From 5a292ccb7dc22d957f9fee8fad5b7aa8d2fba56e Mon Sep 17 00:00:00 2001 From: Luke Winship Date: Wed, 20 Sep 2023 12:07:37 +0100 Subject: [PATCH] docs: Document clearly the available Authentication Strategies (#578) --------- Co-authored-by: Nick Evans <2616208+nickevansuk@users.noreply.github.com> --- README.md | 147 +++++++++++++++++- .../openactive-broker-microservice/README.md | 81 ---------- .../openactive-integration-tests/README.md | 93 ----------- .../test/features/README.md | 4 +- .../booking-partner-authentication/README.md | 4 +- .../feature.json | 2 +- .../client-credentials-flow-test.js | 4 +- .../dynamic-client-registration/README.md | 5 +- .../dynamic-client-registration/feature.json | 4 +- .../client-credentials-flow-test.js | 4 +- 10 files changed, 156 insertions(+), 192 deletions(-) diff --git a/README.md b/README.md index 2db23553cb..6fcc05da23 100644 --- a/README.md +++ b/README.md @@ -4,14 +4,16 @@ To join the conversation, we're on the [OpenActive Slack](https://slack.openacti The general aim of this project is to allow end to end testing of the various flows and failure states of the Open Booking API. -Running `npm start` in the root will run the OpenActive Test Suite, which is actually comprised of three packages: -* [OpenID Test Client](./packages/openactive-openid-test-client): this connects to the target Open Booking API's OpenID Provider. This allows the Broker and Integration tests to authorize with the implementation -* [Broker Microservice](./packages/openactive-broker-microservice/): this sits in between the test suite and the target Open Booking API implementation. This allows the integration tests to watch for changes to the various RPDE feeds. +Running `npm start` in the root will run the OpenActive Test Suite, which is actually comprised of these packages: + * [Integration Tests](./packages/openactive-integration-tests): this performs automated tests against the API. +* [Broker Microservice](./packages/openactive-broker-microservice/): this sits in between the test suite and the target Open Booking API implementation. This allows the integration tests to watch for changes to the various RPDE feeds. +* [OpenID Test Client](./packages/openactive-openid-test-client): this connects to the target Open Booking API's OpenID Provider. This allows the Broker and Integration tests to authorize with the implementation +* [Test Interface Criteria](./packages/test-interface-criteria/): this allows test suite to tailor specific opportunities to specific tests by implementing the [OpenActive Test Interface](https://openactive.io/test-interface/) Criteria. # Usage -Running `npm start` will orchestrate running the [OpenID Test Client](./packages/openactive-openid-test-client/), [Broker Microservice](./packages/openactive-broker-microservice/) and the [Integration Tests](./packages/openactive-integration-tests/) in order to test your Open Booking API implementation. +Running `npm start` will orchestrate running the [Broker Microservice](./packages/openactive-broker-microservice/) and the [Integration Tests](./packages/openactive-integration-tests/) in order to test your Open Booking API implementation. Note that the implementation under test will need to implement the [OpenActive Test Interface](https://openactive.io/test-interface/) to run in controlled mode, and for selected tests. @@ -42,6 +44,121 @@ For more information about this use of `NODE_ENV` see this [documentation](https By convention, much of the documentation assumes you to have created a `config/dev.json` file, which Test Suite will use when env var `NODE_ENV=dev`. But you can use any name you like, and have multiple configuration files for different environments. +### Configuration for `sellers` within `./config/{NODE_ENV}` + +The `primary` Seller is used for all tests, and random opportunities used when `"useRandomOpportunities": true` are selected from this Seller. The `secondary` Seller is used only for [multiple-sellers](./test/features/core/multiple-sellers/README.md) tests. + +An example, using OpenID Connect Authentication: + +```json + "sellers": { + "primary": { + "@type": "Organization", + "@id": "https://reference-implementation.openactive.io/api/identifiers/sellers/0", + "authentication": { + "loginCredentials": { + "username": "test1", + "password": "test1" + } + }, + "taxMode": "https://openactive.io/TaxGross", + "paymentReconciliationDetails": { + "name": "AcmeBroker Points", + "accountId": "SN1593", + "paymentProviderId": "STRIPE" + } + }, + "secondary": { + "@type": "Person", + "@id": "https://reference-implementation.openactive.io/api/identifiers/sellers/1", + "authentication": { + "loginCredentials": { + "username": "test2", + "password": "test2" + } + }, + "taxMode": "https://openactive.io/TaxNet" + } + } +``` + +Description of each field: + +* `authentication`: Check out the [**Configuration for Seller Authentication**](#configuration-for-seller-authentication) section. +* `taxMode`: Which [Tax Mode](https://openactive.io/open-booking-api/EditorsDraft/1.0CR3/#tax-mode) is used for this Seller. + + **Note: If testing both Tax Modes, make sure that there is at least one Seller with each**. Alternatively, if not supporting multiple Sellers, you can run the Test Suite once with `"taxMode": "https://openactive.io/TaxNet"` and once with `"taxMode": "https://openactive.io/TaxGross"`. However, it is not currently possible to generate a certificate that covers both configurations unless multiple Sellers are supported. +* `paymentReconciliationDetails`: If testing [Payment Reconciliation Detail Validation](https://openactive.io/open-booking-api/EditorsDraft/1.0CR3/#payment-reconciliation-detail-validation), include the required payment reconciliation details here. + +### Configuration for Seller Authentication + +In order to make bookings for a specific Seller's Opportunity data, some kind of authentication is required to ensure that the caller is authorized to make bookings for that Seller. + +Test Suite allows for a few different options for Seller Authentication. This determines the data to put in the `authentication` field for each Seller: + +#### OpenID Connect + +[View Spec](https://openactive.io/open-booking-api/EditorsDraft/#openid-connect-booking-partner-authentication-for-multiple-seller-systems) + +You'll need the username/password that the Seller can use to log in to your OpenID Connect Provider. + +Example: + +```json + "sellers": { + "primary": { + // ... + "authentication": { + "loginCredentials": { + "username": "test1", + "password": "test1" + } + } + }, +``` + +#### Request Headers + +Just a set of request HTTP headers which will be used to make booking requests. There are no restrictions on the `requestHeaders` that can be specified. + +Example: + +```json + "sellers": { + "primary": { + // ... + "authentication": { + "loginCredentials": null, + "requestHeaders": { + "X-OpenActive-Test-Client-Id": "booking-partner-1", + "X-OpenActive-Test-Seller-Id": "https://localhost:5001/api/identifiers/sellers/1" + } + } + }, +``` + +#### Client Credentials + +[OAuth Client Credentials](https://oauth.net/2/grant-types/client-credentials/) are used to make booking requests. + +Example: + +```json + "sellers": { + "primary": { + // ... + "authentication": { + "loginCredentials": null, + "clientCredentials": { + "clientId": "clientid_XXX", + "clientSecret": "example" + } + } + }, +``` + +This is different from the behaviour in the Client Credentials sub-section mentioned within the [OpenID Connect Booking Partner Authentication for Multiple Seller Systems](https://openactive.io/open-booking-api/EditorsDraft/#openid-connect-booking-partner-authentication-for-multiple-seller-systems) section in the spec as, in this case, Client Credentials are used to make booking requests for this Seller, rather than just to view the Booking Partner's Orders Feed. + ## Installation Node.js version 14 or above is required. @@ -52,7 +169,7 @@ npm install This will install the dependencies needed for all packages in the test suite. -For developers that are customising the installation, for use in e.g. Docker, the directory `./packages/test-interface-criteria` is a dependency, and so must be present during `npm install`. +For developers that are customising the installation, for use in e.g. Docker, the directories `./packages/test-interface-criteria` and `./packages/openactive-openid-test-client` are dependencies, and so must be present during `npm install`. ## Running @@ -143,3 +260,23 @@ In order to run the tests in random mode, the target Open Booking API implementa # Contributing - [Contributing to the project](./CONTRIBUTING.md) + +# Concepts + +## Booking Partner Authentication Strategy + +The method by which a [Booking Partner](https://openactive.io/open-booking-api/EditorsDraft/#dfn-booking-partner) authenticates with the Open Booking API implementation. There are a number of supported strategies, including OpenID Connect, HTTP Header, etc. + +Your impementation will need to support at least one Authentication Strategy for each of [**Orders Feed Authentication**](#orders-feed-authentication) and [**Booking Authentication**](#booking-authentication). + +### Orders Feed Authentication + +How a Booking Partner accesses the [Orders Feed](https://openactive.io/open-booking-api/EditorsDraft/#dfn-orders-feed) containing updates to Orders that they have created. + +For Test Suite, the selected Orders Feed Authentication Strategy is configured with the [`broker.bookingPartners` configuration property](./packages/openactive-broker-microservice/README.md#bookingpartners) and documentation on the supported strategies can be found there. + +### Booking Authentication + +How a Booking Partner accesses the booking endpoints (C1, C2, B, etc) for a specific Seller's data. This differs from [Orders Feed Authentication](#orders-feed-authentication) as it can be specified at the per-Seller level for Multiple Seller Systems (relevant feature: [`multiple-sellers`](packages/openactive-integration-tests/test/features/core/multiple-sellers/)). + +For Test Suite, the selected Booking Authentication Strategy is configured with the [`sellers` configuration property](#configuration-for-seller-authentication) and documentation on the supported strategies can be found there. diff --git a/packages/openactive-broker-microservice/README.md b/packages/openactive-broker-microservice/README.md index 2b8372ee0f..e53bd32013 100644 --- a/packages/openactive-broker-microservice/README.md +++ b/packages/openactive-broker-microservice/README.md @@ -235,87 +235,6 @@ Use this authentication strategy when using [Client Credentials Flow](https://op "initialAccessToken": "openactive_test_suite_client_12345xaq" ``` -### `sellers` -Config for [Sellers](https://openactive.io/open-booking-api/EditorsDraft/1.0CR3/#dfn-seller) whose opportunities are booked are booked through the Booking System when Test Suite is run. - -#### Multi-Seller systems -In multi-seller systems, Broker can book opportunities from two Sellers, named `primary` and `secondary`. - -```json - "sellers": { - "primary": { - "@type": "Organization", - "@id": "https://reference-implementation.openactive.io/api/identifiers/sellers/1", - "authentication": { - "loginCredentials": { - "username": "test1", - "password": "test1" - } - }, - "taxMode": "https://openactive.io/TaxGross", - "paymentReconciliationDetails": { - "name": "AcmeBroker Points", - "accountId": "SN1593", - "paymentProviderId": "STRIPE" - } - }, - "secondary": { - "@type": "Organization", - "@id": "https://reference-implementation.openactive.io/api/identifiers/sellers/2", - "authentication": { - "loginCredentials": { - "username": "test2", - "password": "test2" - } - }, - "taxMode": "https://openactive.io/TaxNet" - } - } -``` - -The `authentication` field can contain various authentication strategies: [Auth Code Flow](https://openactive.io/open-booking-api/EditorsDraft/1.0CR3/#dfn-authorization-code-flow), Bearer credentials, or API headers. Auth Code Flow is [recommended](https://openactive.io/open-booking-api/EditorsDraft/1.0CR3/#openid-connect-booking-partner-authentication-for-multiple-seller-systems) for Multi-Seller systems. -Examples of how to define Auth Code flow credentials for Multi-Seller systems are shown above. - -#### Single-seller systems -For single-seller systems, Broker can book opportunities from the only seller. - -```json -"sellers": { - "primary": { - "@type": "Organization", - "@id": "https://localhost:5001/api/identifiers/seller", - "authentication": { - "loginCredentials": null, - "requestHeaders": { - "X-OpenActive-Test-Client-Id": "booking-partner-1", - "X-OpenActive-Test-Seller-Id": "https://localhost:5001/api/identifiers/seller" - } - } - }, - "secondary": null - } -``` - -The `authentication` field can contain various authentication strategies: [Client Credentials](https://openactive.io/open-booking-api/EditorsDraft/1.0CR3/#dfn-client-credentials-flow), Bearer credentials, or API headers. - -Clients credentials can be defined as follows: -```json -"sellers": { - "primary": { - "@type": "Organization", - "@id": "https://localhost:5001/api/identifiers/seller", - "authentication": { - "loginCredentials": null, - "clientCredentials": { - "clientId": "clientid_XXX", - "clientSecret": "example" - } - } - }, - "secondary": null - } -``` - ## Broker Microservice API Broker Microservice exposes an API which is used by [Integration Tests](../openactive-integration-tests/) and can be used by users to debug potential issues with the [Booking System](#booking-system-under-test). diff --git a/packages/openactive-integration-tests/README.md b/packages/openactive-integration-tests/README.md index eed53e419c..d338e1a86d 100644 --- a/packages/openactive-integration-tests/README.md +++ b/packages/openactive-integration-tests/README.md @@ -122,99 +122,6 @@ The value can be any string, such as `uat-ci`, or `alex-dev`. Test results are written to `*.md` within the directory specified by `outputPath` in Markdown format. -## Configuration for `sellers` within `./config/{NODE_ENV}.json` - -The `primary` Seller is used for all tests, and random opportunities used when `"useRandomOpportunities": true` are selected from this Seller. The `secondary` Seller is used only for [multiple-sellers](./test/features/core/multiple-sellers/README.md) tests. - -An example, using OpenID Connect Authentication: - -```json - "sellers": { - "primary": { - "@type": "Organization", - "@id": "https://reference-implementation.openactive.io/api/identifiers/sellers/0", - "authentication": { - "loginCredentials": { - "username": "test1", - "password": "test1" - } - }, - "taxMode": "https://openactive.io/TaxGross", - "paymentReconciliationDetails": { - "name": "AcmeBroker Points", - "accountId": "SN1593", - "paymentProviderId": "STRIPE" - } - }, - "secondary": { - "@type": "Person", - "@id": "https://reference-implementation.openactive.io/api/identifiers/sellers/1", - "authentication": { - "loginCredentials": { - "username": "test2", - "password": "test2" - } - }, - "taxMode": "https://openactive.io/TaxNet" - } - } -``` - -Description of each field: - -* `authentication`: Check out the **Configuration for Seller Authentication** section. -* `taxMode`: Which [Tax Mode](https://openactive.io/open-booking-api/EditorsDraft/1.0CR3/#tax-mode) is used for this Seller. - - **Note: If testing both Tax Modes, make sure that there is at least one Seller with each**. Alternatively, if not supporting multiple Sellers, you can run the Test Suite once with `"taxMode": "https://openactive.io/TaxNet"` and once with `"taxMode": "https://openactive.io/TaxGross"`. -* `paymentReconciliationDetails`: If testing [Payment Reconciliation Detail Validation](https://openactive.io/open-booking-api/EditorsDraft/1.0CR3/#payment-reconciliation-detail-validation), include the required payment reconciliation details here. - -### Configuration for Seller Authentication - -In order to make bookings for a specific Seller's Opportunity data, some kind of authentication is required to ensure that the caller is authorized to make bookings for that Seller. - -Test Suite allows for a few different options for Seller Authentication. This determines the data to put in the `authentication` field for each Seller: - -**OpenID Connect** - -[View Spec](https://openactive.io/open-booking-api/EditorsDraft/1.0CR3/#openid-connect-booking-partner-authentication-for-multiple-seller-systems) - -You'll need the username/password that the Seller can use to log in to your OpenID Connect Provider. - -Example: - -```json - "sellers": { - "primary": { - // ... - "authentication": { - "loginCredentials": { - "username": "test1", - "password": "test1" - } - } - }, -``` - -**Request Headers** - -Just a set of request HTTP headers which will be used to make booking requests. - -Example: - -```json - "sellers": { - "primary": { - // ... - "authentication": { - "loginCredentials": null, - "requestHeaders": { - "X-OpenActive-Test-Client-Id": "booking-partner-1", - "X-OpenActive-Test-Seller-Id": "https://localhost:5001/api/identifiers/sellers/1" - } - } - }, -``` - ## Reading test results To read the markdown files that are written to the directory specified by `outputPath`, the [Markdown Viewer Chrome Extension](https://chrome.google.com/webstore/detail/markdown-viewer/ckkdlimhmcjmikdlpkmbgfkaikojcbjk) is recommended, with the following settings: diff --git a/packages/openactive-integration-tests/test/features/README.md b/packages/openactive-integration-tests/test/features/README.md index 0f17792a14..113f0dd3e6 100644 --- a/packages/openactive-integration-tests/test/features/README.md +++ b/packages/openactive-integration-tests/test/features/README.md @@ -26,8 +26,8 @@ The tests for these features cover all known edge cases, including both happy an | access | accessPass update notifications ([access-pass-update-notifications](./access/access-pass-update-notifications/README.md)) | Optional
[View Spec](https://www.openactive.io/open-booking-api/EditorsDraft/#other-notifications) | Updating accessPass after an opportunity is booked | [TestOpportunityOfflineBookable](https://openactive.io/test-interface#TestOpportunityOfflineBookable) x3, [TestOpportunityBookable](https://openactive.io/test-interface#TestOpportunityBookable) x1 | | approval | Minimal Proposal Implementation - Book an opportunity using an OrderProposal ([minimal-proposal](./approval/minimal-proposal/README.md)) | Optional
[View Spec](https://openactive.io/open-booking-api/EditorsDraft/#minimal-proposal-implementation) | Test Minimal Proposal Implementation approval flows. OrderProposal Amendments are not included here. | [TestOpportunityBookable](https://openactive.io/test-interface#TestOpportunityBookable) x16 | | approval | Proposal Amendment - Amend an opportunity using an OrderProposal ([proposal-amendment](./approval/proposal-amendment/README.md)) | Optional
[View Spec](https://openactive.io/open-booking-api/EditorsDraft/#proposal-amendment) | Test approval flows with Proposal Amendment. | [TestOpportunityBookableWithNegotiation](https://openactive.io/test-interface#TestOpportunityBookableWithNegotiation) x3, [TestOpportunityBookable](https://openactive.io/test-interface#TestOpportunityBookable) x1 | -| authentication | Booking Partner Authentication for Multiple Seller Systems ([booking-partner-authentication](./authentication/booking-partner-authentication/README.md)) | Optional
[View Spec](https://www.openactive.io/open-booking-api/EditorsDraft/#openid-connect-booking-partner-authentication-for-multiple-seller-systems) | OAuth based authentication for Sellers | | -| authentication | Dynamic Client Registration for Multiple Seller Systems ([dynamic-client-registration](./authentication/dynamic-client-registration/README.md)) | Optional
[View Spec](https://www.openactive.io/open-booking-api/EditorsDraft/#openid-connect-booking-partner-authentication-for-multiple-seller-systems) | For multi-database booking systems where the customer manages Open Booking API client credentials. | | +| authentication | Booking Partner Authentication for Multiple Seller Systems ([booking-partner-authentication](./authentication/booking-partner-authentication/README.md)) | Optional
[View Spec](https://www.openactive.io/open-booking-api/EditorsDraft/#openid-connect-booking-partner-authentication-for-multiple-seller-systems) | OpenID Connect based Booking Partner authentication. | | +| authentication | Dynamic Client Registration for Multiple Seller Systems ([dynamic-client-registration](./authentication/dynamic-client-registration/README.md)) | Optional
[View Spec](https://www.openactive.io/open-booking-api/EditorsDraft/#openid-connect-booking-partner-authentication-for-multiple-seller-systems) | Implements OpenID Connect Dynamic Client Registration. For multi-database booking systems where the customer manages Open Booking API client credentials. | | | broker-role | NoBroker mode ([no-broker](./broker-role/no-broker/README.md)) | Optional
[View Spec](https://www.openactive.io/open-booking-api/EditorsDraft/#nobroker) | Support for NoBroker mode, for example for operators to use the Open Booking API to power their own websites | [TestOpportunityBookable](https://openactive.io/test-interface#TestOpportunityBookable) x12 | | broker-role | ResellerBroker mode ([reseller-broker](./broker-role/reseller-broker/README.md)) | Optional
[View Spec](https://www.openactive.io/open-booking-api/EditorsDraft/#resellerbroker) | Support for ResellerBroker mode | [TestOpportunityBookable](https://openactive.io/test-interface#TestOpportunityBookable) x12 | | cancellation | latestCancellationBeforeStartDate cancellation window ([cancellation-window](./cancellation/cancellation-window/README.md)) | Optional
[View Spec](https://www.openactive.io/open-booking-api/EditorsDraft/#customer-requested-cancellation) | A defined window before the event occurs where it can be cancelled without fees | [TestOpportunityBookableCancellableOutsideWindow](https://openactive.io/test-interface#TestOpportunityBookableCancellableOutsideWindow) x3, [TestOpportunityBookable](https://openactive.io/test-interface#TestOpportunityBookable) x2, [TestOpportunityBookableCancellableWithinWindow](https://openactive.io/test-interface#TestOpportunityBookableCancellableWithinWindow) x3 | diff --git a/packages/openactive-integration-tests/test/features/authentication/booking-partner-authentication/README.md b/packages/openactive-integration-tests/test/features/authentication/booking-partner-authentication/README.md index a160048015..ff5aa085b1 100644 --- a/packages/openactive-integration-tests/test/features/authentication/booking-partner-authentication/README.md +++ b/packages/openactive-integration-tests/test/features/authentication/booking-partner-authentication/README.md @@ -1,7 +1,7 @@ [< Return to Overview](../../README.md) # Booking Partner Authentication for Multiple Seller Systems (booking-partner-authentication) -OAuth based authentication for Sellers +OpenID Connect based Booking Partner authentication. https://www.openactive.io/open-booking-api/EditorsDraft/#openid-connect-booking-partner-authentication-for-multiple-seller-systems @@ -35,6 +35,6 @@ Update `default.json` within `packages/openactive-integration-tests/config/` as | [authentication-authority-present](./implemented/authentication-authority-present-test.js) | authenticationAuthority present in dataset site | The authenticationAuthority must be specified within the dataset site to facilitate Open ID Connect authentication | | | [authorization-code-flow](./implemented/authorization-code-flow-test.js) | Authorization Code Flow | The Authorization Code Flow allows Sellers to authenticate with Booking Partners | | | [authorization-persisted](./implemented/authorization-persisted-test.js) | Authorization persists when not requesting offline access | When authorisation is requested without offline access and a user has already given permission, consent must not be required. | | -| [client-credentials-flow](./implemented/client-credentials-flow-test.js) | Client Credentials Flow and Access Orders Feed | ... | | +| [client-credentials-flow](./implemented/client-credentials-flow-test.js) | Client Credentials Flow | Client Credentials Flow allows Booking Partners to access the Orders Feed | | diff --git a/packages/openactive-integration-tests/test/features/authentication/booking-partner-authentication/feature.json b/packages/openactive-integration-tests/test/features/authentication/booking-partner-authentication/feature.json index 1e5e2294b7..944064a338 100644 --- a/packages/openactive-integration-tests/test/features/authentication/booking-partner-authentication/feature.json +++ b/packages/openactive-integration-tests/test/features/authentication/booking-partner-authentication/feature.json @@ -2,7 +2,7 @@ "category": "authentication", "identifier": "booking-partner-authentication", "name": "Booking Partner Authentication for Multiple Seller Systems", - "description": "OAuth based authentication for Sellers", + "description": "OpenID Connect based Booking Partner authentication.", "explainer": "", "specificationReference": "https://www.openactive.io/open-booking-api/EditorsDraft/#openid-connect-booking-partner-authentication-for-multiple-seller-systems", "required": false, diff --git a/packages/openactive-integration-tests/test/features/authentication/booking-partner-authentication/implemented/client-credentials-flow-test.js b/packages/openactive-integration-tests/test/features/authentication/booking-partner-authentication/implemented/client-credentials-flow-test.js index 1ad71ca90e..f717c425df 100644 --- a/packages/openactive-integration-tests/test/features/authentication/booking-partner-authentication/implemented/client-credentials-flow-test.js +++ b/packages/openactive-integration-tests/test/features/authentication/booking-partner-authentication/implemented/client-credentials-flow-test.js @@ -11,8 +11,8 @@ FeatureHelper.describeFeature(module, { testFeature: 'booking-partner-authentication', testFeatureImplemented: true, testIdentifier: 'client-credentials-flow', - testName: 'Client Credentials Flow and Access Orders Feed', - testDescription: '...', + testName: 'Client Credentials Flow', + testDescription: 'Client Credentials Flow allows Booking Partners to access the Orders Feed', doesNotUseOpportunitiesMode: true, surviveAuthenticationFailure: true, }, diff --git a/packages/openactive-integration-tests/test/features/authentication/dynamic-client-registration/README.md b/packages/openactive-integration-tests/test/features/authentication/dynamic-client-registration/README.md index 51ab5f9d22..8633e4becb 100644 --- a/packages/openactive-integration-tests/test/features/authentication/dynamic-client-registration/README.md +++ b/packages/openactive-integration-tests/test/features/authentication/dynamic-client-registration/README.md @@ -1,8 +1,9 @@ [< Return to Overview](../../README.md) # Dynamic Client Registration for Multiple Seller Systems (dynamic-client-registration) -For multi-database booking systems where the customer manages Open Booking API client credentials. +Implements OpenID Connect Dynamic Client Registration. For multi-database booking systems where the customer manages Open Booking API client credentials. +The Booking System must implement OpenID Connect Dynamic Client Registration, which requires an Initial Access Token https://www.openactive.io/open-booking-api/EditorsDraft/#openid-connect-booking-partner-authentication-for-multiple-seller-systems @@ -33,6 +34,6 @@ Update `default.json` within `packages/openactive-integration-tests/config/` as | Identifier | Name | Description | Prerequisites per Opportunity Type | |------------|------|-------------|---------------| | [authorization-code-flow](./implemented/authorization-code-flow-test.js) | Authorization Code Flow | The Authorization Code Flow allows Sellers to authenticate with Booking Partners | | -| [client-credentials-flow](./implemented/client-credentials-flow-test.js) | Client Credentials Flow and Access Orders Feed | ... | | +| [client-credentials-flow](./implemented/client-credentials-flow-test.js) | Client Credentials Flow | Client Credentials Flow allows Booking Partners to access the Orders Feed | | diff --git a/packages/openactive-integration-tests/test/features/authentication/dynamic-client-registration/feature.json b/packages/openactive-integration-tests/test/features/authentication/dynamic-client-registration/feature.json index 89755b1b82..a4c7807d5f 100644 --- a/packages/openactive-integration-tests/test/features/authentication/dynamic-client-registration/feature.json +++ b/packages/openactive-integration-tests/test/features/authentication/dynamic-client-registration/feature.json @@ -2,8 +2,8 @@ "category": "authentication", "identifier": "dynamic-client-registration", "name": "Dynamic Client Registration for Multiple Seller Systems", - "description": "For multi-database booking systems where the customer manages Open Booking API client credentials.", - "explainer": "", + "description": "Implements OpenID Connect Dynamic Client Registration. For multi-database booking systems where the customer manages Open Booking API client credentials.", + "explainer": "The Booking System must implement OpenID Connect Dynamic Client Registration, which requires an Initial Access Token", "specificationReference": "https://www.openactive.io/open-booking-api/EditorsDraft/#openid-connect-booking-partner-authentication-for-multiple-seller-systems", "required": false, "coverageStatus": "complete" diff --git a/packages/openactive-integration-tests/test/features/authentication/dynamic-client-registration/implemented/client-credentials-flow-test.js b/packages/openactive-integration-tests/test/features/authentication/dynamic-client-registration/implemented/client-credentials-flow-test.js index 6f167ce23f..c2394e11fa 100644 --- a/packages/openactive-integration-tests/test/features/authentication/dynamic-client-registration/implemented/client-credentials-flow-test.js +++ b/packages/openactive-integration-tests/test/features/authentication/dynamic-client-registration/implemented/client-credentials-flow-test.js @@ -12,8 +12,8 @@ FeatureHelper.describeFeature(module, { testFeature: 'dynamic-client-registration', testFeatureImplemented: true, testIdentifier: 'client-credentials-flow', - testName: 'Client Credentials Flow and Access Orders Feed', - testDescription: '...', + testName: 'Client Credentials Flow', + testDescription: 'Client Credentials Flow allows Booking Partners to access the Orders Feed', doesNotUseOpportunitiesMode: true, surviveAuthenticationFailure: true, surviveDynamicRegistrationFailure: true,