"3395cbf8e17c48d1b021eb3132e07ada\"\r\n }, \r\n \"requestState\":\"qNKNOFWwBYcf.....tSd7D8VmdTksA\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2143", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 16:31:20 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zl9Ay1u2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"joeXXXXXXXXX@example.com\",\n \"EMAIL\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"0QUaxD90dM2K7.....sSz35EdMLGMkE\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 5: Provide Device ID and OTP Code to Authenticate", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \"authFactor\": \"EMAIL\",\r\n \"credentials\": {\r\n \"deviceId\": \"{{deviceId}}\",\r\n \"otpCode\": \"411119\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the appropriate factor credentials, the deviceId, and the requestState that was received in the Step 4 response.\r\n\r\nIn the response received:\r\nIf the credentials are accurate, the access token is provided." + }, + "response": [ + { + "name": "Response to Step 5: Provide Device ID and OTP Code to Authenticate", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \"authFactor\": \"EMAIL\",\r\n \"credentials\": {\r\n \"deviceId\": \"3395cbf8e17c48d1b021eb3132e07ada\",\r\n \"otpCode\": \"215136\"\r\n },\r\n \"requestState\": \"0QUaxD90dM2K7.....sSz35EdMLGMkE\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2231", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 16:32:04 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "^V1zy0U3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....5-t0_lctlOow\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "If a user wants to use EMAIL to log in, and if EMAIL is not the default method, the user is required to make two requests to complete the authentication.\n \nStep 3\nThe first request is to obtain the backup methods available.\n\nFor email, locate the deviceId for Email provided in the response and the requestState.\n \nStep 4 \nThe second request includes the OTP that the user receives through email. (This information can be extracted from the getBackupFactors call).\n\nWhen the SDK receives a credSubmit on EMAIL, with the deviceId, it understands that it first needs to send an EMAIL with the OTP code.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + } + ] + }, + { + "name": "Offline One-Time Passcode (TOTP)", + "item": [ + { + "name": "Authentication With Offline TOTP Set as the Default Method", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 19:54:51 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "27cJe1R2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"4wwcjONj+bqH.....hfY+0pSGqAUg58\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the previous response.\r\n\r\nIn the response received from this step: \r\nThe client is sent the details of the user's preferred factor method so that the appropriate credentials of the factor can be submitted. \r\n\r\nThe option to get the backup factors is also provided (See the Get Backup Factors folder)." + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"4wwcjONj+bqHh.....6hfY+0pSGqAUg58\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1936", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 19:55:28 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zy5OP0L2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"joeXXXXXXXXX@example.com\",\n \"nextAuthFactors\": [\n \"EMAIL\"\n ],\n \"EMAIL\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"ALFsYZ0iSMGB.....1aaUtmgm2Nzxt/0\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Offline TOTP Factor Authentication", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"815940\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the factor credentials for the user's preferred method and the requestState that was received in the prvious response.\r\n\r\nIf the factor credentials are correct, an access token is received in the response." + }, + "response": [ + { + "name": "Response to Step 3: Offline TOTP Factor Authentication", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"815940\"\r\n },\r\n \"requestState\":\"ALFsYZ0iSMGB.....aaUtmgm2Nzxt/0\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2229", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 22:13:18 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zy5OP0Z2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....2A5yGpP8Jx-PsMg\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "These steps describe the authentication flow when the user has TOTP set as the default factor. After the user submits their username/password, the user must send the TOTP. ", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authentication With Offline TOTP & Setting Trusted Device", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 19:54:51 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "27cJe1R2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"4wwcjONj+bqHhC8.....6hfY+0pSGqAUg58\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"credSubmit\" indicates that the user should submit the factor credentials (otpCode from the OMA App) to authenticate.\r\n" + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"4wwcjONj+bqH.....Y+0pSGqAUg58\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1936", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 19:55:28 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zy5OP0L2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"joeXXXXXXXXX@example.com\",\n \"nextAuthFactors\": [\n \"EMAIL\"\n ],\n \"EMAIL\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"ALFsYZ0iSMGB.....1aaUtmgm2Nzxt/0\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Offline TOTP Authentication & Setting Trusted Device", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"837752\"\r\n },\r\n \"trustedDevice\": true,\r\n \"trustedDeviceDisplayName\": \"Chrome on Windows\",\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the factor credentials for the user's preferred method, the requestState that was received in the Step 2 response, and then the trusted device details.\r\n\r\nIf the factor credentials are correct, an access token and a trustToken is received in the response.\r\n\r\nThe trustToken in the response contains the following information:\r\n\r\n-trustId\r\n-token (UUID)\r\n-userId\r\n-expiryDate" + }, + "response": [ + { + "name": "Response to Step 3: Offline TOTP Authentication & Setting Trusted Device", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"837752\"\r\n },\r\n \"trustedDevice\": true,\r\n \"trustedDeviceDisplayName\": \"Chrome on Windows\",\r\n \"requestState\": \"mWTTcCMYU5ZS.....R6QnzK6xWjYNxU\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2479", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 23:57:22 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "NjvHo0i3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....SBj-NuZ_7Qmog\",\n \"trustToken\": \"1zwnOuTscfYkettKIhRZhja5jjrO/QXSFJTpDYpsJ1TVtDG/2lzBRDEOkbGbLlvnhtHtXbMYp8F0ZaXRGUbtritC/hkOM9xgvh7UnIXdtm7ngz3c6L3/ObfcvP+fC2ev0l/7YbaTUS1CyucmNJ3diJKRTK/sO4E6UY5F1eEDjm6dG64eGU7VlGZQtjOmrcHN~0F/eZu+b9OIL0byvikjqhTn/TyurMdQGNQkVU8I84xg\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "These steps describe the authentication flow when the user has TOTP set as the default factor. After the user submits their user name/password, the user must send the TOTP. \n\nAnd in the response with the TOTP, the trusted device attribute is set to true: \"trustedDevice\": true", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authenticating Using Offline TOTP When It Isn't the Default Method", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 16:29:13 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "27cJe1u3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"SwOFT2sUS4za.....8OwArPeIyIgE\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\nThe client is sent the details of the user's preferred method (the value for \"nextAuthFactors\") so that the credentials of the preferred factor can be submitted.\r\n\r\nUse \"getBackupFactors\" in the next step to switch MFA methods from the default method to another enrolled method.\r\n" + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"SwOFT2sUS4za.....I8OwArPeIyIgE\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1880", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 16:38:45 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "_rMg5034000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's iPhone\",\n \"nextAuthFactors\": [\n \"SMS\"\n ],\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"AJ1wh6rjtYaC.....8KSo5VfKmT6Y\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Get Backup Factors", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the \"op\":\"getBackupFactors\" and the requestState that was received in the Step 2 response.\r\n\r\nIn the response received:\r\nThe client is sent all of the possible factors that the user can switch to with the deviceIds required for all of possible factors and the questionIDs to use if the user wants to use Security Questions to authenticate. " + }, + "response": [ + { + "name": "Response to Step 3: Get Backup Factors", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"pO8Fex4RVhMi.....a1/zGb2Y2+mFQ\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2863", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 16:38:59 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "_rMg5044000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"TOTP\",\n \"SMS\",\n \"EMAIL\",\n \"BYPASSCODE\",\n \"SECURITY_QUESTIONS\"\n ],\n \"TOTP\": {\n \"credentials\": [\n \"otpCode\",\n \"preferred\",\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"784b08bccbfc4ad6bb898109548afbc6\",\n \"displayName\": \"Joe's Phone\"\n }\n ]\n },\n \"SMS\": {\n \"credentials\": [\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"400170a6efc646d991bbf980987719fc\",\n \"displayName\": \"Joe's iPhone\",\n \"preferred\": true\n }\n ]\n },\n \"EMAIL\": {\n \"credentials\": [\n \"preferred\",\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"3395cbf8e17c48d1b021eb3132e07ada\",\n \"displayName\": \"joeXXXXXXXXX@example.com\"\n }\n ]\n },\n \"BYPASSCODE\": {\n \"credentials\": [\n \"bypassCode\"\n ]\n },\n \"SECURITY_QUESTIONS\": {\n \"credentials\": [\n \"questionId\",\n \"answer\",\n \"preferred\"\n ],\n \"questions\": [\n {\n \"hint\": \"maker and type\",\n \"questionId\": \"FirstCar\",\n \"text\": \"What's the model of your first car?\"\n }\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"ZClVDAtP4V0y.....9H13j87xk2odZY\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 4: Provide Device ID and OTP Code to Authenticate", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"TOTP\",\r\n \"credentials\":{ \r\n \"deviceId\":\"{{deviceId}}\",\r\n \"otpCode\":\"336975\"\r\n }, \r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the appropriate factor credentials and the requestState that was received in the Step 3 response.\r\n\r\nIn the response received:\r\nIf the credentials are accurate, the access token is provided.\r\n" + }, + "response": [ + { + "name": "Error Example: TOTP Authentication Failure", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"TOTP\",\r\n \"credentials\":{ \r\n \"deviceId\":\"0ebadfde1d4944da9fb9fcb7317eb45a\",\r\n \"otpCode\":\"747877\"\r\n }, \r\n \"requestState\":\"vhBhoAyxipRPU2S05MXBdC4wYYW0ceB0JDv5Jns/UupxOZfF7ZB/bkP+FEIH5JHDfI2Q+r+G1kgjAijJmWVA0WNK+6PYigjiRE8c5oGqqEvjIurga/NyrgtvXgwZuHlhmQS4sDZqiPor7xLGnDBli4sTodMnHqok+RujrGhE5W5CkVZKeGbWRAwPcUuD3dX6T54QeEe/dXkILX//OGkasZmZQYNB0yzrE6/QRwkNzt/SWAAH7q69ejHtiS7yeqgYtVsrDCQh3VUoAD3/rXTcPwOhJlTGZ030wyhChPX5Dn9G6EmfYE8FZHouBmV3gWnkK7NRo2nPEyJrQd1ppf+6UqV2dq/9+6btluetZtexYAa9dIz/fYKJKKjPhrWSy14h8wYveEYw5tK5qEw/apAqqKBRCttW3YhNo0io7FjRchoTsTDLhuU0ydrsadJfBNgHIeZfv4q2+/QNe2dJqiPqxJ078bMxqq+t2TfX7d1XcUhdRm84b1hMs91io8/uMlayaGemweOfWGRaONq9rTltBoKrS1uqbm+BiZgUTmHEal1BNSkBf4B0vxdW6pYyoV9xPwvZtd65+vPFQcVAqOIYECiNtacZdZ9pMm1ciqyAR+AhfieG64LxgAFOPqZwVWxQZajNCrwo/5GC36lzn5Ag0CLAX/TYYgMaO4Z7semdVrvyq/DAXYmqpLZrB7oJgH0DmXn6T96cBYTzayH89P5cApbv+ri9rSPFvgvCKd0BIm4QQCYcKxmlU6ure+AL9Xw7KiVzzLVtdEiHSOBy2qJVW0FKKfnnYtBGGRmeMLGH4eiwj4Ud9hZ8EjKE24CAtquwyVOh7sZ4e8Fetm37OVojy7WSLja1/0b81SUKqHsO5qB0bsB+A91Q2lny+V5uudi8lB5aVNuVjgSN/KF4qqxv4Zk6UWHhGEgA55iUGfkZcd+yT+pKPopjOyTF0rFuevVW36VBXtIp5YaHG/ThShcHOgEmtv5t5nrmsmtLH7M18RA4Yg2nVaOavm1UadflorfopO4Z7F+Kp0V+hGCvFBd6F06r1gpu/An+R9fZ/qkDZablZvkuwNYiQQxNSCIDG0dPTHIbkYbNKD2tupuNTh7Hk7Lb61svlM0IjySzKFhCGV6MtdE6q7zrCpBrx1oefLHhPCLO67TawT8OXm6OWIzt6vh3P5E0kNKUKR1pXXiXNt3dPutuRbCcre3lUSnwGW/3GyIlBR6oKhzrVL1yR26Pxd2NROfMFSCrozAFATXo98sz34MGF0MGuFQqy/yPzhQorBagseNP2mQPoUmJ6Y+NAGI/FF5EDR0StU+Cent+U550cUdrZn6Sduz/ySZdGwJU9Cl5olM4AQih+LLsLLFxol+goFPmGALtJ5iwp0Es87p3Zyz7haOa5saHQj2ceh092ttQSB0q2wIsixk4ISZhynZ88L9yLujorebNtae+nOBHPOmLJB3kaXmEs4cNVITsDWkGfu4RZBJpc2p/26t2sSVOCQ1KKl1uF7GzK46RqPPqscWuVx4cL+ANZ+8EFEgA9Y3NZeF4sPv02X3WcHpeZJdyoIA4951F4sBHpWe2R81M2r5Urm94Yw4RjMazBu1F55D+cPyuvWvielMWT8b+WNGn/k/lna+nTLjChJZLySvBrcNdK12Z4fFtjfRKoIcN4ivDR4XGFIU+XZRImiUfS5835fC9c4XlRHuUxBPUgIv0Kg8fWGDefXYn2V2vMw2IcUg5sp3c/mUZ0iUHAhRqd/BLJW/QLxujKoH3rCdHCff8PCl+gXP90CC+MAoifioIR5CaycuMyDpC+RSiqKBYEXneaiTCArZ1qJtK+HWQhFSJPY8pw/UYVBPrMQxWwvmb2orWb59javVIrn33wR6y/w~C3YpQ9O3CXHDOUS7YtcP6D7gOQG0Q0X/u+UMJWoQXcg\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2215", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 23 May 2018 00:57:44 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "pIqsD194000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"failed\",\"cause\":[{\"message\":\"Invalid passcode.\",\"code\":\"AUTH-1105\"}],\"TOTP\":{\"credentials\":[\"otpCode\"]},\"SMS\":{\"credentials\":[\"otpCode\"]},\"nextOp\":[\"credSubmit\",\"getBackupFactors\"],\"BYPASSCODE\":{\"credentials\":[\"bypassCode\"]},\"SECURITY_QUESTIONS\":{\"credentials\":[\"questionId\",\"answer\"],\"questions\":[{\"hint\":\"Cinco\",\"questionId\":\"FavoriteFood\",\"text\":\"What's your favorite food?\"}]},\"nextAuthFactors\":[\"TOTP\",\"SMS\",\"BYPASSCODE\",\"SECURITY_QUESTIONS\"],\"trustedDeviceSettings\":{\"trustDurationInDays\":15},\"requestState\":\"fm3hOQVCqh167qMNOcttEfPKDY/5shTqhtjlpD8cNtNp0IUJZGfOhF7AiHxlqZjbwdJF+UoU4kKJdHBbd/Sj4AC86LPLu9QtL5RFtnwj4kQfUlO2TG2FXykEtXZPA75YDW8AIRohyDd5kKczoGnioERS5QPAY9av712pToilW2CpURd4ZO13SBYISJ0Qx9Iea19Q/wFsC2KeJHhSMn05mt5nv0+MWIHRWATBxMM60tL32AyRSV8pv7mFUt0c1+oRD5i4IFV1YLVXJYjPqRtfWnDzieoOYrg6DDyv8oJfXD4B+K1GFRsxt6mOlLdkizDrPO8EfEUqIOBIuy/2wgrtFEbHIvFK+ZBtI5iXgndgrmI5H+ZASJ/tTE2HPdhULzy5P4ljoD7mkoftsgqi12Fpzk8BkgJ4naSQSyx/QRGPMN++LW1gkmEGJJ46q2V7l611iziiVhs4FurpA5E4lYb45oF0LhfXOJp8sK1X5syJkVqsNH6E+N1A8G4VXk9Z9tpuY2MKLyAprfinfNpT8rzyUyglegNoQtQH01Xe9IbfMGfNY9LaiT+NmuuHFHGvxV9fpOqcsX8/5HZJQsj3gf7SLZScACGxh3xcmrF8GQbnP/mu6JRdLqblOAy7zPN+JKZFFi1nvJL8MMbe4KUPnlgNNdECntVEAtKasCtJZQTyZyAqeIydD/YY0S/Uq5ZFFXB5mnGRyUXqRmfXpNwhrj5jxNIiESuwRIHcrFeyBvFgWt9RX36hxuSf4EJhiynzvAyjarO30+/I8rdLrRcZCCKbEWi5UyUQ8R4DVMLbcfUAmm9UcEKOJ9lvFiOvGxTl2OLX5QsPVCJCTcR1IzFquXSciZ/MZRfsKpHXGEOQkuCF5mUj6+iv22SgQDpSXvdh6e39wjE0EWCCgfra97tFCghczgUxz/Vrj6g8WOrZErKuNj8a40xspnlwfwwEo+I5itd1aDwwvOnXswRt7cOG652XfQrkt4yvw9TqhaIriOcPoILfZau0Cq8Qa+/8UvwUqGuzY1qdx1WCEmzliYY2SKhgjFA3seIvxwZJfAWu1ZZDIJvAqUCdvspiRlAp1Bjf/km+L/GUvVhmHqyGNAcqhL+e6rIyK2fcYFLjb1ifP99B0esQluSiSljAVtUelhV1QfUh+EIPZ8814VhMY2d/NZNuI6/Gp+/5Jx6k60tqAjsuZssbWi1PX+jIMeJUp89uV+3Q6+SWlfsSgpepgbegcJwrNSu41x9afZJ6i6CZ7r7lE9ZVXJtLca0nFtEkbB+VAWT2K4IuAjBL015Dyawb1y42VcOq2v97m4jUJTGrVp6fotZHMwZmrZMFNBlgkfjRRX/lvIeNAVliAEl2J/l83kQZHpdlgeM0z9OVpXNcjKTPll8RfaBmJplDKzogQG/4aEYIPZK9XfnqtrSGOrzVHyiTUEmst29dVOnWqziuCqOKCb6WQ02QqXDIhlGfK6qFpbgLQq5UGfHGb0PETW/Jw9ppHNQ2NLST0ybJdTYIiN8aOxuw+4NT9Qf4tBlnbtDMFCrZGRtz2mn4Cb4Vt5hZtjkTGJRYc1yAGoqLIvnbm9A193cAeGh1daxhN0HgtM9ozw8hU5YvxgEXc9/ALXZJEWi2JY88bMqRjuz5YuC7tyV8uoA~jZ4nI6zGB4iHcOnX2QV+aMdsMWRGB3pkO4pB++/IciM\"}" + }, + { + "name": "Response to Step 4: Provide Device ID and OTP Code to Authenticate", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"TOTP\",\r\n \"credentials\":{ \r\n \"deviceId\":\"784b08bccbfc4ad6bb898109548afbc6\",\r\n \"otpCode\":\"470148\"\r\n }, \r\n \"requestState\":\"ZClVDAtP4V0yQ.....H13j87xk2odZY\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2218", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 16:40:45 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "D92K30T3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJTS.....iA_93JUO0JmrSg\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "If a user wants to use TOTP to log in, and if TOTP isn't the default method, the user is required to make additional requests to complete the authentication.\n \nStep 3\nThis request is to obtain the backup methods available.\n\nFor TOTP, locate the deviceId for TOTP provided in the response and the requestState.\n \nStep 4 \nThis request includes the deviceID, the otpCode (TOTP), and the requestState to authenticate.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Online One-Time Passcode (TOTP)", + "item": [ + { + "name": "Authentication With Online TOTP Set as the Default Method", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "667", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 18:06:48 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "CURxY0K5000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"ja5yUKCJo9O7.....t/1HnHnIenPE\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the previous response.\r\n\r\nIn the response received from this step: \r\nThe client is sent the details of the user's preferred factor method so that the appropriate credentials of the factor can be submitted. \r\n\r\nThe option to get the backup factors is also provided (See the Get Backup Factors folder)." + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"ja5yUKCJo9O7.....dt/1HnHnIenPE\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1741", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 18:07:09 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "CURxY0L5000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Susan's iPhone\",\n \"nextAuthFactors\": [\n \"TOTP\"\n ],\n \"TOTP\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"ZtBl1iBOok1A.....PVKYxyCu2Iok\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Online TOTP Factor Authentication", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"376061\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the factor credentials for the user's preferred method and the requestState that was received in the previous response.\r\n\r\nIf the factor credentials are correct, an access token is received in the response." + }, + "response": [ + { + "name": "Response to Step 3: Online TOTP Factor Authentication", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"376061\"\r\n },\r\n \"requestState\":\"ZtBl1iBOok1.....PVKYxyCu2Iok\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2151", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 18:08:10 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iigF90_7000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....KUJiToJt2kg\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "These steps describe the authentication flow when the user has TOTP set as the default factor. After the user submits their username/password, the user must send the TOTP. ", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authentication With Online TOTP & Setting Trusted Device", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "667", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 18:11:28 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zy5OP087000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"ha4Zlad8gM77.....Q4wHWwM4GTT8\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"credSubmit\" indicates that the user should submit the factor credentials (otpCode from the OMA App) to authenticate.\r\n" + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"ha4Zlad8gM77.....Q4wHWwM4GTT8\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1741", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 18:11:54 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zy5OP097000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's iPhone\",\n \"nextAuthFactors\": [\n \"TOTP\"\n ],\n \"TOTP\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"ikCelDBqh0buGR.....pwue1HV9V/18\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Online TOTP Authentication & Setting Trusted Device", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"331466\"\r\n },\r\n \"trustedDevice\": true,\r\n \"trustedDeviceDisplayName\": \"Chrome on Windows\",\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the factor credentials for the user's preferred method, the requestState that was received in the Step 2 response, and then the trusted device details.\r\n\r\nIf the factor credentials are correct, an access token and a trustToken is received in the response.\r\n\r\nThe trustToken in the response contains the following information:\r\n\r\n-trustId\r\n-token (UUID)\r\n-userId\r\n-expiryDate" + }, + "response": [ + { + "name": "Response to Step 3: Online TOTP Authentication & Setting Trusted Device", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"331466\"\r\n },\r\n \"trustedDevice\": true,\r\n \"trustedDeviceDisplayName\": \"Chrome on Windows\",\r\n \"requestState\": \"ikCelDBqh0bu.....cpwue1HV9V/18\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2387", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 18:12:18 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zy5OP0A7000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....m0XFNaO8jE0Q\",\n \"trustToken\": \"vA3SQnUWUtPYuZMCT9rzhSx1WLD0knkP9UnegYIjA4aEDxIKfFl5+TJNfU64pv5y7ga7Ctn+adQxtGdB0+u+OrKzRqn+TQjKJYoQtIYb4f48zI+4ov2Wu+Q2WMXYdJEyFyUDkIRVcUllc6JBLGx5l7J6io4XsGNlIUY/fUVrB4hSKOPjVHTPapi63gbNK7s0~cA1+eNSWZOkj4R+bPmQr0IYZSfBaUyhiKlyqUXZiUKc\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "These steps describe the authentication flow when the user has TOTP set as the default factor. After the user submits their user name/password, the user must send the TOTP.\n\nAnd in the response with the TOTP, the trusted device attribute is set to true: \"trustedDevice\": true", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authenticating Using Online TOTP When It Isn't the Default Method", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "667", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 18:20:38 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "N1hJZ1c6000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"Lu5kHbpuURUY.....vy1o0iuB6Cm0\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\nThe user is sent the details of the user's preferred method (the value for \"nextAuthFactors\") so that the credentials of the preferred factor can be submitted.\r\n\r\nUse \"getBackupFactors\" in the next step to switch MFA methods from the default method to another enrolled method.\r\n" + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"Lu5kHbpuURUY.....vy1o0iuB6Cm0\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1813", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 18:21:02 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "N1hJZ1d6000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's Phone\",\n \"nextAuthFactors\": [\n \"SMS\"\n ],\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"bpFVO5GMLlWq.....vKqECmI4Dx/yhiA\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Get Backup Factors", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the \"op\":\"getBackupFactors\" and the requestState that was received in the Step 2 response.\r\n\r\nIn the response received:\r\nThe client is sent all of the possible factors that the user can switch to with the deviceIds required for all of possible factors and the questionIDs to use if the user wants to use Security Questions to authenticate. " + }, + "response": [ + { + "name": "Response to Step 3: Get Backup Factors", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"bpFVO5GMLlWq.....ECmI4Dx/yhiA\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2304", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 18:21:20 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "N1hJZ1e6000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"PUSH\",\n \"TOTP\",\n \"SMS\",\n \"BYPASSCODE\"\n ],\n \"PUSH\": {\n \"enrolledDevices\": [\n {\n \"deviceId\": \"57555b4bf9eb46d6bbd48e4f5df93403\",\n \"displayName\": \"Joe's iPhone-1\"\n }\n ],\n \"credentials\": [\n \"preferred\",\n \"deviceId\"\n ]\n },\n \"TOTP\": {\n \"credentials\": [\n \"otpCode\",\n \"preferred\",\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"57555b4bf9eb46d6bbd48e4f5df93403\",\n \"displayName\": \"Joe's iPhone\"\n }\n ]\n },\n \"SMS\": {\n \"credentials\": [\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"1c5ccb7a0d3e401687485e3310d6c4eb\",\n \"displayName\": \"Joe's Phone\",\n \"preferred\": true\n }\n ]\n },\n \"BYPASSCODE\": {\n \"credentials\": [\n \"bypassCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"kIRgoACsLVuA.....yLh8M9ijYUck\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 4: Provide Device ID and OTP Code to Authenticate", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"TOTP\",\r\n \"credentials\":{ \r\n \"deviceId\":\"{{deviceId}}\",\r\n \"otpCode\":\"336975\"\r\n }, \r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the appropriate factor credentials and the requestState that was received in the Step 3 response.\r\n\r\nIn the response received:\r\nIf the credentials are accurate, the access token is provided.\r\n" + }, + "response": [ + { + "name": "Error Example: TOTP Authentication Failure", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"TOTP\",\r\n \"credentials\":{ \r\n \"deviceId\":\"0ebadfde1d4944da9fb9fcb7317eb45a\",\r\n \"otpCode\":\"747877\"\r\n }, \r\n \"requestState\":\"vhBhoAyxipRPU2S05MXBdC4wYYW0ceB0JDv5Jns/UupxOZfF7ZB/bkP+FEIH5JHDfI2Q+r+G1kgjAijJmWVA0WNK+6PYigjiRE8c5oGqqEvjIurga/NyrgtvXgwZuHlhmQS4sDZqiPor7xLGnDBli4sTodMnHqok+RujrGhE5W5CkVZKeGbWRAwPcUuD3dX6T54QeEe/dXkILX//OGkasZmZQYNB0yzrE6/QRwkNzt/SWAAH7q69ejHtiS7yeqgYtVsrDCQh3VUoAD3/rXTcPwOhJlTGZ030wyhChPX5Dn9G6EmfYE8FZHouBmV3gWnkK7NRo2nPEyJrQd1ppf+6UqV2dq/9+6btluetZtexYAa9dIz/fYKJKKjPhrWSy14h8wYveEYw5tK5qEw/apAqqKBRCttW3YhNo0io7FjRchoTsTDLhuU0ydrsadJfBNgHIeZfv4q2+/QNe2dJqiPqxJ078bMxqq+t2TfX7d1XcUhdRm84b1hMs91io8/uMlayaGemweOfWGRaONq9rTltBoKrS1uqbm+BiZgUTmHEal1BNSkBf4B0vxdW6pYyoV9xPwvZtd65+vPFQcVAqOIYECiNtacZdZ9pMm1ciqyAR+AhfieG64LxgAFOPqZwVWxQZajNCrwo/5GC36lzn5Ag0CLAX/TYYgMaO4Z7semdVrvyq/DAXYmqpLZrB7oJgH0DmXn6T96cBYTzayH89P5cApbv+ri9rSPFvgvCKd0BIm4QQCYcKxmlU6ure+AL9Xw7KiVzzLVtdEiHSOBy2qJVW0FKKfnnYtBGGRmeMLGH4eiwj4Ud9hZ8EjKE24CAtquwyVOh7sZ4e8Fetm37OVojy7WSLja1/0b81SUKqHsO5qB0bsB+A91Q2lny+V5uudi8lB5aVNuVjgSN/KF4qqxv4Zk6UWHhGEgA55iUGfkZcd+yT+pKPopjOyTF0rFuevVW36VBXtIp5YaHG/ThShcHOgEmtv5t5nrmsmtLH7M18RA4Yg2nVaOavm1UadflorfopO4Z7F+Kp0V+hGCvFBd6F06r1gpu/An+R9fZ/qkDZablZvkuwNYiQQxNSCIDG0dPTHIbkYbNKD2tupuNTh7Hk7Lb61svlM0IjySzKFhCGV6MtdE6q7zrCpBrx1oefLHhPCLO67TawT8OXm6OWIzt6vh3P5E0kNKUKR1pXXiXNt3dPutuRbCcre3lUSnwGW/3GyIlBR6oKhzrVL1yR26Pxd2NROfMFSCrozAFATXo98sz34MGF0MGuFQqy/yPzhQorBagseNP2mQPoUmJ6Y+NAGI/FF5EDR0StU+Cent+U550cUdrZn6Sduz/ySZdGwJU9Cl5olM4AQih+LLsLLFxol+goFPmGALtJ5iwp0Es87p3Zyz7haOa5saHQj2ceh092ttQSB0q2wIsixk4ISZhynZ88L9yLujorebNtae+nOBHPOmLJB3kaXmEs4cNVITsDWkGfu4RZBJpc2p/26t2sSVOCQ1KKl1uF7GzK46RqPPqscWuVx4cL+ANZ+8EFEgA9Y3NZeF4sPv02X3WcHpeZJdyoIA4951F4sBHpWe2R81M2r5Urm94Yw4RjMazBu1F55D+cPyuvWvielMWT8b+WNGn/k/lna+nTLjChJZLySvBrcNdK12Z4fFtjfRKoIcN4ivDR4XGFIU+XZRImiUfS5835fC9c4XlRHuUxBPUgIv0Kg8fWGDefXYn2V2vMw2IcUg5sp3c/mUZ0iUHAhRqd/BLJW/QLxujKoH3rCdHCff8PCl+gXP90CC+MAoifioIR5CaycuMyDpC+RSiqKBYEXneaiTCArZ1qJtK+HWQhFSJPY8pw/UYVBPrMQxWwvmb2orWb59javVIrn33wR6y/w~C3YpQ9O3CXHDOUS7YtcP6D7gOQG0Q0X/u+UMJWoQXcg\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2215", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 23 May 2018 00:57:44 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "pIqsD194000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"failed\",\n \"cause\": [\n {\n \"message\": \"Invalid passcode.\",\n \"code\": \"AUTH-1105\"\n }\n ],\n \"TOTP\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"BYPASSCODE\": {\n \"credentials\": [\n \"bypassCode\"\n ]\n },\n \"SECURITY_QUESTIONS\": {\n \"credentials\": [\n \"questionId\",\n \"answer\"\n ],\n \"questions\": [\n {\n \"hint\": \"Cinco\",\n \"questionId\": \"FavoriteFood\",\n \"text\": \"What's your favorite food?\"\n }\n ]\n },\n \"nextAuthFactors\": [\n \"TOTP\",\n \"SMS\",\n \"BYPASSCODE\",\n \"SECURITY_QUESTIONS\"\n ],\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n },\n \"requestState\": \"fm3hOQVCqh16.....kO4pB++/IciM\"\n}" + }, + { + "name": "Response to Step 4: Provide Device ID and OTP Code to Authenticate", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"TOTP\",\r\n \"credentials\":{ \r\n \"deviceId\":\"57555b4bf9eb46d6bbd48e4f5df93403\",\r\n \"otpCode\":\"336975\"\r\n }, \r\n \"requestState\":\"kIRgoACsLVuA.....Lh8M9ijYUck\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2143", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 18:22:18 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "27cJe1h6000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJ.....ZTfcUaQZ97tg\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "If a user wants to use TOTP to log in, and if TOTP isn't the default method, the user is required to make additional requests to complete the authentication.\n \nStep 3\nThis request is to obtain the backup methods available.\n\nFor TOTP, locate the deviceId for TOTP provided in the response and the requestState.\n \nStep 4 \nThis request includes the deviceID, the otpCode (TOTP), and the requestState to authenticate.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "SMS", + "item": [ + { + "name": "Authentication With SMS Set as the Default Method", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 22:18:29 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "_rMg50M3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"SoZgk07/g64Y.....0ws4vRD/r2/Bk\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the previous response.\r\n\r\nIn the response received from this step: \r\nThe client is sent the details of the user's preferred factor method so that the appropriate credentials of the factor can be submitted. \r\n\r\nThe option to get the backup factors is also provided (See the Get Backup Factors folder)." + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"SoZgk07/g64Y6.....0ws4vRD/r2/Bk\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1880", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 22:18:42 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "_rMg50N3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's iPhone\",\n \"nextAuthFactors\": [\n \"SMS\"\n ],\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"QjyV3ueFrGQCO.....84gQw2UUm2V7s\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + }, + { + "name": "Error Example: Invalid or expired requestState", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"sdh\",\r\n \"password\":\"TwoIggys2\"\r\n },\r\n \"requestState\":\"VhSLC1gHddhn0Ts0Wa6NgHTspgXK06o+VuTuxxoUvJpw0L2s5L5NbnvHo6JtMLAYarxzsZXvPfXkNnBCAtqoZUddiLoG9fOBwizr9kKMvwxF7tKx07MRAh7HmApMon6WQ1XOyylC1eduSbzuCpw89WF4xprDAaUVnlyeFatNinV1jBupR7JDTa5ZiraaWRsF3BqpBq5SXba29BAdAFMtDsq78PnnQmysL6E6HLSGejn2dc5JaP9l8IcDIgWuvEZzXvBmj6KTY1rFyWb5IQgLcnzHOTyDL2Tv8AhdzQO4ZUlzuxWI1KKASpRPeCh38cWzCxp72obP59lwSJ/cG9wNjFCQ+7VRZketZrZeE~MEI4nMnfvHQX4/EimA/yb4PE8M8WmBYkenWlsDLuvgE\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "574", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 23 May 2018 01:11:32 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "8s_^F0_5000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"failed\",\"cause\":[{\"message\":\"The requestState provided is either invalid or expired. Please provide a valid requestState.\",\"code\":\"AUTH-1120\"}],\"requestState\":\"VhSLC1gHddhn0Ts0Wa6NgHTspgXK06o+VuTuxxoUvJpw0L2s5L5NbnvHo6JtMLAYarxzsZXvPfXkNnBCAtqoZUddiLoG9fOBwizr9kKMvwxF7tKx07MRAh7HmApMon6WQ1XOyylC1eduSbzuCpw89WF4xprDAaUVnlyeFatNinV1jBupR7JDTa5ZiraaWRsF3BqpBq5SXba29BAdAFMtDsq78PnnQmysL6E6HLSGejn2dc5JaP9l8IcDIgWuvEZzXvBmj6KTY1rFyWb5IQgLcnzHOTyDL2Tv8AhdzQO4ZUlzuxWI1KKASpRPeCh38cWzCxp72obP59lwSJ/cG9wNjFCQ+7VRZketZrZeE~MEI4nMnfvHQX4/EimA/yb4PE8M8WmBYkenWlsDLuvgE\"}" + } + ] + }, + { + "name": "Step 3: SMS Factor Authentication", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"108685\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the factor credentials for the user's preferred method and the requestState that was received in the previous response.\r\n\r\nIf the factor credentials are correct, an access token is received in the response." + }, + "response": [ + { + "name": "Error Example: MFA Authentication Failure", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"778941\"\r\n },\r\n \"requestState\":\"7CKyX8xIhzGchw9P4zae/pRPmU6Wvw446/kZ/ixJ4P2z4lJTB9iwOgtjDwt3SmF3XY5fH6LxMkm3ASxEgGUnwwB1dYFsHaNG+g5+/irShAKsausAFeODV5deyjsQ7tiZdz4LSZRx1uCgtd1Vrm6c37c/zB3YAmGhw4lHRa2pnfHTSiwIv5/U4NieRNMbJapDUaLGSDU5p11jhKJKhLHMxe+tLLqOzdJ26dP1JghbvPgPBwRKsrNSTqc+r7ii97s7thPAJmbLw47ooESXMzZElRSh0BvdpivHbY/2UZEU2k4S73cSubbWb4OU6kcOohPpLGjhQtupUwujfbeiGMw2BvNKnNUmJKbYW4xaaSdT1+0G298crlNBHe6lZW8k1vmIrfoHptBv3vzsOGCYkPD2TfqurCuwbILw5OycgMyz6uO69bNQXdh87gf0Zibe63/IUAh/80vpfE7yLXCHGaxikWT0B9Lk7t3PLY1aF6CWQOLLPj70utL9c20qhpOshPc0ajgLSdj17rWqGaenmpd2VcQwdrUIQ6zd5XDTf3eRewvTYHW5bcCFZ/iLnPMaLbFSXOKOpuhAsNqz3vH0NHKuJv8CBUDMfiEBuUAFQT/jWhdb2MsqmAFTIVZtErOlvni+/t1/oj6T9g9+fiqUYgMsn+nzAIjKRe7b9MQ4+VI6/bnL+u+l+yNkXiotqnnN/kmnmMRW0FFzj9JRIQrPnNPthzSVBfGFmKgsYkRaw9mQx5Mzi6zj1KFVLBIQ6EBGtjzh0ufMtJBoSeqJBgZPaQcezC4sKTkvolbpDZnSNF8ca9+C5MAJQbJZakJAlkNA6WDlbzWV38RiQWm5zC4hdjoBBiLFO2s/G9RTvu30UxMii4JvLLwcre6u622QFj6yl8k3VVhjitFDNrh/2MXZo8vTdd8J8O3EWwODMDOgnPHL/QBwBimRcIbA6Oa50NvfsEmZtyhOodC8n6ZUERLEpHFMxgfJR/QKRt98V8YqBqeIgibf+QNUvYrvJInRiY61nV82SCLhbfkzjTgYCkiDjpgcWUVT6eDumWByUS5hOoUASVF5cb3OGa8NUFfmV0DDxMWo/2q7IRvZOJjqQWWM66z3yIoMFcbUQu4MfBT2T9cOlwYIZgfqyz98AYEmjU82CpoqkSyovXvzQzR8UWXk/8kFZuZLQUN1rWARlcWdy7pQ6UmYfL5kM85NaiPHGMw/Fcuz7EW5QltKASq7gSVEDNHK5O1M5qfLaZw504GDlaK3rW6DWpmM+Ce/aawIXlyDBQdDhVM2xXmFhiDVj5N6paNzXjw1OK4jBu0XuMvafDEIWoDew/EgVCTwREk2Ms+iun3XKKsUS/u3P3bH5edZokKkvxhLvPEEjigTITGaRLKr+wFthRr9Fybx5RCA+k/pYvydWTjNSICo+ExAECdz9z7agPQwbSyCdfPiJTJwwERJsMSVKwEeqDKf9y6fUFyqwWnSp/upiWHP3x30Z0osQ3vJ8xHnXmUwSg1fpxBGKQ7SnVpJfjhqtDiKb9T0VxehyRvPgYE5eQx6R+frbuQtfxYessBhUCIvIpULrZdofwgkpnvQbakAcP01emfaCzxTzz3A~YtCLRt4LLqYNlC/BCel9XUYmzsoACR7PFarIcStndHA\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1767", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 23 May 2018 00:49:19 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "CURxY0o3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"failed\",\"cause\":[{\"message\":\"Invalid passcode.\",\"code\":\"AUTH-1105\"}],\"SMS\":{\"credentials\":[\"otpCode\"]},\"nextOp\":[\"credSubmit\",\"getBackupFactors\",\"resendCode\"],\"nextAuthFactors\":[\"SMS\"],\"trustedDeviceSettings\":{\"trustDurationInDays\":15},\"displayName\":\"172XXXXX241\",\"requestState\":\"8j9nc9kDHuLRG7UL7V5MhbX/H5XeE5ci3aCL9DyM0Sz6R8ApQBLojPySWIqLpBVdVk3Di1RUHECP6AktXdk1s5Jc9RmTDnkNKhL4mtYIX2ANIote7dyAhhBgkoYhi+1gk+smaohaf9pRx6iJXd9KPE1R+OlM6XOII7V77xWQYEigoCkyQHyPcmP26gqxI7lY0LzH4XWQAF1lfxa2xpLg28P5yRQHRyatymieFWWHXYODtnutbHpRIsJFzIxcn7vb37QJpUKoKOICLKyt5+Ao/D6Q8etun9h+HJb6+tbMz6LgN2U2qtMY99AD6seSzxlXx7/Yz4dM9Hn0c4OI25S4+rqoxxw4C0Qn5FeXu/keLyI7zvL69fOek9xACPzYbKCj7z+L6bb+T2YH0U6DST05y5dMGKs7dNjaZW8ELYGjHqc7eRAXhW8gW6KI25fojlbmdAkITRVDwXk9WVhmLEPRoUElHmk2wdm5yDh2nUWa3Bq8E8TiaQuI51DDLSlNM/jji0kEdRSNidC9loDdnITTpafl34nqFOqPExdUNK47bpoqOL/YNY0XUpmW6v72ybDBiLilKD50hNdUbHKS/F9MDqGv4/BwrP6cz2gNMp7IIpr2TkGx+e8cTypmKl4Odn+JGKDXeUbbHvYhLKmAPOAXY3vQCumPmrRfR/sjWgPZuYhs/90IjzLtYFWSt1KF88Cj04vABTj7eTLYhs8gqKn5OHAL1jxTaExAIkRCB8jmAn7pvG22WAmWNduWU6cLnZfSnwGOG36ShTHRyP3auYBi9bMmfyrx05On6XSaEShprTXn/hLpNbTTA1N1f5pPYnGo8PNIsTVbXJsp7EVqe4Jhvi156O0c1kIl/F9K8EGWXforIdMwIln7p8amuRjFamMU4oGcw7SOmZDmG2qJyU/kzxKRBV8JkaOATjubcgKfhb6B4mwDd1wQRTRW2p6awZcTVuezcg76FMBjy7dpHnNlg7eR/JBZcCx4nLHEOtTyNpy/WexgxwsegG1KO33sEW6GhIlqa5LjS4wF1NRDnATqWBH1aw7sFsl7BZPFnNNPU96xDFp+wQm7WSfGD5cy/b7mzlzPPWa6eqFsIJ8kZg8tLITQ9ZsFj51Fk7cUAjYPx8hHCUmNcgDQHWK2DuEUbT1Dk9K0Lsm2SZyqdkdSDTlXo4LYzi8EurUtJ746Xd06+XY/FE8tq4NRUtUADSERXMvNGnaF91rQiqvol+dOM9PHBFFNY1+8FJ5YbzrFTvvnlfLSNBgjmg/pgk5P8iO0BCzTDR2cu2MxeO4alvwxt1tb1MUbOPZ1q6qzhOaBDgzb4cmDjQUTOeKhkq34sXC3UyyeJ7ZXYPItd1n7Ubj1CYSDmgxrCC9LVqGpW+63WvRGUUQcOzOj8dt/HnVgvhCfOZidfokazckk3tUo/GlK6heG9A~Oh1/1pBSJN07PbghXOMWmolpc0cgfk2EBtEIkgZ7y04\"}" + }, + { + "name": "Response to Step 3: SMS Factor Authentication", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"108685\"\r\n },\r\n \"requestState\":\"QjyV3ueFrGQCO.....yH884gQw2UUm2V7s\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2227", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 22:20:03 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zl9Ay1E2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJTS.....QXZ_NP9eH385A\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "These steps describe the authentication flow when the user has SMS set as the default factor. After the user submits their username/password, the user must send the OTP. ", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authentication With SMS & Setting Trusted Device", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName=PCTrustedApp", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "PCTrustedApp" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 22:18:29 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "_rMg50M3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"SoZgk07/g64Y6.....ws4vRD/r2/Bk\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"credSubmit\" indicates that the user should submit the factor credentials (otpCode from their phone) to authenticate.\r\n" + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"SoZgk07/g64Y.....ws4vRD/r2/Bk\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1880", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 22:18:42 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "_rMg50N3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's iPhone\",\n \"nextAuthFactors\": [\n \"SMS\"\n ],\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"QjyV3ueFrGQC.....4gQw2UUm2V7s\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: SMS Authentication & Setting Trusted Device", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"452916\"\r\n },\r\n \"trustedDevice\": true,\r\n \"trustedDeviceDisplayName\": \"Chrome on Windows\",\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the factor credentials for the user's preferred method, the requestState that was received in the Step 2 response, and then the trusted device details.\r\n\r\nIf the factor credentials are correct, an access token and a trustToken is received in the response.\r\n\r\nThe trustToken in the response contains the following information:\r\n\r\n-trustId\r\n-token (UUID)\r\n-userId\r\n-expiryDate" + }, + "response": [ + { + "name": "Response to Step 3: SMS Authentication & Setting Trusted Device", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"452916\"\r\n },\r\n \"trustedDevice\": true,\r\n \"trustedDeviceDisplayName\": \"Chrome on Windows\",\r\n \"requestState\": \"9FmHQ39tkpEH.....TYVQTdKgtFgJA\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2485", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 00:02:56 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "N1hJZ1r2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....dsNXPzpayflQ\",\n \"trustToken\": \"Xdh9OlzHccNXeITh94Z2T2wKuXMIAQ3x50/WwcrhmqNVMQP4IPA9kOwKkkV5L/ZF3Oo5BHpGiTLXtqDUPmYaVuyuxSQ846Y1VY2EkDkh9XYViGSdviYvgUxOpsu0tYgm5YkG4P5D6jSzc72QCvIIaaJ2jejRe/sl6Vagp4nn5WabdAW6BIHzSYc6Dtb/A63Z~QZS7m859dGF8p7TJLlGy1ZDfYNFfusdXvGmPR8E6WdI\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "These steps describe the authentication flow when the user has SMS set as the default factor. After the user submits their user name/password, the user must send the OTP. \n\nAnd in the response that includes the OTP that is sent to the user, the trusted device attribute is set to true: \"trustedDevice\": true", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authenticating Using SMS When It Isn't the Default Method", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 15:45:38 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "PK_rs0V2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"HTNpGPlxOcWO.....KMP0OnwM/g/o\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\nThe client is sent the details of the user's preferred method (the value for \"nextAuthFactors\") so that the credentials of the preferred factor can be submitted.\r\n\r\nUse \"getBackupFactors\" in the next step to switch MFA methods from the default method to another enrolled method.\r\n" + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"/vagjZQA7NHR.....RdRock7lYq0M\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1936", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 15:45:49 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "PK_rs0W2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"joeXXXXXXXXX@example.com\",\n \"nextAuthFactors\": [\n \"EMAIL\"\n ],\n \"EMAIL\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"o6Un/mo8Lyrl.....ui/bkfJfP4ho\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Get Backup Factors", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the \"op\":\"getBackupFactors\" and the requestState that was received in the Step 2 response.\r\n\r\nIn the response received:\r\nThe client is sent all of the possible factors that the user can switch to with the deviceIds required for all of possible factors and the questionIDs to use if the user wants to use Security Questions to authenticate. " + }, + "response": [ + { + "name": "Response to Step 3: Get Backup Factors", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"9GTg3RqnhzSH.....Nzw7vOTOKOlw\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2859", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 15:46:03 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "PK_rs0X2000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"TOTP\",\n \"SMS\",\n \"EMAIL\",\n \"BYPASSCODE\",\n \"SECURITY_QUESTIONS\"\n ],\n \"TOTP\": {\n \"credentials\": [\n \"otpCode\",\n \"preferred\",\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"784b08bccbfc4ad6bb898109548afbc6\",\n \"displayName\": \"Joe's Phone\"\n }\n ]\n },\n \"SMS\": {\n \"credentials\": [\n \"preferred\",\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"400170a6efc646d991bbf980987719fc\",\n \"displayName\": \"Joe's iPhone\"\n }\n ]\n },\n \"EMAIL\": {\n \"credentials\": [\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"3395cbf8e17c48d1b021eb3132e07ada\",\n \"displayName\": \"joeXXXXXXXXX@example.com\",\n \"preferred\": true\n }\n ]\n },\n \"BYPASSCODE\": {\n \"credentials\": [\n \"bypassCode\"\n ]\n },\n \"SECURITY_QUESTIONS\": {\n \"credentials\": [\n \"questionId\",\n \"answer\",\n \"preferred\"\n ],\n \"questions\": [\n {\n \"hint\": \"Meg and Billy\",\n \"questionId\": \"FavoriteMovie\",\n \"text\": \"What's your favorite movie?\"\n }\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"ST/bxcupWVi5.....5qdds5i4UAEo\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 4: Provide the Device ID to Obtain Factor Credentials", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"SMS\",\r\n \"credentials\":{ \r\n \"deviceId\":\"{{deviceId}}\"\r\n }, \r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the authFactor that the user is switching to, the appropriate deviceID for the factor, and the requestState that was received in the Step 3 response.\r\n\r\nIn the response received:\r\nIf the deviceId is accurate, the appropriate required factor credentials are sent and \"credSubmit\" appears in the \"nextOp\" list.\r\n" + }, + "response": [ + { + "name": "Response to Step 4: Provide the Device ID to Obtain Factor Credentials", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"SMS\",\r\n \"credentials\":{ \r\n \"deviceId\":\"400170a6efc646d991bbf980987719fc\"\r\n }, \r\n \"requestState\":\"ST/bxcupWVi5.....5qdds5i4UAEo\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2110", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 15:46:33 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "NjvHo0b4000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's iPhone\",\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"41wzJDJR33wo.....ZR+QQur9pHoc\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 5: Provide Device ID and OTP Code to Authenticate", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \"authFactor\": \"SMS\",\r\n \"credentials\": {\r\n \"deviceId\": \"{{deviceId}}\",\r\n \"otpCode\": \"336975\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the appropriate factor credentials, the deviceId, and the requestState that was received in the Step 4 response.\r\n\r\nIn the response received:\r\nIf the credentials are accurate, the access token is provided." + }, + "response": [ + { + "name": "Responset to Step 5: Provide Device ID and OTP Code to Authenticate", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \"authFactor\": \"SMS\",\r\n \"credentials\": {\r\n \"deviceId\": \"430dcf8c72244ad98e2db0e9e12f2f38\",\r\n \"otpCode\": \"515496\"\r\n },\r\n \"requestState\": \"41wzJDJR33wo.....vZR+QQur9pHoc\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1994", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 15:47:05 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "jmhlc1H3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"keDg18vAXDh6w.....DXwfqUMECAxE\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + } + ], + "description": "If a user wants to use SMS to log in, and if SMS is not the default method, the user is required to make additional requests to complete the authentication.\n \nStep 3\nThis request is to obtain the backup methods available and the requestState.\n\nIn the response, locate the deviceId for SMS to use and the requestState.\n\nStep 4\nThis request includes deviceId and the requestState to initate SMS. When the SDK receives a credSubmit on SMS, with the deviceId, it understands that it first needs to send an SMS with the OTP code.\n\nStep 5\nThis request includes the OTP that the user received on their device in response to Step 4. Since a user account can have many phone numbers enrolled, the user needs to provide the deviceId when requesting access.\n\n\n ", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + } + ] + }, + { + "name": "PUSH Notification", + "item": [ + { + "name": "Authentication With Push Notification Set as the Default Method", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "667", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 17:38:06 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "NjvHo0D6000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"vfuneKdYLahK.....3pfCUdwmcW1E\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the previous response.\r\n\r\nIn the response received from this step: \r\nThe client is sent the details of the user's preferred factor method so that the appropriate credentials of the factor can be submitted. \r\n\r\nThe option to get the backup factors is also provided (See the Get Backup Factors folder)." + }, + "response": [ + { + "name": "Pending Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"vfuneKdYLahK.....pfCUdwmcW1E\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1831", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 17:38:20 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "NjvHo0E6000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"pending\",\n \"displayName\": \"Joe's iPhone\",\n \"nextAuthFactors\": [\n \"PUSH\"\n ],\n \"cause\": [\n {\n \"code\": \"AUTH-1108\",\n \"message\": \"Push Notification approval is pending.\"\n }\n ],\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"rATagRibc//b.....xrKh7fJtIuWo\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: PUSH Factor Authentication", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the op:credSubmit value and the requestState that was received in the previous response.\r\n\r\nFor PUSH Notifications, the user must tap Allow or Deny on their device to initiate the final request.\r\n\r\nIf the factor credentials that are sent are correct, an access token is received in the response." + }, + "response": [ + { + "name": "Response to Step 3: PUSH Factor Authentication", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"rATagRibc//b.....xrKh7fJtIuWo\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2153", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 17:39:58 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "D92K30PA000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....kLbxxL97U_0Q\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "These steps describe the authentication flow when the user has PUSH notifications set as the default factor. After the user submits their username/password, the user must send the OTP. ", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authentication With Push Notification & Setting Trusted Device", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "667", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 17:45:48 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "DbVW6186000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"requestState\":\"SyBo/sb15ODn5PpC3ctlI6gAvYmKGWghpN5GaGvxWEBU5OCZ8sqdsvLeMvUjEuzDuG/6sEmDPEEmOn7Y5osD4lvEaFzbGtlQfUgwowloC2ikzKKb7doGNAIMd1MS8mAk//TnKRO3yU73363r1rWKm+YtGW9sKXhIsDKZhAT5fy4cU1sz9XxaWXc795KkgKSvRIXYyCMz0VNnCZlVUvaNEjlYdztGz7h+Ba21U0461Y2K5zrrpQQjMD25weyB37UHHaWl+frZ3Iruok6ynmy9m7FRcKccnmAs6MbVhCTxe1M~ELMuSm8LejoPXZKsz9qqW8FSPfcgI9LbkeoYlcB698I\",\"nextOp\":[\"credSubmit\",\"chooseIDP\"],\"USERNAME_PASSWORD\":{\"credentials\":[\"username\",\"password\"]},\"nextAuthFactors\":[\"USERNAME_PASSWORD\",\"IDP\"],\"status\":\"success\",\"IDP\":{\"configuredIDPs\":[{\"idpId\":\"aeacac5ce62f41749a4f0ea77b85aa43\",\"idpName\":\"Google\",\"idpType\":\"Social\"}],\"credentials\":[\"idpId\",\"idpType\"]}}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\n\"nextOp\": \"credSubmit\" indicates that the user should submit the factor credentials (otpCode from the OMA App) to authenticate." + }, + "response": [ + { + "name": "Pending Response to Step 2: Username/Password Submisstion", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"susan.harper@oracle.com\",\r\n \"password\":\"TwoIggys2\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1916", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Mon, 04 Jun 2018 18:07:53 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Ao^0O008000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"pending\",\n \"displayName\": \"Joe's iPhone\",\n \"nextAuthFactors\": [\n \"PUSH\"\n ],\n \"cause\": [\n {\n \"code\": \"AUTH-1108\",\n \"message\": \"Push Notification approval is pending.\"\n }\n ],\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"hZN08/1MSlA4STt9zMHprwvNnL4k34llWRKviS0E5+Jx5NyoHLhRuocdwC0SSEBEbZI4jdRP9WfXLqDxn/WSPjTr5Ob7WAZeADv0jj2t5aJKUPcWVFpWdb59rmxkcr7qnw0gIUOQ6HTF7o02VLia+69TIqyJMYoZ9d7ntk8mKDjRWKqFGIh55B1bEBv1RmyYOIK1POBZtqlBxf7pW+Yf/eOP7FFGKD2tzaGd1GQmeppEIRMcA8DX6VBuWx7oCrjmlMU9hqMStgCiEoqoY21iY13Egq3E7gBx9OI/5nyieSIOw+b4zB6WXpapAj/F424zNifRU8uyrRPnma7eUcX4xjjtz6RjbMlN9he+qCnKUHJT3m3z0R7JVjjzQ84hAWbUYWJjPx2CrP5RqMdNQ5RFApfhvQIXe6Cb2qqSHXbehim+yZ/8uMcNWPnhLXLqlcG9t1aBgn4aTW9qy3O0tjonBy7u9NgGb7uQ17gURo9qVtgDkR4cVqHkjKUpPwTVMs8FdteE1OiGro+jSob2gI60SHoqLBRez7jCKlruTdlIWZ4QGxVBN5vJDnxSMm+aHZYLvsEjv3xGXSLdtVlSFX/TkHme9SdEKYeYUwdDmJ7OqlCpcLz0eUKIg/h/hHFmMDxyHjEWxZO2FHYxTuWQw3aQseUgf2E7Z7pWC4ydYMcJYxcaQ4jyYFHiVN8Qd8CJ9Ra2KaE2vCKb0A25fnictUXRWkHPqSXSsfqrGvgYILRI1Usv3+Z6eT6cDih8YcniI01bqiushwOF8fNtFpfaJjgQNdrVXvJWaXynwcbsjF7MbHuYuEMqZCq9dezyfPx3+sCR9qs9UnaSNaUs7jvSHenA5ilkndHOMEppMypB5UEvz91p8xYnATXbe0uRMrdC3QQ9msdmfWzL/Tdr8Bvk/vI11AkAdGPno5CuXcf+3b2N+P/+OogOK9di8QP5ZP04L+5GyCDB2/JdLnlHrWZqNp0qyhJdL+DAvU0qLXcqfZBfElP4+1zS6B299tM73oELM0OW/FSNtPMYe57U09OSMD6bWRZ0iicQVUw3InJkd1I4WTG/HZNPZGKh6ziZ40BVDqq0Q0m86Vlsw9BohAf3z4znxkQEjU57/nSH+PelinmvZ7cAr2JZ8N/XbspwfDvHp2OyePdoTbw/xg5XX5jOwIRPIEEI7YRL4gq7+ze2IKJ9PLAQ57zyo+exjxtBFCLfIX7xswBzxxWse4G7jRd8mxHjJCDivYDnV6A4OylK99/rZe3i/AVgjjHM9TyitQH5m8GLDII5qA2rNVJKLJoG2WMHMKbY/rHSaYn/UOYPEyL84R0iBG2jrpL7uyA6Mgq50oTiSKnZ5jvzMEBxBZd3H6BhNHKApLzStCX9/1/BxhH5z6ixnnOrOq08gR0Cy4BaRXeQcLWDT9ppX2e1UCbbDE1bi943JtxFEwAaVCmEt6xO2SrB5Bg2hDhFdG+E+fRxncNCrNKPA0zC1qjXWZj04P/CEJyD2X5dI93hWibSuOsxeMRI0dNw1M6ngSDwaiiJd0BEAns7iRiCczHjnoVRmKIf8IEjP/964jbTD5a6a8dd1X91mkesqGjIwDz+FdLxmw+I~4wxM68OyV5B7/KbW8Zs7ZIgt2Ixzzf4oTnq0eQIF6wg\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: PUSH Authentication & Setting Trusted Device", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"trustedDevice\": true,\r\n \"trustedDeviceDisplayName\": \"Chrome on Windows\",\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the factor credentials for the user's preferred method, the requestState that was received in the Step 2 response, and then the trusted device details.\r\n\r\nIf the factor credentials are correct, an access token and a trustToken is received in the response.\r\n\r\nThe trustToken in the response contains the following information:\r\n\r\n-trustId\r\n-token (UUID)\r\n-userId\r\n-expiryDate\r\n\r\nThree Response examples are provided:\r\n\r\nPending Response\r\nSuccess Response After Pending\r\nFailed Response" + }, + "response": [ + { + "name": "Failed Response to Step 3: PUSH Authentication & Setting Trusted Device - Auth Failed", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"trustedDevice\": true,\r\n \"trustedDeviceDisplayName\": \"Chrome on Windows\",\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1835", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Mon, 04 Jun 2018 18:28:14 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "WBAdy0e9000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"failed\",\n \"cause\": [\n {\n \"message\": \"Authentication failed.\",\n \"code\": \"AUTH-1007\"\n }\n ],\n \"nextAuthFactors\": [\n \"PUSH\"\n ],\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n },\n \"displayName\": \"Joe's iPhone\",\n \"requestState\": \"XwmBqeeVr91a..........19UAGSkTZ7hqbIZinQ\"\n}" + }, + { + "name": "Pending Response to Step 3: PUSH Authentication & Setting Trusted Device", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"trustedDevice\": true,\r\n \"trustedDeviceDisplayName\": \"Chrome on Windows\",\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1858", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Mon, 04 Jun 2018 18:13:53 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "PK_rs0y8000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"pending\",\"cause\":[{\"code\":\"AUTH-1108\",\"message\":\"Push Notification approval is pending.\"}],\"nextOp\":[\"credSubmit\",\"getBackupFactors\"],\"requestState\":\"AsV7Jl63DEm1Q+8UMx5QEHCHLMv2t54LdQJdRoN2TqlSxG6JZ3kqo4i6Gpz4NLFZB4ba/yyCq3gON6znwONgU+2gZVvvnYuRYhl8lyyYf4eSSCN4Bi42zISgkuDuy2i9+89NUu04Wj8+utSdQz2AK2EVcTa7JxpAnn9Hf1junHtMOYI2gqW/3MYj74rGN52udiYs1S7reSxULmV8GutpQ+fTUWOksDFm3zp7QxccfNmCkgETj9ZZSAH/2rjYLWS4RdrRRnFgE8e1xLhrxxUXi0Jmnwh+M6HcnmBxNKmYDdw5Gul5bcVFOU7AF/y0Q+jG/qWhTaz73HgcjQHCjukUZCvUel8NndYguxUUoLDA0g0swrEpXMkTtiSMI7bi98Xwj8H93bLXOlXVG28P5bcffRmN6edK0yThuaORusU7vhicCtE5K9DaUVa7LWspqijwqgW1lXIeBkLYYzE3/k98lT0CGYrPBWZrwwQ0pv297oUmNDyxlMFWlTtbe7Ho8dDM6t3m4OwlDZ2wGUVHTcPvegduTLeIR/yi74AqZi9bC8OAoxgrPb3yQuJANJjL+q2gOI4D4NZeJuxLtwcoBSjXKormsZhgz2GehErUU5ZsYdz94WXO3iaD6zIwR9Kek99pKyF6ZFlJsSFqaGD02YAsobOSU+kzeCCtvHhgs9/JebG4vnGnuNGNZnMnaSKZ6Xq3y36aB+DtxXeP6u8OjAZQOv1yIA5xi1cDR7MeyxLGsSbbBGbzyAhne0zzEH6Drf3iRlXrWLBW5g7AHj54sOMKJ3MccLjKhS5mtFTbvag0mICTE68cl+3Nbfw1NcPEd7fljPi8/sncI3pfJCHCb8UMo0nRQcoulv6lLJRW45oFQ3C+OhwD+JzcFRrKqPV6idhYHdAK0YHdJucysvXB7PYdSAJ63UFXAEJN58ORFPB+mTQyOvD5ElbSlDCV4Hrt9Yq/s8jFVP9VPUtzkvX7EtiTE7FsLT9PKw8HcHMusvZnr0uT2Q1XgEGvJH8BiVr97DFn21LmMQ0byCwhnEpm2oi7xnWhJWKW191/2ltOWd2SnJ1nf7hYyo4zSici3Ep10zjgXhenqIn3FarqmVd27arvek+xWqV4r+OJ8hyhmKaw2wNSejC2XdV2A1vYPb5mumZD/7Ygk4mWgt8a8d/3AwlzzIOAcqXemx2tpqAAnL8kafWes9zXBHtJqFoKOtsoUKEbRf9TfE/C4wPkpfxLuIRSOzwjxHe6GRt8NjJWA0m9F8gNlCzBo9uYZJrrlEwwjxrm3NL0JH4taF0mOHVksYfV3Nyuq3P143lPQbYwUzWcYLamVDTZoMUAn+3tTFU+FkWhVMV2XNEp+ixBRgynEP3Bkxafscg3nVuKrKlJ0rIZqlLkUlGv/D7JTxCwcwBzlzxjbGpFmmc2rCqU7MfB8197WLOhpV0gRbj8Gi9Qa7jDbrxlxB1Nyz3LLP2x463nEtXwVB0Lv6H3efnbVPH7/qqciSPTLVIGaKWlzZU/5GPU3IC1i7HVYyHCU70Id6Mda5Nc0JjGaGKVXJwomjkjrbYTrDZ1dvL54dYOyC3OPFdPggA5lQkvuRhBkdfW9SkZfN8S~ZG9rtLsXVLz1hbWs4tNGLWCf7ESaGRFzlbEZsWVuCFM\",\"trustedDeviceSettings\":{\"trustDurationInDays\":15}}" + }, + { + "name": "Success Response to Step 3: PUSH Authentication & Setting Trusted Device - Success After Pending", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"trustedDevice\": true,\r\n \"trustedDeviceDisplayName\": \"Chrome on Windows\",\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2474", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Mon, 04 Jun 2018 18:15:12 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "N1hJZ1IB000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"authnToken\":\"eyJraWQiOiJTSUdOSU5HX0tFWSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzZXNzaW9uIjoiQ2szZWpNWlh2KzRjM09SdXR0dmcxODVNYTBWbGNSNmlWRXB1RGRuZDM4cm9DR0FMSjhSaU5OV3d4MjNoSFV3ZXkrbVAzc3crREJMVXVNSjA1UXVmRmViMUhQNzI2NjZTRHFQWlhzUkpDeUkyQ1FDbytSYURmdTR4V0xQck5xSzhhczcwTzF4VmVSRHBKSUtXbkVSWUJBY1IyVDgzbHVNa3VrXC9JTU9uRzh4VDBsWFk4YnZyVDFMYUF6UkFuYVFnQndXYWNPMlBEUVJIeUVVbjJQdXB4RmU2RjhwV3BcL1hkK0J6UjFJbk5zK1o3WFpMT1FMZVdTSFwvd0pOb05KRTI3V0w4N3VDcVlzVm1cL0xyYjBYYlJyOEhGZ3Rlam85Q2NmT1JpSVQrSmNDV3lNOTdBM2dJTEkxWG5ORXF5elltWkhBSXRJXC9SKzNIS2ltQ2tKNXh4b0wydFZNXC9oWmtkUkgwZGtpOUxZQitpaGRuTm4rOVI5QTNDYnJmWTRUMnl2WExQazVldzZkTVRYN3hpQUNLK3owbHc0MG1kRE1wSVgzQVBydnNMb24rM1RycGZiMDNjUjJiN0UrRTF6cjFQZFJFQ3ZvTXJSaUF0SE9TN3cxOWxRamo1RXFDWlRnRHBZNXQ3czNrK2hRKzRNd29oRWdNRXhEM1ZzazZKeUhhYmU1VVNHVlE5Z0NCRzZpRWZ4K2VBeDlVOHBTVWxiVDRSM1dEMDAzbXNEcVplSm1HRHRTd3BKRkxFclpvQzNaMjlMeEVsWVVHZlhqVTc2c3NQMG1VVUNyNTRHejNiQzMrQjFiMUVJSEVCYzdPNnVZVTJ1R0NncHpkNUs0bGJDeWR4aDdVaUE4NlZTZVJWVGlFV1V6aDY3dm9TTWdoV0pmWXJWbWRqTWR1UHVudmluTmVsVE94MW9tcEppdUltRWpcL05RR09tRytxR3FzYkt6T0cySmlNN0dcL3BXVTdTTndJakN5RHhGd0I1K3ZIcHZXYm80N3BETHpzOGlBc2VoSW1JV0RhV0tvSDg0a2Q1cXZyeTFac3Y3Tm5TSnBYSGpUOWpoZVpMRmdoREhZSkhEUUwyQ0V4dFp0UTdabW1wMU94S2lkYWVzREk3eG5Xa1ZITEJzQ2h3SEZBNVdOUUZxWFNxZ0hGRzlJcFNoRDdnYmRCaUc0N1lcLzhyb3dKbVwvUGhSdExHcWk4TzhvTjdsSjVCbmFJWWkwbG52S0FXUVhQenZEa081K0tnU3JQVkt2ZlN6Uys4V1dkUFNqdFwvbXlwOFlwUVlCS0hoQ1kxU3dpNEM2MzdrYjFTMENqb0VxUW9IWWRMUmNtb0RXVUhcL1k0NnNtblVLTW82WUEyTE1BbXVDd2ozSmt0TlBvTmx6S0I3WWYrSWlCamc4U3I0aTA1QzJRRzdFTVFuNXUyRzVZQkZycHVTQ1FHbDhaQU5aVWZWQXdBYzhnMU5hYjhDSmVpT2N4aStnZ2xFdVgxc0hVM29nUlQ0czRLZzZzUkJCVEUxSmk4YVdIcmZkRXhwcnVvQUxSR3RIOVpwNlJZRzlaSm5lTTF0QTFGeG5YbEZtMXBBRVpLUDNvZk1mTlFsdjVRQ3dsc35GdDRzZ3l3V3o3cXQrWThxUWN4VEs2eE1NaXgxaGFuQzRTOEg2bjNDaFlVIiwiaXNzIjoiYXV0aHNkayIsImV4cCI6MTUyODEzNjE0MSwiaWF0IjoxNTI4MTM2MTEyLCJ0ZW5hbnQiOiJ0ZW5hbnQxIn0.DSqsodQV-RplXuY9sq1D5zCNUWNHRF5z-PKpgZ3mozRuNhefwKkxG58GJBqybUYzsYuNs2eKEOBPzOPMdaX3U3bjQcq6id-ZMyBBzKCdv4wtBmYruJ_-Vca_hObOJQGbJJSy2JemQitaPs2GiL6GwDxDqKDU4m-14FUqQrTLFtZp9LSVjFiJAHSD0qCROUEN3to0jCDoBw7Y4onDSWPNIH-MbQviP9y72Osht4RmxO3fqdfLnBdkJ0bvLu_CY3MUXPZDUAmDJ9uOxUabTT7zizuIKaIinLPWKcEc89k4nXhjwQiCzX1N1wWKGvJ2TM5sjB5sjEXiqkzC2YPeqaG7KQ\",\"trustToken\":\"JTwV8RRjLeN+kXfHOCN1U/QkgjQ7PSRTaJJdVPaNK88899fZrAdD6llZ+pu8quBvUPEA0o3E4coTwB2vv7TIl+P4cuG+6Z9qGfKTbHnjE5rb66PW+Hq6OT0mAv6A3Mg+aNqng6QTe6L7WZqxMIsfX5fugu3R2c+KrEXDvib50n5iel+ZR37Us9QVp8jUKEo5~2HTWZeVLqQckVJoXOz2kkJTQ4NM+/aOD3H1wPKHAdyc\",\"status\":\"success\"}" + } + ] + } + ], + "description": "These steps describe the authentication flow when the user has PUSH notifications set as the default factor. After the user submits their user name/password, the user must send the OTP. \n\nIn the response with the OTP, the trusted device attribute is set to true: \"trustedDevice\": true", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authenticating Using PUSH When It Isn't the Default Method", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "667", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 24 May 2018 17:53:16 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "27cJe1e6000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"fBngO8Uj/zu9.....7iO8xH1FudcA\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the Step 1 response.\r\n\r\nIn the response received during Step 2 \r\nThe user is sent the details of the user's preferred method (the value for \"nextAuthFactors\") so that the credentials of the preferred factor can be submitted.\r\n\r\nUse \"getBackupFactors\" in the next step to switch MFA methods from the default method to another enrolled method.\r\n" + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"susan.harper@oracle.com\",\r\n \"password\":\"TwoIggys2\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1893", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 31 May 2018 23:54:13 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "8s_^F0z9000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe\",\n \"nextAuthFactors\": [\n \"SMS\"\n ],\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"a7i44En5LA262aK71XAJhsB4Z9lDEdDEtwzTua3fsVyyTcxxcpMbBeuTIY1mvvXZKwMua53eNWHOBNj7gpFK3oCWIX2Jp68/CC+HXCGuJEjFahyacVIiWpSXMdrH5ES0WL4KXK5OKPgb/lxmsv5fxS0AS9MbXXgYjXMV6cOXM5373KUIq6HO+zHRsAtaZchmYiCKYKbpLbi0dIKiwyrKmv9LFlI90zcN8jWqIzCgS+iD5AELLTxF3sdFU+abM2qw6sSrtYP6eFF3fzNLYHBQY0zCfHl1RoG0/MiNnyAXs7t1sdZjB9cZWelfHoDdRQDudI4/7FYEx9PxEO6TVWyVwfOv+utuH/dei/ucy76n8vev7eAjzQ1mEqKWB3kn7IybihSJLMj7e6gv4vS9j2yqbifI9cgFp3vqIum5XvCnl0Xigj7KpNgnejQ5UvDqgFvzG0iyfI6vz7SnJu5p5QvWlmfn0lOxgW359WH6/97JVmPGvuja917/IhYRO5Ni+0W/ZSnoD23P29LlSL9ydUsZps5fLLZq1bwjxtekj7AV7SNGmZuHBHBG9FTLDdAWp5sh8k2shWgsISp2Oe0IBdcCvxjk21nQV6fLPCAwNeDz4Pr5iPYnBMUi20ZPEElkJKpyxfSm+D2bIMNO+6gO6wtzjwweboAapu+EPAd9msxVszt9BU1xvq8FRcc64GH2df+wsahKaSiwNcPKvqE96KGUos6Nrx3PvtRILl2mxJ2USJWPage9oA+lTaHHvKsFCFzjmorpaZrQeUQC4uMrNBUgs/b5CYj223qWCY3FiqrB4537QHrJ9xRV3+tRChICZ99qlXgMlAxP98uqsbvSDGUsIWU8JFONXk5mMqpFnCjlEX4Y3HSkpFR0hspviI9pqxVAqAL84wFNrs0543sFrs9mmtkUAyPjuU46+tnTsS9z8P2bQ3HACNlKOPDt36K/Zj5rC71wkaATYAaVpUzymImMNmUDqqKlnxqI87N5fdd07Yqa8as1/DAheAioPYPWDZkMgxh6IbL2paqs4AP+Yt7zUE5p1kS4xUFlUQoJZTKh9JcPNanlFULrX6l3diav7vWaMgRpkdjbb/UJJpWAMMiSVDlt9d1/xTBEOjH/JHJyDR1C+9bxFAcuoM/zmy9Ha6pQEzyoEcZGz7r96ZAw3//B+3Fj6x+DLcxZ0gGXvKDQ3LcxPVX5Szyuiy1mHZ9MQYSKeIl2ZN3xPftSZH0QUT2cCEMsJ8/KjDvworJCaoXvXKYtvKyWnBPLAea/+uJaGcNx2N6JHRTE3pKES0C7coqNyRZipon0NlqpOOhhw3NsCS9tMkQqCc+/3jLS/bkU1RNf3tyQYxcIrjNCV+fgHNMfL71nSmQUHgMuxGDFUQJ7aBXx4CwplgE/tXCmyiY2TvE8ZrjdRbizb1x1JA/zD+dJmcOjTsFKlQJ29FNaxv2X3O1kCJJhdlQLEBf3XGb8YmcZZwlvmeMOLB4+n1+W/NBRHDWaxi5CIDH+IQrF22Lk7ubXbnYyOg0JgvnctAjJfh8vCvFsnJD28bPmBHNv5c/AzmQko2PASiqqA3X6XF561jipzKw8a0287BtioHK7c9gPHPzGmAg/xhiyF8qVnxwFHA~MxDdNACkkav8uoFnGEhMOzwfjR8Dwh/DRwLra/z0h0o\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Get Backup Factors", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the \"op\":\"getBackupFactors\" and the requestState that was received in the Step 2 response.\r\n\r\nIn the response received:\r\nThe client is sent all of the possible factors that the user can switch to with the deviceIds required for all of possible factors and the questionIDs to use if the user wants to use Security Questions to authenticate. " + }, + "response": [ + { + "name": "Response to Step 3: Get Backup Factors", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2383", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 31 May 2018 23:54:38 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "8s_^F00A000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"PUSH\",\n \"TOTP\",\n \"SMS\",\n \"BYPASSCODE\"\n ],\n \"PUSH\": {\n \"enrolledDevices\": [\n {\n \"deviceId\": \"1c853ca561364cf6902979ae8d492c11\",\n \"displayName\": \"Joe's iPhone\"\n }\n ],\n \"credentials\": [\n \"preferred\",\n \"deviceId\"\n ]\n },\n \"TOTP\": {\n \"credentials\": [\n \"otpCode\",\n \"preferred\",\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"1c853ca561364cf6902979ae8d492c11\",\n \"displayName\": \"Joe's iPhone\"\n }\n ]\n },\n \"SMS\": {\n \"credentials\": [\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"781125de9ce043bb8c753758203d5602\",\n \"displayName\": \"Joe\",\n \"preferred\": true\n }\n ]\n },\n \"BYPASSCODE\": {\n \"credentials\": [\n \"bypassCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"OpvS+8Xw6BAPoS7unS6aznY4qNmwcILPAU+nEcGVlODqbvBmKGQC0QPi5E/DfEqwTHYCL8lzEu88vSy4+pJEf7Y70akMTEVbQObD9hv6TnDKqRRlUKoP7YyDQ5EcvJQKAtsNzNfmfyPRJVKvup223g9+Q+G7gnx6nJSlvEvLhoJB5K5dCF7mgTXz18sK7t5quofQZtdFMePVg/Nz/S+iq/qhq78rEhEt7lunOcf0VxgENmcEWZoqlNGMbo8QEZFwZ12gTiGWgqe5ktjRG0NfQ1awZ8pysy83sNPoT0vxijqyU/xePAzAVIR5Ns/cMqur6ND7H4LQt/QhRbrhLAXl3FKxOfOJ4lxOcyRMNe2vzu/tqTZ8hIRXwG3+rSIQxemRWb2QI12QhHOn3NK3elrA4ODVyLVimUUMzOxyJx8bQt3u1N3/mXJtQMAOVk22PJmiZLdysMum7J9gKlZ+PBbu7aJosJEVFqumxOo64BLccorXC4/pFhwWp8saY6OOLEAfSMctf3nevqZ5n3ZZya6nSTcK5g50mpwj/F6Z/ONVBK1sNahyJXxXq9h7KQVlpJ/4QjtEzFEp6HdUDIl6+1G9/ghfb2iz4+KketymCv1tA43uSKd+R8KO7FYSNmp5QRPTLsuN1SOHRqjc2epoJl89m3RsLgTtbvWxcQv/MvJ7f/ybBiwbHqyBxPu5SdhrsOPf74/nOsea3ClGgrF9ehhSRbgHD+VGHRMF0yRhcNooHxB/f/jNSRcoTjnfK3VgT30SA8dw9bA45ONN8pPxwXj7YSNMrOWJUMI5hJO7xaQbil1mpHbdnDazT8cMTUzU20Un/bybptcPsROe7XkugwER4d96OTavJmR/VDVN7ido4Cl3V3yTjn8W/BrLrzneAcGTrYQmXFxX/sOTwLf4D3yl1bWOmwFkHqcxS8XpGne1RQfIETcSAORbZoK0SyQb5Mi6n028iJ93v2H21is0e8a/8MFFMLQeRjBLJaX0jBBcpSFhSX/yHnNI87EsZwNjLv8W9Kc/u12dFZMFbaz4Vkk1+57Q64I0oeI6i1Wx6/ekXmQPZB3RWjTDzfBmP2OpxUHKRXFWseGvelxPXeAMk6olhHZBXpxpkXIVbk8sMmHHZKw4aNEtO9w4WMG+7Zp+KO3h2DEwY1Oiac/WTyInYagiKm54qnIwpp3yv2A9w+jgzosG+Wk+6qndv+w/DSeGZeWWrCnrgWuRNq67GfQaCtY5l0svShgka1uA24cnWUKizqM1+n2eXjCDrJswu022OYVm/zYqleH8V/lEzMCV39+HUYtjdJXEgIk+4Zn8+ufwS1X0JcTYhgNkRWQkdidVT5vh3WF9Qy8EBJbdQTGkFTtmHndOrL2DVRY2+DvKDGeo2qrjv6mQcTL5g29+Poqc1X3wkXXKKy4bc9Xv4vwshRGvqCQpDj5weABvWrF5dNTURBL8w3W5/VpRhQiSsMF8pEGkyEn2rw7Hq6c/4Z5xycIe4pSNPS+r87rwnigCHlVWRbz7EfpZswvssqpuH81v33WQ549vZbX6YLVjdQ1YZ5aefcnwAPe8pbFLMuuh/5mbslbd1owW6nkDfkoOsm2o4hZnpVnmVQXhqWb8dRwzpwaTVb6vyEjRRWn3prNg4CEMRyv9l1WqUpPmN98rai3WHHj+~yVZphzPe0dt0SYh8lRlJyUssrFOlf541Oj7XJWN+tqA\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 4: Provide Device ID to Authenticate", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"PUSH\",\r\n \"credentials\":{ \r\n \"deviceId\":\"{{deviceId}}\"\r\n }, \r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the appropriate factor credentials and the requestState that was received in the Step 3 response.\r\n\r\nIn the response received:\r\nIf the credentials are accurate, the access token is provided." + }, + "response": [ + { + "name": "Polling Response to Step 4: Provide Device ID to Authenticate", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"PUSH\",\r\n \"credentials\":{ \r\n \"deviceId\":\"{{deviceId}}\"\r\n }, \r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1953", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 31 May 2018 23:55:12 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "D92K30^C000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"pending\",\"displayName\":\"Susan's iPhone\",\"cause\":[{\"code\":\"AUTH-1108\",\"message\":\"Push Notification approval is pending.\"}],\"nextOp\":[\"credSubmit\",\"getBackupFactors\"],\"requestState\":\"/7cSt4OjGIhpcM4ZuawppSGvL5FbAQR0Lbg1sXXgfMTBCpe8ufb7edRtvOOE3pNXYoNuT+yocOAAOTaIpq2t1jRX6rpXWV/9VBwRT3x9hSbHoOcDW1Lhdtet/mv94MKm/i52X2WpgQwMZEWbCw9QNIuYI/ivM4IFr6GbiZGZXy9i6wa4DUQcO2yWLJzghRr1VkSays10WIJYE/AbIBeZgXo4834oJs9nzxI5L1T0pzDnINaH3MjZ3bPSOYxyJ3bYgjnuvuPgMV8tBTC5aJ/8vsv2Ykvfq8zq+Hpz1BTI9tFvm/jHdVSlLU8iiFbUHOqHcR8G1T1SiqF72PiRYMgbCYBLHQyOqhJGpT/vX/NXmzfShdRZHcwiF3Aeiw20yGQjgiAWFp+QPQYxkvsIZ2hB/PhvvfEse6N8M/2mAxEVbWTbkZi30Md/ig8918fBFPUU/e5HCkhb91M+amzt8IuzSOrl+3dBe8sVqgXQRjjVw4ZM5VE919v0VJ7dLimhw9LBBEwZdpCDjyaYd6IEuZ69PL8oZ7uiKW4XKZF/fD/IUwuNLj6IKgynCYLuY+D2gluQ/khXECTOTUqafsz3XDMSbrnN4Soqz/Mqs4DpXOO5yvF/N0UoMsjxlzpoaFamBobvFRs6abH8XKO/oPHR0AacCe1p6xJZdZGrAz92JSZLqt+hArg05XBN+qgZHG3B287/eZEY4GrcKFvXL+ujcDCFx6g50tuWYE8HMG0ASlqbZbVf0bvvdWV3vCrxr0dEFxhSI2FjkLe7i4YfxW8UVzDLP9DqFj+cGhHtTyKFcBWLDM+aR4jbwwDAG9dqLEHkFNG0pc7ZOggQ5qQLCSmWX0q0JuxlvkEsns52/EnlvV07SoXUrFb2UQuouSMCDodFd6jqYe979NvDOy2a1B3pfjf5MUuylL7NVwupGuTiRa6TypnmYbg7bkOcKRSibuqjy9iIJV3A3XMExsp3W3Nt60Bu0n0xczVoKj7eun261Y79qqeQamHlC7vUs5bAZREwRWbpZogk7cIKhs8IqlYgj8hVqhDrJ//TVJTeKiOBgeuE9FGR0enMU8zeC4NzkVjWY8YoJ/liuKVMD+HyZOfTjdXvq9TRtCaWbCKJgu9+p2djn363uJA2o65Ikp7iaBUWbtnhJWqnpsfdPy8ZRDi0nfo6hKuzkZUvIBivVSXks+ytccAV8Dt6K0Bf/0pvTHd58Kk5g6fV6PUAxWw2F6AiX7XuzjLRLwbuhBBqxmFxc7VI57q9twx0SnvNhmFd/gYajyW6TInD9Ns6J8H/ldBCUlXTj456UK1WG87gj4i5hbpOMXmh7bDKcJhCap3V3ZS1iRJDSIdDph/Ofpq4nZJYvzBvsJoZZwi+nj8Y3G5emBI9DP9E8VQeNLiu0ViBJCzNa4yGr8ZLeX7knq/cn5GjTbRKEg7SE3FfYamvt2dL3OQxE/XLqUlUq8Up13wZgjN9t0dx+Xp+MXiwH0TOG2n1GbXpzdcxP5aSWX7sdqIiqsibXdLskBOiTmh358WPeE3ALpbBsLE6fwkTJcmtSPTLuR/BbE+LLLhl/Ur9d0e+YGTyry8TvL3cQnomzk3etTCBO0xfxDefGIH/r3A66igSUhg9rAabp/8VrM3u2jUHNNNXlPme22R69nD1KEYWfq1omZpe~sbRNIrlye0lkW3lgklIssU3V07vspGP/MinMxzWw+z8\",\"trustedDeviceSettings\":{\"trustDurationInDays\":15}}" + } + ] + }, + { + "name": "Step 5: Submit Factor Credentials", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the requestState that was received in the Step 4 response. Note that the Request payload doesn't contain the authFactor attribute since the requestState contains it.\r\n\r\nThe requestState in the request contains:\r\n- deviceId\r\n- requestId\r\n- authFactor\r\n\r\n1) If the credentials attribute is empty in the request, then the following are the optional responses from server:\r\n\r\n-\"nextop\"=\"credSubmit\" (if the OMA app to server back-channel communication is not completed)\r\n\r\n-\"nextop\"=\"createToken\" (if the OMA app to server back-channel communication is completed and otpCode verification is successful).\r\n\r\n-\"nextop\"=\"setCookie\" (if OMA app to server back-channel communication is completed and otoCode verification is successful).\r\n\r\n2) The client keeps polling every 10 secs and continues to poll for two minutes. After two minutes, the server sends the failed status." + }, + "response": [ + { + "name": "Response to Step 5: Submit Factor Credentials", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2230", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 31 May 2018 23:57:38 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Zy5OP0q8000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"authnToken\":\"eyJraWQiOiJTSUdOSU5HX0tFWSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzZXNzaW9uIjoicjV3ZUdnV3J5K04rNDV6NlFGamQyQ3ROXC9acHRzSFhEZDNjUHg3NENpV3lHVDlYSDg0Tk92bEQ0RWkyN2hlaU00c3JRUmdJYjRjSzFJSmpQZ3ZCcys2WjB6SG5WWmF5UXV4RVwvRFZIR1NXWVRkZXpwblhLRFN2OW9LZnhFTmhBdkxTbmJEV3krZU9hQSs5blc5eEU5bGlrT2ZXR3NYVFBGXC9UZndSK2h6U25RUTBoYnhyZFpZQ2ZpSFhKS1NkZHZ5dkp0RzRCWllyRWNmbjQ2MVdMbHJCd1Vqa1JVVHJsVTAxK3VcL2F1UmdpZnd6WTJyTGxmXC93eVNtUXJUOVlFWFkyU1JBcE1XQk1VMlJlanRxbGwrNXZyeUFmY21jN2VSTDUyQUcyM3JuN3ZNMG9CREFENlNzZnhYMTNCZlRYZTVUS25RRTgyZkdCMldCdzhNM0NqS3hRekRGcWJkeUNJVTE4ek1jMG5JY01id3h0b1Y2QklcL1dhM1pORUsxYU5lY2dGcnMzRzQzTFMxNUxLeFwvbjNodXJIUlNCWXNHNWdMdzRnbHk3UjdZdm1cL040d2t1VlhOakV5d0tZMWUwUFdyaEk4VFVTS3lMbDNZU01DNDk3WXd2eDRaNk5wUlNWVTdwVVJTSlRQejhWcmtEaFVrb0w2REd6bU9XVk1uRTNoMWsxNEU3c1VnT2N1U3BkTFpScUxrVzU5WHB1c1MwRDRNNk1JeXJDMTVxV1Fsdzg1MkpKVk5cL3BnMWtJYTFDejllcmxITkVHRStIVGQzSzExOFh6SXp2a1AybEFGaTlGZitCUithMktyTFVIaVJIWCtEVXhcLzd5eHAyQ1I1a0lqOVBUQlRJMWVsRE9LdloxZ3ptbUZFRWk4TkRKVjlsUG1Rdk41SCtvK29KaVlLc21cL3dNWUxOV0NpZXVjVnBFaEZnOHl4VDBMSkg5NHVsUzlmdFJha2kwSEtOcVZPcWNyeDl4b3dTbExjd1FRdEhzMDd4YjBHTE93ek0xTlExTWp3b0ZZXC9UOEVvR1doUGxqaDNEdXFaM0crdWFtNnlPOHRuYnBwV25IS0xuSmNnaDBMdnh2ZVRFa2hva2tiR3p6em5ORXpjY0pvOWZnSjJNRStGdnUwbnl5V2tVZVc3bGR2RkpmNWZzTkQxYVwvSGF5bjJmRm45KzBVTENXejFGNnJYZzN4eWdUTzJieFBWTjJFQ0hxaVhiVlF1YllPbnF0cDkxZnZiYnRkUjVNVmx2dDB2eis1emFhZXRTQ3JRU0ZsbFwvYnFZTE5aQmx4bmZtWGxJQ01hbWpKamZqbEtpNEtEWW16SnAxY2pQb0U4Ymk4dHFnRCtGUGtiOXhjQW5UbWZZN0pyb3ErTGw1RFwvR01uNkZsMXh0MENCMDl4c3VNbFVGWWIzWHRlMDB4T290M0JLaXFvSlRENndDSHVpK3J1bEx4NVR1SUg1eXpuMTd4ZnJQYTAya0RVSGxcLzlDd1habmloZ2wxYUtzWW9RVFwvNkhEZXhDa0ZYdXRYRXNWcGNrbmxqZENwVUhKa0dqMmZ5UFBDZEJTNjA0MjhzQU5ScHNxZFZxYXRvSDkwRHZKRFwvQlJGa356eVFKOTFURVVmWVROREZQRllqRkpOaThtWDJhS0U5R2VDWTYxcTdDbGxNIiwiaXNzIjoiYXV0aHNkayIsImV4cCI6MTUyNzgxMTA4NywiaWF0IjoxNTI3ODExMDU4LCJ0ZW5hbnQiOiJ0ZW5hbnQxIn0.X_ZfeXMQK3y8MDUZFjr6a3EgK_AWs3I4ErTozgVVxRj6i5abZJHFp0v1xsNRUTUiC3pxBxS7j7EsWHh3iUhoViFlF94FGFmWHWrdpNVl7fzutDfaS4Nt33umvc_BBXyCPfCwfWAn-o-pAdQErGOVwNfSS4bsGJxDNUzcmUQ62zSRd8bfmXoWftx5u7y0UMwrvht_rnUzFcEYeKKWEphLmO_k5BWuRD9hKFpMBXmOlWvpFZdal-02WqZbiXWwA3pZv_h8wZiMVuLJlXXfAUqLcAZ3fql_lLNjiQMVVVUIVCUqm_2cVSSXA_rmRidLcpccikHXnhW9Aa1-ecTKFuRC8w\",\"status\":\"success\"}" + } + ] + } + ], + "description": "If a user wants to use PUSH to log in, and if PUSH isn't the default method, the user is required to make additional requests to complete the authentication.\n \nStep 3\nThis request is to obtain the backup methods available.\n\nFor TOTP, locate the deviceId for PUSH provided in the response and the requestState.\n \nStep 4 \nThis request includes the deviceID, the otpCode (PUSH), and the requestState to authenticate.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Get Backup Factors", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 21:17:47 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "_rMg5063000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"C6o5PZSPXGKd.....KA4rNrOsqhQU\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"{{username}}\",\r\n \"password\": \"{{password}}\"\r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the previous response.\r\n\r\nIn the response received from this step: \r\nThe client is sent the details of the user's preferred factor method so that the appropriate credentials of the factor can be submitted. \r\n\r\nUse \"getBackupFactors\" in the next step to get all of the possible backup factors." + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"op\": \"credSubmit\",\r\n \r\n \"credentials\": {\r\n \"username\": \"username\",\r\n \"password\": \"password\"\r\n },\r\n \"requestState\": \"C6o5PZSPXGKd.....KA4rNrOsqhQU\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2065", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 21:18:01 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "_rMg5073000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"SECURITY_QUESTIONS\"\n ],\n \"SECURITY_QUESTIONS\": {\n \"credentials\": [\n \"questionId\",\n \"answer\"\n ],\n \"questions\": [\n {\n \"hint\": \"dog and name\",\n \"questionId\": \"FirstPet\",\n \"text\": \"What's your first pet's name?\"\n }\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"9GTg3RqnhzSH.....Nzw7vOTOKOlw\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Get Backup Factors", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the \"op\":\"getBackupFactors\" and the requestState that was received in the previous response.\r\n\r\nIn the response received:\r\nThe client is sent all of the possible factors that the user can switch to with the deviceIds required for all of possible factors and the questionIDs to use if the user wants to use Security Questions to authenticate. " + }, + "response": [ + { + "name": "Response to Step 3: Get Backup Factors", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"9GTg3RqnhzSH.....Nzw7vOTOKOlw\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2541", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Thu, 17 May 2018 21:18:23 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "_rMg5083000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"SMS\",\n \"EMAIL\",\n \"BYPASSCODE\",\n \"SECURITY_QUESTIONS\"\n ],\n \"SMS\": {\n \"credentials\": [\n \"preferred\",\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"430dcf8c72244ad98e2db0e9e12f2f38\",\n \"displayName\": \"Joe's iPhone\"\n }\n ]\n },\n \"EMAIL\": {\n \"credentials\": [\n \"preferred\",\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"1b28303ed6bc4d68aea2499175c2b38e\",\n \"displayName\": \"joeXXXXXXXXX@example.com\"\n }\n ]\n },\n \"BYPASSCODE\": {\n \"credentials\": [\n \"bypassCode\"\n ]\n },\n \"SECURITY_QUESTIONS\": {\n \"credentials\": [\n \"questionId\",\n \"answer\"\n ],\n \"questions\": [\n {\n \"hint\": \"dog and name\",\n \"questionId\": \"FirstPet\",\n \"text\": \"What's your first pet's name?\"\n }\n ],\n \"preferred\": true\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"TmreKCFGV0cf.....XuGlcrQ5fr4U\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + } + ], + "description": "This example scenario describes how to obtain available backup factors.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Bypass Code Authentication", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 15:30:22 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Ao^0O063000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"jJuAZbdqt0jj.....A/zt7poGy9gc\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the previous response.\r\n\r\nIn the response received from this step: \r\nThe client is sent the details of the user's preferred factor method so that the appropriate credentials of the factor can be submitted. \r\n\r\nUse \"getBackupFactors\" in the next step to get all of the possible backup factors." + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"jJuAZbdqt0jj.....A/zt7poGy9gc\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1806", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 15:30:33 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Ao^0O073000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's Phone-1\",\n \"nextAuthFactors\": [\n \"TOTP\"\n ],\n \"TOTP\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"kuPI6pwUH15o.....fF+A1jiJJ8XpIY\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Get Backup Factors", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the \"op\":\"getBackupFactors\" and the requestState that was received in the previous response.\r\n\r\nIn the response received:\r\n\r\nThe client is sent all of the possible factors that the user can switch to with the deviceIds required for all of possible factors (including Bypass Code) and the questionIDs to use if the user wants to use Security Questions to authenticate." + }, + "response": [ + { + "name": "Response to Step 3: Get Backup Factors", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"kuPI6pwUH15o.....YfF+A1jiJJ8XpIY\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1959", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 15:30:50 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Ao^0O083000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"TOTP\",\n \"BYPASSCODE\"\n ],\n \"TOTP\": {\n \"credentials\": [\n \"otpCode\",\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"784b08bccbfc4ad6bb898109548afbc6\",\n \"displayName\": \"Joe's Phone-1\",\n \"preferred\": true\n }\n ]\n },\n \"BYPASSCODE\": {\n \"credentials\": [\n \"bypassCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"yFY+KZr6St4o.....EjuArgtstvyx4\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 4: BypassCode Authentication", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"BYPASSCODE\",\r\n \"credentials\":{ \r\n \"bypassCode\":\"717656357022\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the bypass code and the requestState that was received in the previous response.\r\n\r\nIf the bypass code is correct, an access token is received in the response." + }, + "response": [ + { + "name": "Response to Step 4: BypassCode Authentication", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"BYPASSCODE\",\r\n \"credentials\":{ \r\n \"bypassCode\":\"717656357022\"\r\n },\r\n \"requestState\":\"yFY+KZr6St4o.....juArgtstvyx4\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2262", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 15:31:08 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "Ao^0O093000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....g_Kv0mn6umDw\",\n \"status\": \"success\"\n}" + }, + { + "name": "Error Example: Bypass Code Failure Response", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"BYPASSCODE\",\r\n \"credentials\":{ \r\n \"bypassCode\":\"611215405300\"\r\n },\r\n \"requestState\":\"I1EECGKoyYTesuNneipf4+WE7YvGz0Q99dW9uebulfrpbdrNmJMzuVU0f3OF0SW5jE1dziIkthXbzeEe0pGlCW7ddXcpCw/kwIvzYRkLeIe7Crb79ritejZU1UG9eQsOrrWhXnhwVCDqT/4JiwBGaQa6AMJ2UhPBZ51JRN+f1a/my71XASXq0vuyGUepp0A3QDD9j5pIzGhgpPtdCYhrNmM/F7JPJgEYvXhhA7WMJUbyhRHDp/ba9AozLe7yp5jUoTeGJCI64dIDAvz+g+RZb/bozQ7FmfOF3z2ZSnt5AySHZJfkjqtGlPmXPiIk5j/cPvnomiQEs7ySEhOzIYORcsTEczh+QiMZHaZB7xIWrHPMFRFIZGT7QSh60PzU7k7R4XNdt5iwJS6oxmD8hDZSWuTf+x1g0Ob+aT1i7wqJ8iFSjnx+dZyKiM8FefR6zTv0oeC7DjwmZkn5SNaHTqwBcvnuy2r7xx6tKNh6hcjugtINY8SFA8vilV1SHkJzxY97UcbYGtkc7wMvtffWjs1z+nqxhiH/yaXKc+d4QTK7E5qwlwYq2TtI3fgVHuiqTCPj/68Mp9++ytNNxDa1kPrN9sTBoUhXDlMEyeNy7sitEqQbeIFXg+jktzgD/02GEDr3fM8SIteq4xIaJTfVToh0l1hP5/lbp7060SRxGi+8vfVC/z/u+9niZBd32Fwrykhn2UJfTHAvoBADAOcM/oqmcHgptiHWcTKGoLxoW78IH/+VNcG2ytBklacLPvRl55DTezORTWh3WjMozNokOK/n8LGlN1lw5teOGi+nC+Cl6Ax6D+NnLTwKY18HkiLAXnH7UdY523vlZJnFUhQAL3jxn8S5OfxXh4yTX28Srrg6ltHUbQyT/VFK5SGZYLPEBuohde9gskB9J6wFe6Jug/RyV9EKZHGej96uZwvzciL0Mgtkyk0UEkXekGLgBMtoYHXsQSRY2PnBjOqhoO3DTO5/9H364bWGokBw5Q78td4OJHCLSEKbfTCvM4qNtlqZabWgmtTGJGDRQIYw6z+YtEGQGYeEQDUA3PW06ZfYJct9FZgOW3DdUWFpsbopJeDR4Eav5wUNlIWNLs79ZC08zIt9OdDY1wtTdM95VmjCpunW+qbD/XAoQgtqFXN52s47K8Kdfs8qv151rgqSz0XZtL65X3uKd6bUeqUcdlbAtJ2TzSWtBgPPusxG8waQcxi5dpLRF+OgTiA2CiHHgRxW052w6lAu4xV9uprCV7xdaz5StwEIsciRtp/WEpSl+gQpbUn1LjVTG5ZtR5VR/E/tGSBojVlVbZWzkR2x5+83kIB27SlrM3aVX5SiIEpujl5aJ1Wi1kFR9sIRM7slLgD5N7x/DLjIxocYx0YaFLGPH0v4a7/gKMzilR3WnWH1NZ6jSWtfNtu04Ez2NgP2gCARazEEY753WMU1mf/xdAnU6VOkiLy0MGEHzd0vaR02gNnrIEDoOXF9gr/d4s9TuWj1Gjm6JPAtapuhEqAfgB9VKR5/GOTd8Iw2tbShVdoXKWIXj2ETxS3MOrhc3rwbfu4xm8AedowrWnnpX1CKaBaOO4r8FDlzP3dPiZMhXmbXmTMwatg02RUreL6RM1gNbyeB9G6E6ha25EWvGrvQgN4t2ZI1NOAdSvhIApSNVRCHo8kBSJpCu1HBfnE4eM3i5C6uBzqzWK5VXTM1s0zW/1OO1WkjIgPUIsyX641Fpnh30vh5WuVaur+gLlJDBp2PT5Zwsm1fQ6bDWVpGelynnybodZRCxcOsxBWIRZnlzABxAmuWj+8JwVbV2Nv6Cysfp3T/HmUYSDFnrOjEoMstsIjeQikmCXmBmiKBBJBesvpvYvVXrzpfud6lKcPlSn7HCeX9gRWUXZOcldNjlFRv9jLT0Yx1YOY~4FVwcDF07w7N0NW/TndWCh1X8Pf4QsdK6rFuRNQqrgA\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName=PCTrustedApp", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "PCTrustedApp" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2362", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Wed, 23 May 2018 01:02:51 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "iigF9034000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\"status\":\"failed\",\"cause\":[{\"message\":\"Invalid passcode.\",\"code\":\"AUTH-1105\"}],\"TOTP\":{\"credentials\":[\"otpCode\"]},\"SMS\":{\"credentials\":[\"otpCode\"]},\"nextOp\":[\"credSubmit\",\"getBackupFactors\"],\"BYPASSCODE\":{\"credentials\":[\"bypassCode\"]},\"SECURITY_QUESTIONS\":{\"credentials\":[\"questionId\",\"answer\"],\"questions\":[{\"hint\":\"Meg Ryan Billy Crystal\",\"questionId\":\"FavoriteMovie\",\"text\":\"What's your favorite movie?\"}]},\"nextAuthFactors\":[\"TOTP\",\"SMS\",\"BYPASSCODE\",\"SECURITY_QUESTIONS\"],\"trustedDeviceSettings\":{\"trustDurationInDays\":15},\"requestState\":\"3Sx+M0ePVvnL0EXS6JBWUrx1N4qTlFW9eF/iCTKez60HmV3St14eXGMbPtevek2BDajt0mH/bv1N+KQS6Eji+4NnWBnsYa+1nEg2UUYJ07e4itRHUkVa9j4UPuiYZo+5no6PJi6XjyZ6s8/eV4tDWelTzOjsm01riOOPJadYNyEDIvDSXx/+BGF7n7++lwtGG2dVgfky16pBkOO+uUIvguQcn+q0I7P8RgjOr4ILPiZxEWcj+gNl7PY00+6q71nXHkugvJ+s+9cqJO93GvaACngAsRsUbC3L3tpPcxiXBg+zfLCmBUetFk5ucuAgGpJvxn5ywM8TBarxaSOWEPoG9K+vN7gkjvM+JJlLp0VEm8s2i/ZB/XztEQTOnuVVodr+23ZV53jOfSk1qDTP7K7KZqgPZxc2YXOMUfJ+rIiNDf41lKAfvviVz4/+5pF4Twu2OUZg438OR27mUZrGeOJpNgiYAN+iifKGA5o3PYS5XRxzd01+4YnzFWl2naEOIYHLwXxSJyt6FvKntifF+Dpj9ks3TWTDJgzfz3kmOLct7L6FYAi+T0heQCIT0yeHq8ZRUcq4gMqmjicVl0+pHLCPeSWFnCG645N+av14KaQ0UfWjP/WyYKM/9AYJi16ZMAzJ9m0ArkosKL1mYMozQ/36AfpEeQQR1NH9MBr3+P9TVcY9BroKYBbqolHr1ZQq8WLDE0zwZgL8QCW8qz5fPgzmi7ObDEmVjUAD46YrfJJdpsN4oH/cXuZFT1175DSQr5GSGziG9aYsp+c+BBBCkH1dD47OMkHhPwl2fSw7L65EpZkKk/1T4xF7bsrNEtbvJ4ydDYP84iNHU3EJ7B1Xe5u7jqz/xQm5zGh8Qsibu6Z3E0gxvx0HnH04NDZc+2gX8xFO2xL5YBfM5aZG/uakBrC03D8Ez4JEgxJowV1BeWVYaP+krE0ejxDESZDzH5697BQQvka6YP7t2af1HyWPcVJztH7Dcp5Qx9LaI0oOUabpOQe9ya9lK1A+NFKgK3rvuCrMRelyZQZjU7MGI1tS5rJnc/81LtYkQ9ogwGO3MunuORgQJ42qa/CkmAR8OnJQAcrodbvLik5aUEnrs6VdTLWLct5xR1HTtF//tS0Q5CWwxl+dytpil1cyrkblFYQ7R0vQDQ6yCEvnrwDnNsyjuDvEPmFeBzUqzKHtSwCol+ARcGm1WNUCBnzRThvqCcdh0OAyxfjSxFV0h1/zy52+OiaJLW42ypJWU/QdqQUoVnMv8b6lWZbA0oCvNS2SQ9TALHOajvpXOo5YPeS9Ujpjleof/+tCcmzOLv/EpVEexcQurWAaJ6Qa5Q3MIITuAJg0F+WNWvpIHoZsoIrb5Br7ukuEKIw94/Hc3nLsEWckisySxEN9ltNEvq454vpG4ivgC+XAM0/41EFF9W2eKcAWfmi15TRIzeSqcAAIpwXIaVZBo8W0CExpnxkl9Zvz6rCqHYl6C0bw68PMEsoEICF5ZYwA7qZuvgRNWbky7g0ysk5q4htliU4gxFTnm87wSiMBg5Gr152LlpcM5+0kDrL8R89FwMWCs9KASYHFIWb6WV3eQiR+h7u9Ti+/CTvWhIWT71TRtQj8GH2J/7G1HpYMAp/ti4vsOpp/dHAR9otaWE7XryRdFDstNWp6Al0gZDCsbkQdDrm5jIrNKkORjOjzeV7+9V0A/CKGSeS8eCXJU35yFYd2M7dWRdLsGbUpnVMW2Dmfr9SiNbUUrj30K9th4bPzuM0GLE17rHKdnEUptw8QFOE~5OfPdCrLp1bwG56aayIRUJTpXCkqKdDDQ9X+YpNycKM\"}" + } + ] + } + ], + "description": "These steps describe the authentication flow when the user wants to use a bypass code to authenticate. After the user submits their username/password, the user must provide a bypass code that they have previously generated or a bypass code that an administrator has generated for them. ", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Setting the Default Factor Method", + "item": [ + { + "name": "Step 1: Authentication Request with no Tokens/Session", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n- ecid (to keep track of the audit trail)\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with no Tokens/Session", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "731", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 04:11:39 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "N1hJZ1C3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"requestState\": \"xXrAKKXjIXSY.....Mkp5ET5WLnVW7A\",\n \"nextOp\": [\n \"credSubmit\",\n \"chooseIDP\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\",\n \"IDP\"\n ],\n \"status\": \"success\",\n \"IDP\": {\n \"configuredIDPs\": [\n {\n \"idpId\": \"aeacac5ce62f41749a4f0ea77b85aa43\",\n \"idpName\": \"Google\",\n \"idpType\": \"Social\"\n }\n ],\n \"credentials\": [\n \"idpId\",\n \"idpType\"\n ]\n }\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submisstion", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the user name and password and the requestState that was received in the previous response.\r\n\r\nIn the response received from this step: \r\nThe client is sent the details of the user's preferred factor method so that the appropriate credentials of the factor can be submitted. \r\n\r\nThe option to get the backup factors is also provided (See the Get Backup Factors folder)." + }, + "response": [ + { + "name": "Response to Step 2: User Name/Password Submission", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"USERNAME_PASSWORD\",\r\n \"credentials\":{ \r\n \"username\":\"username\",\r\n \"password\":\"password\"\r\n },\r\n \"requestState\":\"/vagjZQA7NHR.....RdRock7lYq0M\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "1880", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 04:11:56 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "N1hJZ1D3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Joe's iPhone\",\n \"nextAuthFactors\": [\n \"SMS\"\n ],\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\",\n \"resendCode\"\n ],\n \"requestState\": \"08ByI1+YOdZb.....mx8ygX/hLxD58\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 3: Get Backup Factors", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the \"op\":\"getBackupFactors\" and the requestState that was received in the previous response.\r\n\r\nIn the response received:\r\nThe client is sent all of the possible factors that the user can use, with the deviceIds required for all of the possible factors (including Bypass Code) and the questionIDs to use if the user wants to use Security Questions to authenticate." + }, + "response": [ + { + "name": "Response to Step 3: Get Backup Factors", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"getBackupFactors\",\r\n \"requestState\":\"9GTg3RqnhzSH.....Nzw7vOTOKOlw\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2828", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 04:12:14 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "N1hJZ1E3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"nextAuthFactors\": [\n \"TOTP\",\n \"SMS\",\n \"EMAIL\",\n \"BYPASSCODE\",\n \"SECURITY_QUESTIONS\"\n ],\n \"TOTP\": {\n \"credentials\": [\n \"otpCode\",\n \"preferred\",\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"6212c45ff1be400aa11f90d6dbcd8a4f\",\n \"displayName\": \"Joe's Phone-1\"\n }\n ]\n },\n \"SMS\": {\n \"credentials\": [\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"430dcf8c72244ad98e2db0e9e12f2f38\",\n \"displayName\": \"Joe's iPhone\",\n \"preferred\": true\n }\n ]\n },\n \"EMAIL\": {\n \"credentials\": [\n \"preferred\",\n \"deviceId\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"1b28303ed6bc4d68aea2499175c2b38e\",\n \"displayName\": \"joeXXXXXXXXX@example.com\"\n }\n ]\n },\n \"BYPASSCODE\": {\n \"credentials\": [\n \"bypassCode\"\n ]\n },\n \"SECURITY_QUESTIONS\": {\n \"credentials\": [\n \"questionId\",\n \"answer\",\n \"preferred\"\n ],\n \"questions\": [\n {\n \"hint\": \"Cinco\",\n \"questionId\": \"FavoriteFood\",\n \"text\": \"What's your favorite food?\"\n }\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"getBackupFactors\"\n ],\n \"requestState\": \"Mkirli+Cqzpw.....x/5wt6hovN+rw\",\n \"trustedDeviceSettings\": {\n \"trustDurationInDays\": 15\n }\n}" + } + ] + }, + { + "name": "Step 4: Setting Device as the Default Method", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"SECURITY_QUESTIONS\",\r\n \"credentials\": { \r\n \"questions\": [ \r\n { \r\n \"questionId\": \"DreamJob\",\r\n \"answer\": \"Novelist\"\r\n }\r\n ],\r\n \"preferred\":true\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step sends the appropriate factor credentials, the attribute \"preferred\":true, and the requestState that was received in the previous response.\r\n\r\nIn the response received:\r\nIf the credentials are accurate, the access token is provided and the factor set as the default." + }, + "response": [ + { + "name": "Response to Step 4: Setting Device as the Default Method", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"authFactor\":\"SECURITY_QUESTIONS\",\r\n \"credentials\": { \r\n \"questions\": [ \r\n { \r\n \"questionId\": \"FavoriteMovie\",\r\n \"answer\": \"When Harry Met Sally\",\r\n \"preferred\":true\r\n }\r\n ]\r\n },\r\n \"requestState\":\"RfkmYTWqfzL4.....ALmE/53efUL4\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Content-length", + "value": "2165", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Date", + "value": "Fri, 18 May 2018 04:17:03 GMT", + "name": "Date", + "description": "The date and time that the message was sent" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "name": "Expires", + "description": "Gives the date/time after which the response is considered stale" + }, + { + "key": "Pragma", + "value": "no-cache", + "name": "Pragma", + "description": "Implementation-specific headers that may have various effects anywhere along the request-response chain." + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Proxy-agent", + "description": "Custom header" + }, + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9", + "name": "Server", + "description": "A name for the server" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "name": "Via", + "description": "Informs the client of proxies through which the response was sent." + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "name": "X-content-type-options", + "description": "The only defined value, \"nosniff\", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type" + }, + { + "key": "X-oracle-dms-ecid", + "value": "h01ae1o3000000000", + "name": "X-oracle-dms-ecid", + "description": "Custom header" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "name": "X-oracle-dms-rid", + "description": "Custom header" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "name": "X-xss-protection", + "description": "Cross-site scripting (XSS) filter" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJraWQiOiJT.....fAGn3YE7m8Ew\",\n \"status\": \"success\"\n}" + } + ] + } + ], + "description": "These steps describe the authentication flow when the user wants to set a specific factor as the default factor. After the user submits their username/password, all available backup factors are requested, and then the factor to be set as the default is sent in the request with the appropriate factor credentials.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + } + ], + "description": "Test using the user's credentials, requestState, and Multi-Factor Authentication.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authentication Using User Name/Password + Terms Of Use", + "item": [ + { + "name": "Step 1 : Authentication Request with AppName", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "The user tries to access an application that is associated with TOU. Identity Cloud Service uses this to fetch the policy that is assigned to this application. Based on the tenant settings, the server gets the Identity Provider (IDP) and authentication policy that is associated with this app and then guides the user on the next step.\r\n\r\nFor the Next Step:\r\n\r\n- The client must pass the credentials, which are the username and password\r\n\r\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to initial /sso/v1/sdk/authenticate?appName=appname", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Wed, 12 Dec 2018 10:35:25 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "EYmpU0x1000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "1897" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"EYmpU0u1000000000\",\n \"nextOp\": [\n \"credSubmit\"\n ],\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"requestState\": \"urB5fxRNb197M+iBgjMxv93e9r/P+yO9661...........7uvSTyIHyhf/6fT9Q2FXmIX6plq~innaS6JOpHyoTP5EcOtfVSjFoASieodrxcjZwxUXhsY\"\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submission (No MFA)", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n\r\n \"requestState\":\"{{requestState}}\"\r\n\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "In this scenario, the user is prompted to verify username-password. The following must be included in the request:\r\n\r\n credentials: user name and password\r\n requestState: received in the Step 1 response\r\n op: tells the server what kind of operation the client wants\r\n\r\nThe server provides the TOU statement in the locale specified in the user's profile. The server also prompts the user to provide thier \"consent\" credential\" in the next request.\r\n\r\nIf the TOU is not present in the user's locale, then 401 response with the error message,,AUTH-3036 : Terms of Use Statement for locale fr is not added, is displayed." + }, + "response": [ + { + "name": "TOU Statement is displayed (No MFA)", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n\r\n \"requestState\":\"{{requestState}}\"\r\n\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Wed, 12 Dec 2018 10:39:50 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "EYmpU012000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "3598" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"EYmpU0u1000000000\",\n \"nextOp\": [\n \"acceptTOU\"\n ],\n \"TOU\": {\n \"statement\": \"This is a placeholder text. Customers must provide the actual Terms of Use.\",\n \"credentials\": [\n \"consent\"\n ],\n \"locale\": \"en\"\n },\n \"requestState\": \"fXRqe/p0EIT/kIDXhAXOQ85rvJVPD+STPXYzMpl..............LftNt+asPRBbYf3s3E3mHt5ltE\"\n}" + }, + { + "name": "Error Example: TOU statement for locale not found", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n\r\n \"requestState\":\"{{requestState}}\"\r\n\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Wed, 12 Dec 2018 13:20:46 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "dwIGV1V2000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "140" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"failed\",\n \"ecId\": \"Q0ApB1Y1000000000\",\n \"cause\": [\n {\n \"message\": \"Terms of Use Statement for locale fr is not added.\",\n \"code\": \"AUTH-3036\"\n }\n ]\n}" + }, + { + "name": "Error Example: User Name Password Authentication Failure", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n\r\n \"requestState\":\"{{requestState}}\"\r\n\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle-Traffic-Director/11.1.1.9" + }, + { + "key": "Date", + "value": "Wed, 12 Dec 2018 08:51:45 GMT" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "diB^K0t5000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "1780" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9" + }, + { + "key": "Proxy-agent", + "value": "Oracle-Traffic-Director/11.1.1.9" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"failed\",\n \"ecId\": \"c2Pev1X6000000000\",\n \"cause\": [\n {\n \"message\": \"The requestState provided is either invalid or expired. Please provide a valid requestState.\",\n \"code\": \"AUTH-1120\"\n }\n ],\n \"requestState\": \"vA9RkhmHxmxEPPM582mBQDtSdgP9ICfdr/R.....xnssVZbhcrU11rS1vOFqpKKIYTlPZ0owZAU44OQgc\"\n}" + } + ] + }, + { + "name": "Step 3: TOU Consent Request Payload Example", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n\r\n \"op\": \"acceptTOU\",\r\n\r\n \"credentials\": {\r\n\r\n \"consent\": true\r\n\r\n },\r\n\r\n \"requestState\": \"{{requestState}}\"\r\n\r\n}\r\n" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "In this use case scenario, the user accepts or rejects their consent. If user agrees to Terms of Use (TOU), then the user is redirected to the application page.\r\n\r\nThe following must be included in the request:\r\n\r\n- requestState: received in the Step 2 response\r\n- op: tells the server what kind of operation the client wants, in this case \"acceptTOU\" with \"consent\": true" + }, + "response": [ + { + "name": "Error Example: AuthN Token Issue Failed (Consent = False)", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n\r\n \"op\": \"acceptTOU\",\r\n\r\n \"credentials\": {\r\n\r\n \"consent\": false\r\n\r\n },\r\n\r\n \"requestState\": \"{{requestState}}\"\r\n\r\n}\r\n" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Wed, 12 Dec 2018 13:08:44 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "odoVd0B0000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "150" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"failed\",\n \"ecId\": \"Q0ApB1Y1000000000\",\n \"cause\": [\n {\n \"message\": \"You must accept the Terms of Use to access this application.\",\n \"code\": \"AUTH-3035\"\n }\n ]\n}" + }, + { + "name": "Authn Token Issued (Consent = True)", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n\r\n \"op\": \"acceptTOU\",\r\n\r\n \"credentials\": {\r\n\r\n \"consent\": true\r\n\r\n },\r\n\r\n \"requestState\": \"{{requestState}}\"\r\n\r\n}\r\n" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Wed, 12 Dec 2018 13:03:09 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "bmAx_060000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "4520" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJ4NXQjUzI1NiI6Iks0R0hvZVdo.......gxZ8E0jg6lGk1tLyskYcHxpCYnsfRJYZy1i1hZ4Pjrcfa5dKjzQDYUAvuEOrERXrQRnjybdOkA2Q\",\n \"status\": \"success\",\n \"ecId\": \"Q0ApB1Y1000000000\"\n}" + } + ] + } + ], + "description": "In this use case scenario assumes that the administrator has enabled Terms of Use in the Identity Cloud Service admin console. When the user tries to access an application after submitting their username and password, the user is prompted to provide their Terms of Use (TOU) consent. When the user accepts the consent, then the user is re-directed to that application page.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authentication Using User Name/Password + Enroll in Account Recovery With No MFA", + "item": [ + { + "name": "Enroll With SMS + Security Questions with No MFA", + "item": [ + { + "name": "Step 1: Authentication Request with AppName", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with AppName", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Tue, 08 Jan 2019 14:01:58 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "R^iCq16G000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "532" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"R^iCq16G000000000\",\n \"nextOp\": [\n \"credSubmit\"\n ],\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"requestState\": \"A4wd5efadWw5PD5LKgzKC+Sfds0W7XP/p9+8ISpqRmmHP8FAcUV77f/NQ1V4PjC...+7TSfR+22d2D3gGnN4VvGg0Y\"\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submission (No MFA)", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n\r\n \"requestState\":\"{{requestState}}\"\r\n\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "The following must be included in the request:\r\n\r\ncredentials: user name and password\r\nrequestState: received in the Step 1 response\r\nop: tells the server what kind of operation the client wants\r\n\r\nIn the response:\r\n\r\naccRecEnrollmentRequired:true indicates Account Recovery should be prompted for.\r\n\r\nnextAuthFactors contains the available Account Recovery Factors." + }, + "response": [ + { + "name": "Error Example: User Name Password Authentication Failure", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"username\":\"fbloggs\",\r\n \"password\":\"{{password}}\"\r\n },\r\n\r\n \"requestState\":\"{{requestState}}\"\r\n\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Tue, 08 Jan 2019 14:03:00 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "R^iCq17G000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "622" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"failed\",\n \"ecId\": \"R^iCq17G000000000\",\n \"cause\": [\n {\n \"message\": \"You entered an incorrect user name or password.\",\n \"code\": \"AUTH-3001\"\n }\n ],\n \"requestState\": \"A4wd5efadWw5PD5LKgzKC+Sfds0W7XP/p9+8ISpq...7q20a0gntpNzutBGDWw/PCPwS4~iIg0j4i5PZuAxxGXNJb+7TSfR+22d2D3gGnN4VvGg0Y\",\n \"nextOp\": [\n \"credSubmit\"\n ],\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n }\n}" + }, + { + "name": "Response to Step 2: Username/Password Submission (No MFA)", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n\r\n \"requestState\":\"{{requestState}}\"\r\n\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Tue, 08 Jan 2019 14:03:42 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "R^iCq18G000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "2676" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"R^iCq18G000000000\",\n \"accRecEnrollmentRequired\": true,\n \"nextAuthFactors\": [\n \"SMS\",\n \"SECURITY_QUESTIONS\",\n \"EMAIL\"\n ],\n \"SMS\": {\n \"credentials\": [\n \"phoneNumber\",\n \"countryCode\"\n ]\n },\n \"EMAIL\": {\n \"userAllowedToSetRecoveryEmail\": \"true\",\n \"primaryEmailVerified\": \"true\",\n \"primaryEmail\": \"clarence.saladna@example.com\",\n \"credentials\": [\n \"recoveryEmail\"\n ]\n },\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"IjhvZPILfadhlnih+4uTJ83CHfC94upzWCvqB2H2yJxWw....x4z8JvmL5C/0sJVp3P7GFD7hbpXx1/UZuD+NUnwE0~rapOikENVIKVGFy/HI3skY4zkA0SDELTO0mTRqC+nNU\"\n}" + } + ] + }, + { + "name": "Step 3: Initiate SMS Enrollment Request", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SMS\",\r\n \"credentials\":{ \r\n \"phoneNumber\":\"1122334455\",\r\n \"countryCode\":\"+44\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to enroll in the SMS factor for Account Recovery. You must include in this request the requestState that was received in the Step 2 response.\r\n\r\nThe request contains the phone number, including country code, that is to be registered for SMS.\r\n\r\nIn the response:\r\nThe nextOp value indicates that the client should submit the factor credentials (the OTP) in the next step." + }, + "response": [ + { + "name": "Response to Step 3: Initiate SMS Enrollment Request", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SMS\",\r\n \"credentials\":{ \r\n \"phoneNumber\":\"1122334455\",\r\n \"countryCode\":\"+44\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Tue, 08 Jan 2019 14:04:39 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "R^iCq19G000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "2486" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"R^iCq19G000000000\",\n \"displayName\": \"+44XXXXXXXX455\",\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"resendCode\",\n \"enrollment\"\n ],\n \"requestState\": \"Y4sMHf7izgxcspF6zr3BH6euTJ+eLLYfpfmEU5us7I6kzPV7hyqi9nBPoFgi3KjalG2IaCAJUjf2YQ2rVA62z5s/JdzKeAfQLPSdCY7FKxm74ved19obK93XztpX8TdR...JcJhONG1Qg~EaJB7iG9NxNu6SP1ih75o8HY3GXLjjudeRMM2ZNty4E\"\n}" + } + ] + }, + { + "name": "Step 3a: SMS Enrollment Request - Resend SMS", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"resendCode\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to have the OTP code resent (\"op\":\"resendCode\") and contains the requestState that was received in the Step 2 response.\r\n\r\nThe requestState in the response contains the following:\r\n\r\n- phoneNumber\r\n- deviceId\r\n- requestId\r\n- tenantName\r\n- appName\r\n- ecid" + }, + "response": [ + { + "name": "Response to Step 3a: SMS Enrollment Request - Resend SMS", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"resendCode\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Tue, 08 Jan 2019 14:05:26 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "R^iCq1AG000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "2481" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"R^iCq1AG000000000\",\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"resendCode\",\n \"enrollment\"\n ],\n \"requestState\": \"DNqofoRH7S+2/W27GK5TSLaYRElSfxmMRZHVmX1BT/JNHARbHH9CEWmwOPHCNtnlz7Z5EU5lufgW6FaesAvibO+FKbzgeQbqKNrCXqwvWRFrQA/Mck2yYAI+nH39TeWkBdGIuC+hQEq0dbkPOWbZnakO3ZIcVA6yde3TYErIzlN...z88Lq8vgtcrWrcfrQds\",\n \"nextAuthFactors\": [\n \"SMS\"\n ]\n}" + } + ] + }, + { + "name": "Step 4: Submit Factor Credentials for SMS Enrollment", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"974311\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the factor credentials and the requestState that was received in the Step 3 response.\r\n\r\nThe otpCode is the code received via SMS when enrollment was initiated.\r\n\r\n\"authFactor\": \"SMS\" is removed from request payload as this is present in requestState, along with deviceId and requestId.\r\n\r\nIn the response:\r\n\r\n\"nextOp\": \"createToken\" indicates that the client can request the token in the next request.\r\n\r\nThe user can also choose to continue to enroll in other factors. Should the user continue to enroll, an extra call should be made to get the details of all factors (Get Backup Factors) that a user can enroll in." + }, + "response": [ + { + "name": "Response to Step 4: Submit Factor Credentials for SMS Enrollment", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"303171\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Tue, 08 Jan 2019 14:06:32 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "R^iCq1BG000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "2702" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"R^iCq1BG000000000\",\n \"accRecEnrollmentRequired\": false,\n \"displayName\": \"+44XXXXXXXX455\",\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"BKbGp43pwZad3zMSePWu7R47Va6myZdNYO/7kDzVNC0fZpugJ20Pmxml1ORQrsJ5oH6w9TOxMoj7KtsioK+kWlGlqDyqpjRy00yCl4NNiGE55ejoh6uccM7keLtDAbxWlg5j3cAbFDTZxXZMfUxqCbiD4To+s3NHozbxkqPSPTHx0k0Qa1hacnTvilwLHb3PiqXMNQ05Ve...OeqDG52WFpFLhvRVFN2FFQKIoDto\"\n}" + } + ] + }, + { + "name": "Step 5: Request to View Other Factors for Enrollment", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\", \r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to view what other factors can be enrolled in. You must include in this request the requestState that was received in the previous response.\r\n\r\nThe values for the \"nextAuthFactors\" attribute in the response are the factors that the user can enroll in next.\r\n\r\nThe nextOp attribute includes the \"enrollment\" value, which also allows the user to switch to another factor during enrollment (see the Switch to Another Factor During Enrollment folder)." + }, + "response": [ + { + "name": "Response to Step 5: Request to View Other Factors for Enrollment", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\", \r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Tue, 08 Jan 2019 14:07:04 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "R^iCq1CG000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "2821" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"R^iCq1CG000000000\",\n \"requestState\": \"mZysqXz/dN3IUv6xnf2h2jYYuXgZFxkttF01LFf3tVWjGVJgWn+/BdXk2AYez3SRlj7ykM+OoWjBkYR4/ORgagsbQDIwYjSFdnCOdTUAJy5AqoTaGWNUYyhX6u9HS8sOqROI0nIj1ZqvL+VrLi5Q79S8Rjfd8aifEJc+n7F3zmSuntcDddyjEZZfBgAm54WqtAJAx5x7Q4YPL...tmNCNN8ykGyq3AS3lA9kTjk\",\n \"EMAIL\": {\n \"userAllowedToSetRecoveryEmail\": \"true\",\n \"primaryEmailVerified\": \"true\",\n \"primaryEmail\": \"clarence.saladna@example.com\",\n \"credentials\": [\n \"recoveryEmail\"\n ]\n },\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"nextAuthFactors\": [\n \"SECURITY_QUESTIONS\",\n \"EMAIL\"\n ]\n}" + } + ] + }, + { + "name": "Step 6: Initiate Security Questions Enrollment Request", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SECURITY_QUESTIONS\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to enroll in the Security Questions factor. You must include in this request the requestState that was received in the Step 5 response.\r\n\r\nIn the response:\r\n \r\nThe response includes all of the available questions that a user can answer. The \"numQuestionsToSetup\" value defines how many questions that the user must answer in the next step request.\r\n\r\nThe requestState in the response contains the following information:\r\n\r\n- creationTime\r\n- tenantName\r\n- appName\r\n- ecid" + }, + "response": [ + { + "name": "Response to Step 6: Initiate Security Questions Enrollment Request", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SECURITY_QUESTIONS\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Tue, 08 Jan 2019 14:07:49 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "R^iCq1DG000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "6050" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"R^iCq1DG000000000\",\n \"SECURITY_QUESTIONS\": {\n \"credentials\": [\n \"questionId\",\n \"answer\",\n \"hint\"\n ],\n \"secQuesSettings\": {\n \"numQuestionsToSetup\": \"3\",\n \"minAnswerLength\": \"6\",\n \"numQuestionsToAns\": \"1\",\n \"maxFieldLength\": \"100\"\n },\n \"questions\": [\n {\n \"questionId\": \"FavoriteBook\",\n \"text\": \"What's your favorite book?\"\n },\n {\n \"questionId\": \"FavoriteFood\",\n \"text\": \"What's your favorite food?\"\n },\n {\n \"questionId\": \"FavoriteToy\",\n \"text\": \"What's your favorite childhood toy?\"\n },\n {\n \"questionId\": \"FavoriteTeam\",\n \"text\": \"What's your favorite sports team?\"\n },\n {\n \"questionId\": \"FirstCar\",\n \"text\": \"What's the model of your first car?\"\n },\n {\n \"questionId\": \"FirstManager\",\n \"text\": \"What's the first name of your first manager?\"\n },\n {\n \"questionId\": \"DreamJob\",\n \"text\": \"What's your dream job?\"\n },\n {\n \"questionId\": \"FirstMovie\",\n \"text\": \"What's the first movie you saw?\"\n },\n {\n \"questionId\": \"FavoriteTeacher\",\n \"text\": \"What's your favorite teacher's name?\"\n },\n {\n \"questionId\": \"FavoriteMovie\",\n \"text\": \"What's your favorite movie?\"\n },\n {\n \"questionId\": \"MaidenName\",\n \"text\": \"What's your mother's maiden name?\"\n },\n {\n \"questionId\": \"FirstPet\",\n \"text\": \"What's your first pet's name?\"\n },\n {\n \"questionId\": \"ChildhoodHero\",\n \"text\": \"Who's your childhood hero?\"\n },\n {\n \"questionId\": \"FirstTimeOnPlane\",\n \"text\": \"Where'd you go the first time you flew?\"\n },\n {\n \"questionId\": \"FavoriteSportsPerson\",\n \"text\": \"Who's your favorite player?\"\n }\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"UXrbnvJmAIKhPx9dUY5vFZDopmg2OreAtcJvBBMKUkoec0Y4R/NYC5XUwOjfIS20wtVcsJclMXy+sW/Oh7XhZ5EBMm9mtqm6LxMIEfMV0SrgMjNGeflNv86W2KOjJOmGV99h5fNDcTN4f+IPz9FOQhOzBh0BgJE3Uggn75niPVEEPQ7ttnO4a732rvnoR/NzgZKJ......x9aG4IEKDauESEgrtSd2rSAmN7SaHb4inrxVFUdbeOAzsEkNydP6IIfvpyodIXvV7T2bTwMw5kH4veEHgYFUfSRu1oOSkjzusOtU/mUZuplT~7oljJfwej7pw38FyEF0Q77oyPDWVFdi1ebEgizUt46k\"\n}" + } + ] + }, + { + "name": "Step 7: Submit Factor Credentials for Security Questions Enrollment", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": " { \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"questions\":[ \r\n { \r\n \"questionId\":\"{{questionId1}}\",\r\n \"answer\":\"Mexican\",\r\n \"hint\":\"Cinco\"\r\n },\r\n { \r\n \"questionId\":\"{{questionId2}}\",\r\n \"answer\":\"dogTessy\",\r\n \"hint\":\"dog and name\"\r\n },\r\n { \r\n \"questionId\":\"{{questionId3}}\",\r\n \"answer\":\"When Harry Met Sally\",\r\n \"hint\":\"Meg Ryan and Billy Crystal\"\r\n }\r\n ]\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the factor credentials, which are the questionId and answers (and optionally a hint) to the security questions that the user wants to answer when prompted to authenticate. This step also includes the requestState that was received in the Step 6 response, and the Accept-Language Header.\r\n\r\nIn the response:\r\n\r\n\"nextOp\": \"createToken\" indicates that the client can request the token in the next request.\r\n\r\nThe user can also choose to continue to enroll in other factors. Should the user continue to enroll, an extra call should be made to get the details of all factors (Get Backup Factors) that a user can enroll in." + }, + "response": [ + { + "name": "Response to Step 7: Submit Factor Credentials for Security Questions Enrollment", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": " { \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"questions\":[ \r\n { \r\n \"questionId\":\"{{questionId1}}\",\r\n \"answer\":\"Mexican\",\r\n \"hint\":\"Cinco\"\r\n },\r\n { \r\n \"questionId\":\"{{questionId2}}\",\r\n \"answer\":\"dogTessy\",\r\n \"hint\":\"dog and name\"\r\n },\r\n { \r\n \"questionId\":\"{{questionId3}}\",\r\n \"answer\":\"When Harry Met Sally\",\r\n \"hint\":\"Meg Ryan and Billy Crystal\"\r\n }\r\n ]\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Tue, 08 Jan 2019 14:08:29 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "R^iCq1EG000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "2564" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"R^iCq1EG000000000\",\n \"accRecEnrollmentRequired\": false,\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"pIK0hbBK8NO0v3zqek+mFE3DCk0GKz2ZHQLuRv+M3pnCfM9/xv8ZkbRYxYPRZN5Czh5y+MeOKMNk9v4Pk5rX6rgVOSChRy9FpySLCks0AuYGNJUSThX6D2tbGXuk8eIhvIAD4thDKvVYZakrV2lvb3pBUSfyB9Itr5p4pAZozwTc5vt/ROaSQoGkXmElEPY7jLxV9c7fR7URJey0d1kzh4asAbpYCTfaV1yTN+qCk1ya5Xl/X24+G790QG43gtCU1wlI3nhNkcJC/0n9V....oZgvb7kadEb1yd+Rk8jTPi9vRW1QYp3oe38/JVDL/mvVkj60C~/LwXa5/7P0nDg2pK+TwNO1eAIoSB8UPo5tXf15t0ib8\"\n}" + } + ] + }, + { + "name": "Step 8: Create Token After Enrollment is Complete", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step replicates the \"Done\" functionality where the client says \"I am done with all authnFactors and need a session created\".\n\nThe server validates that no other factor evaluation (depending on what is defined for the policy) is needed and responds with the token or denies access." + }, + "response": [ + { + "name": "Response to Step 8: Create Token After Enrollment is Complete", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Tue, 08 Jan 2019 14:09:09 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "R^iCq1FG000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "2641" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJ4NXQjUzI1NiI6Iks0R0hvZVdoUmFhOTd6Um0xeDIzM0pwdlB3bm1GQVJGVlE1cE5QRD...arCzBNfUVvWVA\",\n \"status\": \"success\",\n \"ecId\": \"R^iCq1FG000000000\"\n}" + } + ] + } + ], + "description": "Test authentication, enroll in SMS and Security Questions for account recovery, using the user's credentials and the requestState.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + } + ], + "description": "Test authentication and account recovery enrollment using the user's credentials and the requestState.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "Authentication Using User Name/Password + Enroll In Account Recovery With MFA Enrollment", + "item": [ + { + "name": "SMS Enrollment for Account Recovery, and SMS and Online One-Time Passcode (TOTP) Enrollment for MFA ", + "item": [ + { + "name": "Step 1: Authentication Request with AppName", + "request": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + }, + "description": "This step obtains the initial requestState to then continue with the authentication flow. The appName is optional, but is used in this step for testing purposes.\n\nThe user submits their credentials in Step 2 as the first factor, which is the username/password.\n\nThe requestState in the response received contains the following information:\n\n- creationTime\n- tenantName\n- appName\n\nFor the Next Step:\n- The client must pass the credentials, which are the username and password\n- The client must pass the requestState that was received in the Step 1 response (this step)." + }, + "response": [ + { + "name": "Response to Step 1: Authentication Request with AppName", + "originalRequest": { + "method": "GET", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate?appName={{app_name}}", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ], + "query": [ + { + "key": "appName", + "value": "{{app_name}}" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Mon, 07 Jan 2019 10:44:55 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "HI^kd1M0000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "532" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"HI^kd1M0000000000\",\n \"nextOp\": [\n \"credSubmit\"\n ],\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n },\n \"requestState\": \"BgwRu6ASXCIDPiDbakhYsAgnLK77vA10QzFu9zK/YHmUNJfp4sldP/7VKySAvO11CBA9f9zSQlPoPtakSLcPRa9rKRv6w9/kEbDHEHkq+AN44hfbq989hbC9s9rhtpXoFx87RsTk8qvrx3dpNX+gWFnPD73LPnY5qytW....W/Im6jfEF/YH0bA5j5E\"\n}" + } + ] + }, + { + "name": "Step 2: Username/Password Submission", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n\r\n \"requestState\":\"{{requestState}}\"\r\n\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "The following must be included in the request:\r\n\r\ncredentials: user name and password\r\nrequestState: received in the Step 1 response\r\nop: tells the server what kind of operation the client wants\r\n\r\nIn the response:\r\n\r\naccRecEnrollmentRequired:true indicates Account Recovery should be prompted for.\r\n\r\nnextAuthFactors contains the available Account Recovery Factors." + }, + "response": [ + { + "name": "Error Example: User Name Password Authentication Failure", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"username\":\"fbloggs\",\r\n \"password\":\"{{password}}\"\r\n },\r\n\r\n \"requestState\":\"{{requestState}}\"\r\n\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Mon, 07 Jan 2019 10:45:01:27 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "AF6kD0F7000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "622" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"failed\",\n \"ecId\": \"HI^kd1M0000000000\",\n \"cause\": [\n {\n \"message\": \"You entered an incorrect user name or password.\",\n \"code\": \"AUTH-3001\"\n }\n ],\n \"requestState\": \"Xx9uVowGkubK4ajGZF9HL+05n8KxQUtajw9JOvMRsA7iJN1pQUUv6I88S/8Vv64J+xHHqmxJoMpa0g4HW1NXkSVsPx890oGuJa5Pj...hfIN4gb+tmRZxrGJyJw3QVpH4nwCPI~83qzRZ0YprsB/Aprjx5xJHyOMWWwG91bBWIjrmBkgQg\",\n \"nextOp\": [\n \"credSubmit\"\n ],\n \"nextAuthFactors\": [\n \"USERNAME_PASSWORD\"\n ],\n \"USERNAME_PASSWORD\": {\n \"credentials\": [\n \"username\",\n \"password\"\n ]\n }\n}" + }, + { + "name": "Response to Step 2: Username/Password Submission (No MFA)", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"username\":\"{{username}}\",\r\n \"password\":\"{{password}}\"\r\n },\r\n\r\n \"requestState\":\"{{requestState}}\"\r\n\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Mon, 07 Jan 2019 10:45:55 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "HI^kd1M0000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "2676" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"HI^kd1M0000000000\",\n \"accRecEnrollmentRequired\": true,\n \"nextAuthFactors\": [\n \"SMS\",\n \"SECURITY_QUESTIONS\",\n \"EMAIL\"\n ],\n \"SMS\": {\n \"credentials\": [\n \"phoneNumber\",\n \"countryCode\"\n ]\n },\n \"EMAIL\": {\n \"userAllowedToSetRecoveryEmail\": \"true\",\n \"primaryEmailVerified\": \"true\",\n \"primaryEmail\": \"clarence.saladna@example.com\",\n \"credentials\": [\n \"recoveryEmail\"\n ]\n },\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"wtyRQpBzFZnuGMQvLNRotKfRIlgliWNc8sxipU1m+DNzDnwdp6FluhNJ9zRVS8FeKgEP5FKlZUx/b7zftdqihvWQFe6oD3O3M9AZIHzPGEx5waH....41zjKQcvdzk2bmvWs\"\n}" + } + ] + }, + { + "name": "Step 3: Initiate SMS Enrollment Request", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SMS\",\r\n \"credentials\":{ \r\n \"phoneNumber\":\"1122334455\",\r\n \"countryCode\":\"+44\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to enroll in the SMS factor for Account Recovery. You must include in this request the requestState that was received in the Step 2 response.\r\n\r\nThe request contains the phone number, including country code, that is to be registered for SMS.\r\n\r\nIn the response:\r\nThe nextOp value indicates that the client should submit the factor credentials (the OTP) in the next step." + }, + "response": [ + { + "name": "Response to Step 3: Initiate SMS Enrollment Request", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"SMS\",\r\n \"credentials\":{ \r\n \"phoneNumber\":\"1122334455\",\r\n \"countryCode\":\"+44\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Mon, 07 Jan 2019 10:47:14 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "HI^kd1N0000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "2486" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"HI^kd1N0000000000\",\n \"displayName\": \"+44XXXXXXX455\",\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"resendCode\",\n \"enrollment\"\n ],\n \"requestState\": \"FnwYT23S0qo+RHXN3Sx80D3tRAAT+4PvF9iB7sgwxerpuq9GGvwjRwfTFmLyR8kQDWZ/qdtmvlng++Pow7WbVlDYBwXPtasMB9Yn3HB0tUQD13W1bKKpE5/k+qzo8h2bo8Ugsxy+/EqTnGcmunq2RXTztEpnD1kRFNG9....8CsoT3QezVbynT3LfZY3+sXN5E8OtEdM\"\n}" + } + ] + }, + { + "name": "Step 3a: SMS Enrollment Request - Resend SMS", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"resendCode\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to have the OTP code resent (\"op\":\"resendCode\") and contains the requestState that was received in the Step 2 response.\r\n\r\nThe requestState in the response contains the following:\r\n\r\n- phoneNumber\r\n- deviceId\r\n- requestId\r\n- tenantName\r\n- appName\r\n- ecid" + }, + "response": [ + { + "name": "Response to Step 3a: SMS Enrollment Request - Resend SMS", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"resendCode\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Mon, 07 Jan 2019 10:48:20 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "HI^kd1O0000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "2481" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"HI^kd1O0000000000\",\n \"SMS\": {\n \"credentials\": [\n \"otpCode\"\n ]\n },\n \"nextOp\": [\n \"credSubmit\",\n \"resendCode\",\n \"enrollment\"\n ],\n \"requestState\": \"lZzVVo/CZkvpVU6lsbDNp34LNKyfXB+MgEqQM4v3qOd8LwFfvW8AaT+6Nu6AYzpvraKEs13oVfRdK0ltbcQeQsz0ScL/2Z2dF2sY2q+4inJM2pjxYbJGzsFnhCAVuBlI....B/MzLBiSBISAdNM\",\n \"nextAuthFactors\": [\n \"SMS\"\n ]\n}" + } + ] + }, + { + "name": "Step 4: Submit Factor Credentials for SMS Enrollment", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"695785\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the factor credentials and the requestState that was received in the Step 3 response.\r\n\r\nThe otpCode is the code received via SMS when enrollment was initiated.\r\n\r\n\"authFactor\": \"SMS\" is removed from request payload as this is present in requestState, along with deviceId and requestId.\r\n\r\nIn the response:\r\n\r\n\"nextOp\": \"createToken\" indicates that the client can request the token in the next request.\r\n\r\nThe user can also choose to continue to enroll in other factors. Should the user continue to enroll, an extra call should be made to get the details of all factors (Get Backup Factors) that a user can enroll in." + }, + "response": [ + { + "name": "Response to Step 4: Submit Factor Credentials for SMS Enrollment", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"credSubmit\",\r\n \"credentials\":{ \r\n \"otpCode\":\"734761\"\r\n },\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Mon, 07 Jan 2019 10:49:27 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "HI^kd1P0000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "2702" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"HI^kd1P0000000000\",\n \"accRecEnrollmentRequired\": false,\n \"displayName\": \"+44XXXXXXX455\",\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"Z+ysro8gFyPPT5bI9C/RykLfRrq5rBXCOO68/wZcgkllw765qd7SNvhRN6ZHp0Xiw2FIN9nOeio7SpsEAlYxO2xQ/1fF5lAjo0jwJEzIgSRt8xj/vAQeSLhX+PRm2a1rRYHwSa9uFcUBkNA.....KP7CPh2/yrdZF4WpbI\"\n}" + } + ] + }, + { + "name": "Step 5: Create Token After Enrollment is Complete", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step replicates the \"Done\" functionality where the client says \"I am done with all authnFactors and need a session created\".\n\nThe server validates that no other factor evaluation (depending on what is defined for the policy) is needed and responds with the token or denies access." + }, + "response": [ + { + "name": "Reponse to Step 5: Create Token After Enrollment is Complete", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Mon, 07 Jan 2019 10:50:25 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "HI^kd1Q0000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "3110" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"HI^kd1Q0000000000\",\n \"nextAuthFactors\": [\n \"TOTP\",\n \"SECURITY_QUESTIONS\",\n \"SMS\",\n \"EMAIL\",\n \"PUSH\"\n ],\n \"EnrolledAccountRecoveryFactorsDetails\": {\n \"SMS\": {\n \"credentials\": [\n \"accountRecoveryFactor\"\n ],\n \"enrolledDevices\": [\n {\n \"deviceId\": \"3ed9b2ed366441fb91c9277abd694348\",\n \"displayName\": \"+44XXXXXXXX455\"\n }\n ]\n },\n \"EMAIL\": {\n \"credentials\": [\n \"accountRecoveryFactor\"\n ],\n \"enrolledDevices\": [\n {\n \"displayName\": \"clarence.saladna@example.com\"\n }\n ]\n },\n \"enrolledAccRecFactorsList\": [\n \"SMS\",\n \"EMAIL\"\n ]\n },\n \"nextOp\": [\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": true\n },\n \"requestState\": \"YN9sdSJiNtD5lOEKt33paDa9Ezs5ZZhZhF3C1BsDCuMdVVNqt1RmA3d3SppmnVOIP3uYrErQNYADHCIQLrXgmxpxReUzdcFDArlejaaph3qWctYvLQiIsBwixsHgTOfQiDkzyjN8JZiX/gqbkTEmHi1S3EtjYXuw7qCcwi...G8ZnyfTrcZtKEpaDDj7CtWF/+LIwAEQLvFaXvkOK4P4\"\n}" + } + ] + }, + { + "name": "Step 6: Set SMS as Overlap for MFA", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\": \"SMS\",\r\n \"credentials\":{ \r\n \"accountRecoveryFactor\" : true \r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "In this step SMS is enrolled for MFA. The accountRecoveryFactor is set to true since we are using the already enrolled Account Recovery factor for MFA." + }, + "response": [ + { + "name": "Response to Step 6: Set SMS as Overlap for MFA", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\": \"SMS\",\r\n \"credentials\":{ \r\n \"accountRecoveryFactor\" : true \r\n },\r\n \"requestState\": \"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Mon, 07 Jan 2019 10:51:22 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "HI^kd1R0000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "2766" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"HI^kd1R0000000000\",\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"7J6m/Z1PxXQZp4pigzt1F0CXp0kotXLzMrxS67TFYpKi5S1df4xdm81dyqNHMNNbP4qNSx/YhtZzqv27gwrODpHiLHlUVcBSeS8LH3n+HGe10FRewevUQPQ0oX7vg2L7bS.....oskOqPWwurw~pCVNJwC48r84EJ3zroOC84NpXkdWXP2knQa16MNj5E8\"\n}" + } + ] + }, + { + "name": "Step 7: Request to View Other Factors for Enrollment", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\", \r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step requests to view what other factors can be enrolled in for MFA . You must include in this request the requestState that was received in the previous response.\r\n\r\nThe values for the \"nextAuthFactors\" attribute in the response are the factors that the user can enroll in next.\r\n\r\nThe nextOp attribute includes the \"enrollment\" value, which also allows the user to switch to another factor during enrollment (see the Switch to Another Factor During Enrollment folder)." + }, + "response": [ + { + "name": "Response to Step 7: Request to View Other Factors for Enrollment", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\", \r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Mon, 07 Jan 2019 10:52:13 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "HI^kd1S0000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "2940" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"HI^kd1S0000000000\",\n \"requestState\": \"xRUzegOjL2UstsVh4o1TlySL936uo4d1l43F1IZlKgpE5GGqFQMusFQdG9/MyyVwZ5HryPv123gFMNUXjGIbCR00+k/f9uSioi9aNnkY89jpGc8/vVv8ZPtIqA1IXsLGuqLdEMNNfyEbR.....ToL/+bc6Bte2axsC54\",\n \"TOTP\": {\n \"credentials\": [\n \"offlineTotp\"\n ]\n },\n \"SMS\": {\n \"credentials\": [\n \"phoneNumber\",\n \"countryCode\"\n ]\n },\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"nextAuthFactors\": [\n \"PUSH\",\n \"TOTP\",\n \"SECURITY_QUESTIONS\",\n \"SMS\"\n ]\n}" + } + ] + }, + { + "name": "Step 8: Initiate Online TOTP Enrollment Request", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"TOTP\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step makes the request to enroll in an online TOTP for MFA. You must include in this request the requestState that was received in the Step 7 response. \r\n\r\nIn the Response:\r\n\r\nThe requestState in the response contains the following information:\r\n- deviceId\r\n- creationTime\r\n- tenantName\r\n- appName\r\n\r\nNote that the value for \"content\" always begins with \"oraclemobileauthenticator//\"\r\n\r\nTo get a QR Code to scan for testing purposes:\r\n\r\nYou must copy the value of the qrCode \"content\" value and use an online QR Code Generator (such as: https://www.the-qrcode-generator.com) to generate a QR Code to scan using the Oracle Mobile Authenticator App to get the otpCode to use in Step 9." + }, + "response": [ + { + "name": "Response to Step 8: Initiate Online TOTP Enrollment Request", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"enrollment\",\r\n \"authFactor\":\"TOTP\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Mon, 07 Jan 2019 10:53:08 GMT" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "HI^kd1T0000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + }, + { + "key": "Transfer-encoding", + "value": "chunked" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"HI^kd1T0000000000\",\n \"displayName\": \"Clarence's Phone\",\n \"PUSH\": {\n \"qrCode\": {\n \"content\": \"oraclemobileauthenticator://totp/csaladna?issuer=example&period=30&algorithm=SHA1&digits=6&RSA=SHA256withRSA&Deviceid=10d4d691c922435e9a7fe216f9443e98&RequestId=b7838ce7-1722-4c49-a4a1-53e6b55d43f1&LoginURL=https%3A%2F%2Fexample.identitycloud.com%3A8943%2Fsso%2Fv1%2F&OTP=eyJraWQiOiJTSUdOSU5HX0tFWSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJkZXZpY2VfaWQiOiIxMGQ0ZDY5MWM5MjI0MzVlOWE.....NWt7fVYm_3PnQLX3pn65NideYJYS06blMc3DMaZollOgAohBjgUezlbHnWJYg_QBa_babHdD2nscu_7dR8qu6508cbFY9IiZXcsYZ-UFuutL4yOwt3aBvPHnQdDbEFYi6yyfryYwysJMv1w&ServiceType=TOTP%2BPUSH&KeyPairLength=2048&SSE=Base32\",\n \"imageType\": \"image/png\",\n \"imageData\": \"iVBORw0KGgoAAAANSUhEUgAAASwAAAEsCAIAAAD2HxkiAAAOs0lEQVR42u3b227kWBJD0f7/n655HWBQRgQZ6kmlF58KZTtTl7MPKDL0zx8i+r/qH5eACIREICQiEBKBkIhASARCIgIhEQiJCIREICQiEBKBkIhASARCIgIhEQiJCIREICQiEBKBkIhASARCIgIhEQiJCIREICQiEBKBkIhASARCIgIhEQiJCIREICQiEBKBkIhASARCIgIhEQiJCIREICQiEBKBkIhASARCIgIhEQiTYxrrb7//v///3/8z+enk2P720+Y3/3YuP5/p/Kc/H8nPZzr53snn/3y/su/arhkQghCEIHwDhPPf2d7I+afN0f35W7LFtD2eDML5Z26vRoNE9vv9ugIhCEEIws+DsLEu/bdscd1COF/0W6ucmc/5lpR9zvzqbf92u2ZACEIQgvAbIdyGCplxyiKixkg31q7faLIIJzPPGVogBCEIQQjC5+1lj0S/BVxhmcHfbBONxZ3cZRCCEIQgVFHsg.....BCEIQQjCt0HYm8M+pN4W0/NSIYtqtkFOb++bsbgs+Lm6Dq8oJ0AIQhCCkIhASARCIhASEQiJQEhEICQCIRGBkAiERARCIhASEQiJQEhEICQCIRGBkAiERARCIhASEQiJQEhEICQCIRGBkAiERARCIhASEQiJQEhEICQCIRGBkAiERARCIhASEQiJQEhEICQCIRGBkAiERARCIhASEQiJQEhEICQCIRGBkOgN+g+w0lE2Hg5gAAAAAABJRU5ErkJggg==\"\n }\n },\n \"nextOp\": [\n \"credSubmit\",\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"G2lEqlbZDC+QEiIVvfBcImWcZBe+Z6QNrVarMnRwlqP+Sd8RlLFoS0itlCTI8XpfbpT50UhhnqISoaXxM+P1RaNxtjvHOBb7w/b5tDqzYH3ITC/+cU9pDN199J9prYFv5x2hYf9RFBtjPf8tgftzLxC7hxzdbjQhPdWOhXPrGAeSWt4TzssU6tI7vgbIe94Y5Fkp8D7Tx6EozLnuq3Q4D7PW8bCDs0pWDatG7CsdrAh0UvX5aG1aTIJk/75WiJb4SLpOovsbVNSvisaWtZd0mr.....A5HmObIAs\"\n}" + } + ] + }, + { + "name": "Step 9: Submit Factor Credentials", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": " { \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the requestState that was received in the Step 8 response. Note that the Request payload doesn't contain the authFactor attribute since the requestState contains it.\r\n\r\nNote: See Step 9a for the \"Pending\" response example. \r\n\r\nThe requestState in the response contains the following information:\r\n\r\n- requestId\r\n- deviceId\r\n- creationTime\r\n- tenantName\r\n- appName" + }, + "response": [ + { + "name": "Response to Step 9: Submit Factor Credentials", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": " { \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Mon, 07 Jan 2019 10:55:32 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "HI^kd1U0000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "3051" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"ecId\": \"HI^kd1U0000000000\",\n \"displayName\": \"Clarence's iPhone\",\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"LY/aZtJj05vkMayKunFGbgwMSon/50bi55LgZ9ur4AmXzPYfTv5gK+WIfp/hS0lDGuBMduU46Flo1HQxe3jXG2RoF314IIvCSITMJr7xXH6XRqabR3QK0uOxhMFnxi+Gvn4QMcghXXbpAGtE6y60aGuFuo7i....rx2zroXouH6t+jvumByK6w\"\n}" + } + ] + }, + { + "name": "Step 9a: Submit Factor Credentials - Pending", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": " { \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step submits the requestState that was received in the Step 8 response. Note that the Request payload doesn't contain the authFactor attribute since the requestState contains it.\r\n\r\nIf the credentials attribute is empty in the request, then the following are the optional responses from server:\r\n\r\n-\"status\"=\"pending\" (This status appears when the OMA app to server back-channel communication is not completed)\r\n\r\n-\"status\"=\"success\" (This status appears when the OMA app to server back-channel communication is completed and the optCode verification is successful).\r\n\r\nThe client keeps polling if the \"otpCode\" = null every 10 secs and continues to poll for two minutes. After two minutes, the server sends the failed status.\r\n\r\nThe requestState in the response contains the following information:\r\n\r\n- requestId\r\n- deviceId\r\n- creationTime\r\n- tenantName\r\n- appName" + }, + "response": [ + { + "name": "Success Response to Step 9a: Submit Factor Credentials", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": " { \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service", + "description": "", + "type": "text" + }, + { + "key": "Date", + "value": "Mon, 07 Jan 2019 10:56:32 GMT", + "description": "", + "type": "text" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "description": "", + "type": "text" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "description": "", + "type": "text" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "description": "", + "type": "text" + }, + { + "key": "X-oracle-dms-ecid", + "value": "HI^kd1U0000000000", + "description": "", + "type": "text" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "description": "", + "type": "text" + }, + { + "key": "Content-length", + "value": "2045", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Pragma", + "value": "no-cache", + "description": "", + "type": "text" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "description": "", + "type": "text" + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "description": "", + "type": "text" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "description": "", + "type": "text" + } + ], + "cookie": [], + "body": "{\n \"status\": \"success\",\n \"displayName\": \"Clarence's iPhone\",\n \"nextOp\": [\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"requestState\": \"nofIeqDqCO5S..........7tCGS0O0hwsJJ47IEcGqdXQ\"\n}" + }, + { + "name": "Pending Response to Step 9a: Submit Factor Credentials for Online TOTP Enrollment", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": " { \r\n \"op\":\"credSubmit\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service", + "name": "Cache-control", + "description": "Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds" + }, + { + "key": "Date", + "value": "Mon, 07 Jan 2019 10:55:32 GMT", + "name": "Content-length", + "description": "The length of the response body in octets (8-bit bytes)" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate", + "name": "Content-type", + "description": "The mime type of this content" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT", + "description": "", + "type": "text" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1", + "description": "", + "type": "text" + }, + { + "key": "X-oracle-dms-ecid", + "value": "HI^kd1U0000000000", + "description": "", + "type": "text" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8", + "description": "", + "type": "text" + }, + { + "key": "Content-length", + "value": "1982", + "description": "", + "type": "text" + }, + { + "key": "Pragma", + "value": "no-cache", + "description": "", + "type": "text" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block", + "description": "", + "type": "text" + }, + { + "key": "X-content-type-options", + "value": "nosniff", + "description": "", + "type": "text" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr", + "description": "", + "type": "text" + } + ], + "cookie": [], + "body": "{\n \"status\": \"pending\",\n \"cause\": [\n {\n \"code\": \"AUTH-1109\",\n \"message\": \"Enrollment in the One-Time Passcode authentication method is pending verification.\"\n }\n ],\n \"nextOp\": [\n \"credSubmit\",\n \"createToken\",\n \"createSession\",\n \"enrollment\"\n ],\n \"mfaSettings\": {\n \"enrollmentRequired\": false\n },\n \"requestState\": \"1bYZJeyi6bcp..........74RXYKmbdiZfVW8y7tNc\"\n}" + } + ] + }, + { + "name": "Step 10: Create Token After Enrollment is Complete", + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + }, + "description": "This step replicates the \"Done\" functionality where the client says \"I am done with all authnFactors and need a session created\".\n\nThe server validates that no other factor evaluation (depending on what is defined for the policy) is needed and responds with the token or denies access." + }, + "response": [ + { + "name": "Response to Step 10: Create Token After Enrollment is Complete", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer {{access_token}}" + } + ], + "body": { + "mode": "raw", + "raw": "{ \r\n \"op\":\"createToken\",\r\n \"requestState\":\"{{requestState}}\"\r\n}" + }, + "url": { + "raw": "{{HOST}}/sso/v1/sdk/authenticate", + "host": [ + "{{HOST}}" + ], + "path": [ + "sso", + "v1", + "sdk", + "authenticate" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Server", + "value": "Oracle Identity Cloud Service" + }, + { + "key": "Date", + "value": "Mon, 07 Jan 2019 10:57:21 GMT" + }, + { + "key": "Cache-control", + "value": "no-cache, no-store, must-revalidate" + }, + { + "key": "Expires", + "value": "Sat, 01 Jan 2000 00:00:00 GMT" + }, + { + "key": "X-oracle-dms-rid", + "value": "0:1:1" + }, + { + "key": "X-oracle-dms-ecid", + "value": "HI^kd1W0000000000" + }, + { + "key": "Content-type", + "value": "application/json;charset=utf-8" + }, + { + "key": "Content-length", + "value": "2750" + }, + { + "key": "Pragma", + "value": "no-cache" + }, + { + "key": "X-xss-protection", + "value": "1; mode=block" + }, + { + "key": "X-content-type-options", + "value": "nosniff" + }, + { + "key": "Via", + "value": "1.1 net-idcs-config, 1.1 net-idcs-dev-lbr" + } + ], + "cookie": [], + "body": "{\n \"authnToken\": \"eyJ4NXQjUzI1NiI6Iks0R0hvZVdoUmFhOTd6Um0xeDIzM0pwdlB3bm1GQVJGVlE1cE5QRDhsTEUiLCJ4NXQiOiJUYkdPcWVUWnJpeXZNZGplTC01MjAtaGVfRUUiLCJraWQiOiJTSUdOSU5HX0tFWSIsImFsZyI6IlJTMjU2In0.eyJ1c2VyX3R6IjoiQW1lcmljYVwvQ2hpY2FnbyIsInN1YiI6InJ...ZMhfYXMvbFIvs-WQFMBw\",\n \"status\": \"success\",\n \"ecId\": \"HI^kd1W0000000000\"\n}" + } + ] + } + ], + "description": "Test authentication, SMS enrollment for account recovery, and SMS and Online One-Time Passcode (TOTP) for Multi-Factor Authentication enrollment using the user's credentials and the requestState.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + } + ], + "description": "Test authentication, account recovery and Multi-Factor Authentication enrollment using the user's credentials and the requestState.", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + } + ], + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ], + "variable": [ + { + "key": "requestState", + "value": "", + "type": "string" + }, + { + "key": "app_name", + "value": "", + "type": "string" + }, + { + "key": "questionId1", + "value": "", + "type": "string" + }, + { + "key": "questionId2", + "value": "", + "type": "string" + }, + { + "key": "questionId3", + "value": "", + "type": "string" + }, + { + "key": "deviceId", + "value": "", + "type": "string" + }, + { + "key": "username", + "value": "", + "type": "string" + }, + { + "key": "password", + "value": "", + "type": "string" + } + ] +} \ No newline at end of file