Authentication

All activities from the moment the end-user begins the authentication flow to the point when Akoya returns an ID token for your app to use with Akoya APIs for data calls.

“Happy path” tests

Test caseTask(s)Expected result(s)
Successful creation of OAuth linkDirect end-user to the Mikomo login.End-user goes from your app to the provider login screen.
Valid loginGo through Mikomo’s authentication flow and reach the account selection screen.Successfully arrive at the account selection screen displaying all the user’s accounts.
Successful account selectionSelect the desired financial accounts.End-user’s accounts are selected without error.
Successful redirect to expected redirect_uriThe app/browser takes user to the success page.Successfully arrive at your app’s redirect URI.
Successful retrieval of authentication codeStore the authentication code.Authentication code is used for next step, retrieving tokens.
Successful token validationUse the Token endpoint to request refresh and ID tokens.Valid refresh_token and id_token tokens are returned. These tokens are associated with the Mikomo end-user who logged-in and the specified sandbox app, provider (Mikomo), and selected accounts.

“Sad path” tests

Test caseTask(s)Expected result(s)
Login failure (invalid connector)Provide an invalid providerId in the auth URL for connector (e.g. Mikomoo vs Mikomo).HTTP 400: Bad Request
Login failure (no connector)Provide connector without a value.HTTP 403: Forbidden

Possible: HTTP 200: OK. When this occurs, an Akoya login screen may appear and will not be usable for your end-user.
Login failure (invalid redirect_uri)1. Provide an empty redirect_uri.

2. Provide an incorrect redirect_uri.
(Both tasks): HTTP 400: Bad Request
Login failure (invalid client_id)1. Provide an empty client_id.

2. Provide an incorrect client_id.
(Both tasks): HTTP 400: Bad Request
Login failure (invalid response_type)Provide an empty response_type.HTTP 403: Forbidden or HTTP 200: OK with error parameter in URL:

<your redirect_uri>callback?error=invalid_requests
Login failure (invalid scope)1. Provide an empty scope.

2. scope missing openid.
HTTP 403: Forbidden or HTTP 200: OK with error parameter in URL:

<your redirect_uri>callback?error=invalid_scope
Login failure (invalid scope)scope missing offline_access.End-user login will be successful.

Initial token endpoint response will be missing refresh_token
Login failure (incorrect username/password)Enter incorrect user credentials.HTTP 401: Unauthorized

Receive an error message in the UI that the end-user’s username and/or password is incorrect.