apigee
diff --git a/‎labs/idp-okta-integration/README.md
+5-5 b/‎labs/idp-okta-integration/README.md
+5-5
diff --git a/‎references/identity-facade/pipeline.sh
+2-2 b/‎references/identity-facade/pipeline.sh
+2-2
diff --git a/‎references/identity-facade/test/integration/features/identity-facade.authorize-pkce.feature
+6-6 b/‎references/identity-facade/test/integration/features/identity-facade.authorize-pkce.feature
+6-6
diff --git a/‎references/identity-facade/test/integration/features/identity-facade.authorize.feature
+7-7 b/‎references/identity-facade/test/integration/features/identity-facade.authorize.feature
+7-7
diff --git a/‎references/identity-facade/test/integration/features/identity-facade.end2end-pkce.feature
+3-3 b/‎references/identity-facade/test/integration/features/identity-facade.end2end-pkce.feature
+3-3
diff --git a/‎references/identity-facade/test/integration/features/identity-facade.end2end.feature
+3-3 b/‎references/identity-facade/test/integration/features/identity-facade.end2end.feature
+3-3
diff --git a/‎references/identity-facade/test/integration/features/identity-facade.token-basic-auth.feature
+15-15 b/‎references/identity-facade/test/integration/features/identity-facade.token-basic-auth.feature
+15-15
diff --git a/‎references/identity-facade/test/integration/features/identity-facade.token-forms-auth.feature
+15-15 b/‎references/identity-facade/test/integration/features/identity-facade.token-forms-auth.feature
+15-15
@@ -180,15 +180,15 @@ This test will simulate a three-legged [OAuth 2.0](https://cloud.google.com/apig
      - You can generate the authorization url using the command below.
 
      ```bash
-     export AUTH_URL="https://$APIGEE_X_HOSTNAME/v1/oauth20/authorize?client_id=$APIGEE_CLIENT_ID&response_type=code&scope=openid email profile&state=abcd-1234&redirect_uri=https://httpbin.org/get"
+     export AUTH_URL="https://$APIGEE_X_HOSTNAME/v1/oauth20/authorize?client_id=$APIGEE_CLIENT_ID&response_type=code&scope=openid email profile&state=abcd-1234&redirect_uri=https://mocktarget.apigee.net/echo"
      echo $AUTH_URL
      ```
 
 2. Apigee will redirect to Okta to generate an authorization code. Log in using the Okta credentials for the user created earlier.
 
      ![Okta Auth](assets/okta-auth-code-login.png)
 
-3. After successful authentication, Okta redirects to the Apigee callback URL (/v1/oauth20/callback), which controls the incoming query parameters, generate an authorization code (using the same value as the one provided by Okta) and performs a redirection on the client app redirect_uri `https://httpbin.org/get` providing the authorization_code and initial state parameters.
+3. After successful authentication, Okta redirects to the Apigee callback URL (/v1/oauth20/callback), which controls the incoming query parameters, generate an authorization code (using the same value as the one provided by Okta) and performs a redirection on the client app redirect_uri `https://mocktarget.apigee.net/echo` providing the authorization_code and initial state parameters.
 
      - In a real-world scenario, the redirection would be back to the client application and it would parse Okta's response to capture the authorization code
 
@@ -201,7 +201,7 @@ This test will simulate a three-legged [OAuth 2.0](https://cloud.google.com/apig
      export APIGEE_RESPONSE=$(curl -s --location --request POST "https://$APIGEE_X_HOSTNAME/v1/oauth20/token?client_id=$APIGEE_CLIENT_ID" \
      --header "Authorization: Basic $BASE64_ENCODED" \
      --header 'Content-Type: application/x-www-form-urlencoded' \
-     --data-urlencode 'redirect_uri=https://httpbin.org/get' \
+     --data-urlencode 'redirect_uri=https://mocktarget.apigee.net/echo' \
      --data-urlencode 'grant_type=authorization_code' \
      --data-urlencode "code=$AUTH_CODE")
      echo $APIGEE_RESPONSE
@@ -266,7 +266,7 @@ The default Apigee install includes a /hello-world proxy. In this section we wil
      export APIGEE_CLIENT_ID=F3gGHZGtPPg6FcZqo0JwXFbV2NVkW0ILOXKte9HMFWJsOgR8
      export APIGEE_SECRET=3m5VFXhQIcMO45dhK8YZ85Svw97iTIdiuBnIQMSPJQrZHQQrkQ1aPsYJ3gWVec41
      export BASE64_ENCODED=$(echo -n $APIGEE_CLIENT_ID:$APIGEE_SECRET | base64)
-     export AUTH_URL="https://$APIGEE_X_HOSTNAME/v1/oauth20/authorize?client_id=$APIGEE_CLIENT_ID&response_type=code&scope=openid email profile&state=abcd-1234&redirect_uri=https://httpbin.org/get"
+     export AUTH_URL="https://$APIGEE_X_HOSTNAME/v1/oauth20/authorize?client_id=$APIGEE_CLIENT_ID&response_type=code&scope=openid email profile&state=abcd-1234&redirect_uri=https://mocktarget.apigee.net/echo"
      echo "$AUTH_URL"
      ```
 
@@ -285,7 +285,7 @@ The default Apigee install includes a /hello-world proxy. In this section we wil
      export AUTH_CODE={authorization code returned above}
      export APIGEE_RESPONSE=$(curl -s --location --request POST "https://$APIGEE_X_HOSTNAME/v1/oauth20/token?client_id=$APIGEE_CLIENT_ID" \--header "Authorization: Basic $BASE64_ENCODED" \
      --header 'Content-Type: application/x-www-form-urlencoded' \
-     --data-urlencode 'redirect_uri=https://httpbin.org/get' \
+     --data-urlencode 'redirect_uri=https://mocktarget.apigee.net/echo' \
      --data-urlencode 'grant_type=authorization_code' \
      --data-urlencode "code=$AUTH_CODE")
 
 
@@ -206,7 +206,7 @@ generate_edge_json() {
                     "apiProducts": [
                         "IdentityFacade"
                     ],
-                    "callbackUrl": "https://httpbin.org/get",
+                    "callbackUrl": "https://mocktarget.apigee.net/echo",
                     "scopes": []
                 }
             ]
@@ -259,7 +259,7 @@ generate_authz_url() {
     RESPONSE_TYPE="&response_type=code"
     SCOPE="&scope=openid email profile"
     STATE="&state=abcd-1234"
-    REDIRECT_URI="&redirect_uri=https://httpbin.org/get"
+    REDIRECT_URI="&redirect_uri=https://mocktarget.apigee.net/echo"
 
     # is pkce enabled (=true) or not
     if [ "$4" = "true" ];then
 
@@ -1,24 +1,24 @@
 @pkce @authorize
 Feature:
-  As a Client App 
+  As a Client App
   I want to access the protected resource of an API
   So that I can retrieve different types of information
 
   Scenario: I should get an error if client_id is missing or invalid
-    When I GET /authorize?client_id=xxx&redirect_uri=https://httpbin.org/get&response_type=code&state=12345&scope=openid%20email`pkceCodeVerifier`
+    When I GET /authorize?client_id=xxx&redirect_uri=https://mocktarget.apigee.net/echo&response_type=code&state=12345&scope=openid%20email`pkceCodeVerifier`
     Then response code should be 401
     And response body should be valid json
 
   Scenario: I should get an error if client_id contains heading or trailing spaces
-    When I GET /authorize?client_id=`spaceCharacters``clientId`&redirect_uri=https://httpbin.org/get&response_type=code&state=12345&scope=openid%20email`pkceCodeVerifier`
+    When I GET /authorize?client_id=`spaceCharacters``clientId`&redirect_uri=https://mocktarget.apigee.net/echo&response_type=code&state=12345&scope=openid%20email`pkceCodeVerifier`
     Then response code should be 401
     And response body should be valid json
-    
+
   Scenario: I should get an error if redirect_uri is missing or invalid
     When I GET /authorize?client_id=`clientId`&redirect_uri=https://example.com/invalid&response_type=code&state=12345&scope=openid%20email`pkceCodeVerifier`
     Then response code should be 400
     And response body path $.error should be invalid_request
-    
+
   Scenario: I should get an error if response_type is missing or invalid
     Given I navigate to the authorize page with an invalid response type
     Then I am redirected to the Client App
@@ -28,7 +28,7 @@ Feature:
     Given I navigate to the authorize page without a scope parameter
     Then I am redirected to the Client App
     Then I receive an invalid_request error
-    
+
   Scenario: User Authorizes with state missing
     Given I navigate to the authorize page without a state parameter
     When I sign in and consent
 
@@ -1,24 +1,24 @@
 @authorize
 Feature:
-  As a Client App 
+  As a Client App
   I want to access the protected resource of an API
   So that I can retrieve different types of information
 
   Scenario: I should get an error if client_id is missing or invalid
-    When I GET /authorize?client_id=xxx&redirect_uri=https://httpbin.org/get&response_type=code&state=12345&scope=openid%20email
+    When I GET /authorize?client_id=xxx&redirect_uri=https://mocktarget.apigee.net/echo&response_type=code&state=12345&scope=openid%20email
     Then response code should be 401
     And response body should be valid json
 
   Scenario: I should get an error if client_id contains heading or trailing spaces
-    When I GET /authorize?client_id=`spaceCharacters``clientId`&redirect_uri=https://httpbin.org/get&response_type=code&state=12345&scope=openid%20email
+    When I GET /authorize?client_id=`spaceCharacters``clientId`&redirect_uri=https://mocktarget.apigee.net/echo&response_type=code&state=12345&scope=openid%20email
     Then response code should be 401
     And response body should be valid json
-    
+
   Scenario: I should get an error if redirect_uri is missing or invalid
     When I GET /authorize?client_id=`clientId`&redirect_uri=https://example.com/invalid&response_type=code&state=12345&scope=openid%20email
     Then response code should be 400
     And response body path $.error should be invalid_request
-    
+
   Scenario: I should get an error if response_type is missing or invalid
     Given I navigate to the authorize page with an invalid response type
     Then I am redirected to the Client App
@@ -28,14 +28,14 @@ Feature:
     Given I navigate to the authorize page without a scope parameter
     Then I am redirected to the Client App
     Then I receive an invalid_request error
-    
+
   Scenario: User Authorizes with state missing
     Given I navigate to the authorize page without a state parameter
     When I sign in and consent
     Then I am redirected to the Client App
     And I receive an auth code in a query param
     And I store the auth code in global scope
-  
+
   Scenario: User Authorizes
     Given I navigate to the authorize page
     When I sign in and consent
 
@@ -1,6 +1,6 @@
 @pkce @end2end
 Feature:
-  As a Client App 
+  As a Client App
   I want to access the protected resource of an API
   So that I can retrieve different types of information
 
@@ -14,11 +14,11 @@ Feature:
 
   Scenario: Generate Access Token
     Given I have basic authentication credentials `clientId` and `clientSecret`
-    And I set form parameters to 
+    And I set form parameters to
       | parameter   | value		      |
       | grant_type  | authorization_code      |
       | code        | `authCode`              |
-      | redirect_uri| https://httpbin.org/get |
+      | redirect_uri| https://mocktarget.apigee.net/echo |
       |	state	    | `state`		      |
       |	scope	    | `scope`		      |
       | code_verifier | `codeVerifier` |
 
@@ -1,6 +1,6 @@
 @end2end
 Feature:
-  As a Client App 
+  As a Client App
   I want to access the protected resource of an API
   So that I can retrieve different types of information
 
@@ -14,11 +14,11 @@ Feature:
 
   Scenario: Generate Access Token
     Given I have basic authentication credentials `clientId` and `clientSecret`
-    And I set form parameters to 
+    And I set form parameters to
       | parameter   | value		      |
       | grant_type  | authorization_code      |
       | code        | `authCode`              |
-      | redirect_uri| https://httpbin.org/get |
+      | redirect_uri| https://mocktarget.apigee.net/echo |
       |	state	    | `state`		      |
       |	scope	    | `scope`		      |
     When I POST to /token
 
@@ -1,6 +1,6 @@
 @token
 Feature:
-  As a Client App 
+  As a Client App
   I want to access the protected resource of an API
   So that I can retrieve different types of information
 
@@ -14,76 +14,76 @@ Feature:
 
   Scenario: Generate Access Token
     Given I have basic authentication credentials `clientId` and `clientSecret`
-    And I set form parameters to 
+    And I set form parameters to
       | parameter   | value		      |
       | grant_type  | authorization_code      |
       | code        | `authCode`              |
-      | redirect_uri| https://httpbin.org/get |
+      | redirect_uri| https://mocktarget.apigee.net/echo |
     When I POST to /token
     Then response code should be 200
     And I store the value of body path $.access_token as userToken in global scope
 
   Scenario: I should get an error if client_id is invalid
     Given I have basic authentication credentials invalid-client_id and `clientSecret`
-    And I set form parameters to 
+    And I set form parameters to
       | parameter   | value		      |
       | grant_type  | authorization_code      |
       | code        | `authCode`              |
-      | redirect_uri| https://httpbin.org/get |
+      | redirect_uri| https://mocktarget.apigee.net/echo |
     When I POST to /token
     Then response code should be 401
     And response body should be valid json
 
   Scenario: I should get an error if client_secret is invalid
     Given I have basic authentication credentials `clientId` and invalid-client_secret
-    And I set form parameters to 
+    And I set form parameters to
       | parameter   | value		      |
       | grant_type  | authorization_code      |
       | code        | `authCode`              |
-      | redirect_uri| https://httpbin.org/get |
+      | redirect_uri| https://mocktarget.apigee.net/echo |
     When I POST to /token
     Then response code should be 401
     And response body path $.error should be invalid_client
 
   Scenario: I should get an error if redirect_uri is missing or invalid
     Given I have basic authentication credentials `clientId` and `clientSecret`
-    And I set form parameters to 
+    And I set form parameters to
       | parameter   | value		      |
       | grant_type  | authorization_code      |
       | code        | `authCode`              |
       | redirect_uri| https://example.com/invalid |
     When I POST to /token
     Then response code should be 400
     And response body path $.error should be invalid_request
-  
+
   Scenario: I should get an error if authorization code is invalid
     Given I have basic authentication credentials `clientId` and `clientSecret`
-    And I set form parameters to 
+    And I set form parameters to
       | parameter   | value		      |
       | grant_type  | authorization_code      |
       | code        | invalid-code            |
-      | redirect_uri| https://httpbin.org/get |
+      | redirect_uri| https://mocktarget.apigee.net/echo |
     When I POST to /token
     Then response code should be 404
     And response body should be valid json
 
   Scenario: I should get an error if authorization code is missing
     Given I have basic authentication credentials `clientId` and `clientSecret`
-    And I set form parameters to 
+    And I set form parameters to
       | parameter   | value		      |
       | grant_type  | authorization_code      |
-      | redirect_uri| https://httpbin.org/get |
+      | redirect_uri| https://mocktarget.apigee.net/echo |
     When I POST to /token
     Then response code should be 400
     And response body path $.error should be invalid_grant
 
   Scenario: I should get an error if grant_type is not authorization_code
     Given I have basic authentication credentials `clientId` and `clientSecret`
-    And I set form parameters to 
+    And I set form parameters to
       | parameter   | value		      |
       | grant_type  | xxx           |
       | code        | `authCode`              |
-      | redirect_uri| https://httpbin.org/get |
+      | redirect_uri| https://mocktarget.apigee.net/echo |
     When I POST to /token
     Then response code should be 400
     And response body path $.error should be unsupported_grant_type
 
@@ -1,6 +1,6 @@
 @token
 Feature:
-  As a Client App 
+  As a Client App
   I want to access the protected resource of an API
   So that I can retrieve different types of information
 
@@ -13,43 +13,43 @@ Feature:
     And I store the state parameter in global scope
 
   Scenario: Generate Access Token
-    Given I set form parameters to 
+    Given I set form parameters to
       | parameter   | value		      |
       | grant_type  | authorization_code      |
       | code        | `authCode`              |
-      | redirect_uri| https://httpbin.org/get |
+      | redirect_uri| https://mocktarget.apigee.net/echo |
       | client_id     | `clientId`              |
       | client_secret | `clientSecret`          |
     When I POST to /token
     Then response code should be 200
     And I store the value of body path $.access_token as userToken in global scope
 
   Scenario: I should get an error if client_id is invalid
-    Given I set form parameters to 
+    Given I set form parameters to
       | parameter   | value		      |
       | grant_type  | authorization_code      |
       | code        | `authCode`              |
-      | redirect_uri| https://httpbin.org/get |
+      | redirect_uri| https://mocktarget.apigee.net/echo |
       | client_id     | invalid-client          |
       | client_secret | `clientSecret`          |
     When I POST to /token
     Then response code should be 401
     And response body should be valid json
 
   Scenario: I should get an error if client_secret is invalid
-    Given I set form parameters to 
+    Given I set form parameters to
       | parameter   | value		      |
       | grant_type  | authorization_code      |
       | code        | `authCode`              |
-      | redirect_uri| https://httpbin.org/get |
+      | redirect_uri| https://mocktarget.apigee.net/echo |
       | client_id     | `clientId`              |
       | client_secret | invalid-client          |
     When I POST to /token
     Then response code should be 401
     And response body path $.error should be invalid_client
 
   Scenario: I should get an error if redirect_uri is missing or invalid
-    Given I set form parameters to 
+    Given I set form parameters to
       | parameter   | value		      |
       | grant_type  | authorization_code      |
       | code        | `authCode`              |
@@ -59,36 +59,36 @@ Feature:
     When I POST to /token
     Then response code should be 400
     And response body path $.error should be invalid_request
-  
+
   Scenario: I should get an error if authorization code is invalid
-    Given I set form parameters to 
+    Given I set form parameters to
       | parameter   | value		      |
       | grant_type  | authorization_code      |
       | code        | invalid-code            |
-      | redirect_uri| https://httpbin.org/get |
+      | redirect_uri| https://mocktarget.apigee.net/echo |
       | client_id     | `clientId`              |
       | client_secret | `clientSecret`          |
     When I POST to /token
     Then response code should be 404
     And response body should be valid json
 
   Scenario: I should get an error if authorization code is missing
-    Given I set form parameters to 
+    Given I set form parameters to
       | parameter   | value		      |
       | grant_type  | authorization_code      |
-      | redirect_uri| https://httpbin.org/get |
+      | redirect_uri| https://mocktarget.apigee.net/echo |
       | client_id     | `clientId`              |
       | client_secret | `clientSecret`          |
     When I POST to /token
     Then response code should be 400
     And response body path $.error should be invalid_grant
 
   Scenario: I should get an error if grant_type is not authorization_code
-    Given I set form parameters to 
+    Given I set form parameters to
       | parameter   | value		      |
       | grant_type  | xxx           |
       | code        | `authCode`              |
-      | redirect_uri| https://httpbin.org/get |
+      | redirect_uri| https://mocktarget.apigee.net/echo |
       | client_id     | `clientId`              |
       | client_secret | `clientSecret`          |
     When I POST to /token