Halcyon Platform Web Test Harness
Explicit UI tests for the Identity Service (ID).
Fetch and validate the /.well-known/openid-configuration endpoint from the Identity Server.
{
"issuer": "https://id.bootstrap.hlcn.xyz",
"jwks_uri": "https://id.bootstrap.hlcn.xyz/.well-known/openid-configuration/jwks",
"authorization_endpoint": "https://id.bootstrap.hlcn.xyz/connect/authorize",
"token_endpoint": "https://id.bootstrap.hlcn.xyz/connect/token",
"userinfo_endpoint": "https://id.bootstrap.hlcn.xyz/connect/userinfo",
"end_session_endpoint": "https://id.bootstrap.hlcn.xyz/connect/endsession",
"check_session_iframe": "https://id.bootstrap.hlcn.xyz/connect/checksession",
"revocation_endpoint": "https://id.bootstrap.hlcn.xyz/connect/revocation",
"introspection_endpoint": "https://id.bootstrap.hlcn.xyz/connect/introspect",
"device_authorization_endpoint": "https://id.bootstrap.hlcn.xyz/connect/deviceauthorization",
"backchannel_authentication_endpoint": "https://id.bootstrap.hlcn.xyz/connect/ciba",
"pushed_authorization_request_endpoint": "https://id.bootstrap.hlcn.xyz/connect/par",
"require_pushed_authorization_requests": false,
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"backchannel_logout_supported": true,
"backchannel_logout_session_supported": true,
"scopes_supported": [
"openid",
"profile",
"email",
"roles",
"halcyon.api",
"offline_access"
],
"claims_supported": [
"sub",
"name",
"family_name",
"given_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"gender",
"birthdate",
"zoneinfo",
"locale",
"updated_at",
"display_name",
"birthday",
"profile_url",
"email",
"email_verified",
"role"
],
"grant_types_supported": [
"authorization_code",
"client_credentials",
"refresh_token",
"implicit",
"password",
"urn:ietf:params:oauth:grant-type:device_code",
"urn:openid:params:grant-type:ciba"
],
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported": [
"form_post",
"query",
"fragment"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"subject_types_supported": [
"public"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"request_parameter_supported": true,
"request_object_signing_alg_values_supported": [
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS512",
"ES256",
"ES384",
"ES512"
],
"prompt_values_supported": [
"none",
"login",
"consent",
"select_account"
],
"authorization_response_iss_parameter_supported": true,
"backchannel_token_delivery_modes_supported": [
"poll"
],
"backchannel_user_code_parameter_supported": true,
"dpop_signing_alg_values_supported": [
"RS256",
"RS384",
"RS512",
"PS256",
"PS384",
"PS512",
"ES256",
"ES384",
"ES512"
]
}Verify that a user can register for an account and is linked to the customer realm. Testing the multi-tenancy registration page.
Trigger the OIDC challenge. Verify that ClientName ("Halcyon Test Suite") and LogoUri injected via branding are visible on the login page.
Link to the Identity platform profile management interface. Test updates to DisplayName, Birthday, and ProfileUrl.
Inspect the authenticated user's claims to ensure profile and role data is present and correctly filtered.
Change password while logged in:
Change PasswordReset password via email (Logged out):
Forgot PasswordVerify user can initiate an email change which requires confirmation via a tokenized link.
Change Email AddressTrigger the OIDC logout challenge. Verify that the Identity Server session is terminated and local cookies are cleared.
Run the full automated integration test suite directly from the web application, verifying Identity Server endpoints, token generation, and security boundaries.