Skip to main content
  1. Data-holder-testings/

Testing scenarios

Table of Contents

There are 2 broad categories of test scenarios:

  • Environment Setup
  • Correct Responses for Data

The dependency tree for the scenarios is

graph LR setup[Setup Environment] --> DCR[Dynamic Client Registration] DCR --> PAR[Pushed Authorization] PAR --> account[Get Accounts] PAR --> customer[Get Customer] PAR --> customer-detail[Get Customer Detail] PAR --> payee[Get Payees] PAR --> bulk-balance[Get Bulk Balances] PAR --> bulk-direct-debits[Get Bulk Direct Debits] PAR --> bulk-payments[Get Bulk Scheduled Payments] account --> account-detail[Get Account Detail] account --> account-balance[Get Account Balance] account --> specific-accounts-balances[Get Specific Accounts Balances] account --> account-direct-ebits[Get Account Direct Debits] account --> specific-accounts-direct-debitss[Get Specific Accounts Direct Debitss] account --> account-payments[Get Account Scheduled Payments] account --> specific-accounts-paymentss[Get Specific Accounts Scheduled payments] account --> transactions[Get Account Transactions] payee --> payee-detail[Get Payee Detail] transactions --> transaction-detail[Get Transaction detail] product[Get Products] --> product-detail[Get Product detail] outage[Get Outages] status[Get Status]

Environment Setup #

Environment setup includes running a DCR and Pushed Authorization Request.

This ensures that a recipient can talk to the dataholder, the dataholder can talk to the register and that access from the dataholder can be granted to the recipient

Scenarios #

Setup Environment #

  • Setup Environment
    • Ensures the register is aware of the dataholder
    • Ensures the register is aware of the recipient as a software product
    • Generates a private key for the recipient

Dynamic Client Registration #

Dynamic client registration is dependent on the success of the Setup Environment test

The failure cases involve manipulating the data sent in the client registration request object, if any failure cases result in a successful registration then the success case will fail

  • Failure Cases
    • Invalid request issuer
    • Invalid request software-id
    • Invalid request software-statement
    • Invalid request jwks-uri
    • Invalid request redirect-uri
    • Invalid request org-id
    • Invalid request org-name
    • Invalid request client-name
    • Invalid request client-description
    • Invalid request client-uri
    • Invalid request logo-uri
    • Invalid request grant-types
    • Invalid request response-types
    • Invalid request scopes
    • Empty request jwt-id
    • Empty request jwt-aud
    • Empty request jwt-iss
    • Empty request jwt-iat
    • Empty request jwt-exp
    • Empty request token-endpoint-auth-method
    • Empty request token-endpoint-auth-signing-alg
    • Empty request id-token-signed-response-alg
    • Empty request authorization-signed-response-algorithm
  • Success Case
    • Perform a DCR and obtain a Client ID for the recipient

Pushed Authorization Request #

Pushed Authorization Depends on the Dynamic client registration Success case passing

Pushed authorization is the act of initiating and later obtaining consent to the dataholder from a user. This step includes a manual piece which contains the redirect to the dataholder auth service.

The failure cases involve manipulating the request object sent in the Pushed Authorization Request. Unlike in DCR a if a failure case results in a successful PAR exchange the success test is not blocked

  • Failure Cases
    • Invalid client-id
    • Invalid redirect-uri
    • Invalid response-type
    • Invalid scope
    • Empty jwt-id
    • Empty jwt-aud
    • Empty jwt-iss
    • Empty jwt-iat
    • Empty jwt-exp
    • Empty jwt-nbf
  • Success Cases
    • Initiate a PAR exchange against the dataholder auth server and obtain a login uri
    • After navigating to the login uri and completing the datholder login flow, exchange authorization code for access token

Data Responses #

The Data response tests validate that a recipient can access the data available to a user, this includes unauthenticated requests to the product endpoints, as well as the outages and status endpoints

Endpoints #

  • Get Products
  • Get Product Detail
  • Get Outages
  • Get Status
  • Get Accounts
  • Get Account Detail
  • Get Bulk Balances
  • Get Account Balance
  • Get Specific Accounts Balances
  • Get Bulk Direct Debits
  • Get Account Direct Debits
  • Get Specific Accounts Direct Debits
  • Get Bulk Scheduled Payments
  • Get Account Scheduled Payments
  • Get Specific Accounts Scheduled Payements
  • Get Account Transactions
  • Get Transaction Detail
  • Get Customer
  • Get Customer Detail
  • Get Payees
  • Get Payee Detail

Get Products #

Get Product Detail #

Get Product Details has been reduced to failing on the first error due to:

  1. the volume of records in a Get Products response
  2. the consist high volume of issues within Product Details endpoints
  3. the difficulty in presenting the large volume of errors in an easily digestible manner

Get Outages #

Get Status #

Get Accounts #

Get Accounts Depends on the Pushed Authorization Success case passing

Get Account Detail #

Get Account Detail Depends on the Get Accounts - Get Accounts Success case passing

Get Bulk Balances #

Get Bulk Balances Depends on the Pushed Authorization Success case passing

Get Account Balance #

Get Account Balance Depends on the Get Accounts - Get Accounts Success case passing

Get Specific Accounts Balance #

Get Specific Account Balance Depends on the Get Accounts - Get Accounts Success case passing

Get Bulk Direct Debits #

Get Bulk Direct Debits Depends on the Pushed Authorization Success case passing

Get Account Direct Debits #

Get Account Direct Debits Depends on the Get Accounts - Get Accounts Success case passing

Get Specific Accounts Direct Debits #

Get Specific Account Direct Debits Depends on the Get Accounts - Get Accounts Success case passing

Get Bulk Scheduled Payments #

Get Bulk Scheduled Payments Depends on the Pushed Authorization Success case passing

Get Account Scheduled Payments #

Get Account Scheduled Payments Depends on the Get Accounts - Get Accounts Success case passing

Get Specific Accounts Scheduled Payments #

Get Specific Account Scheduled Payements Depends on the Get Accounts - Get Accounts Success case passing

Get Account Transactions #

Get Account Transactions Depends on the Get Accounts - Get Accounts Success case passing

Get Transaction Detail #

Get Transation Detail Depends on the Get Account Transactions - Get Account Transactions Success case passing

Get Customer #

Get Customer Depends on the Pushed Authorization Success case passing

Get Customer Detail #

Get Customer Detail Depends on the Pushed Authorization Success case passing

Get Payees #

Get Payees Depends on the Pushed Authorization Success case passing

Get Payee Detail #

Get Payee Detail Depends on the Get Payees - Get Payees Success case passing