Doc Auth Test Plan
General Information
Team Charity currently handles two different vendors for Document Authentication, used for capturing pictures of a user’s ID or passport and face. One uses a SDK provided by Acuant, the other uses a service called Socure. Prior to each bi-weekly deploy, Team Charity should manually verify that Doc Auth is functioning as expected.
Cadence
When to test: ✅
Manual testing should be done prior to the regular full deploy of IdP to prod
. Typically we do a
full deploy twice weekly, on Tuesdays and Thursdays - see
Deploying new IdP and PKI code for
details and up-to-date cadence.
Mock IDs: If you want to test using a mock ID, you can access them using the link here.
Test Procedure
- Visit the Environments status page of the
Dashboard.
- Under Staging, click on either the
oidc-sinatra
or thesaml-sinatra
links to go to a sample app. - Note the git sha of the IdP in
staging
.
- Under Staging, click on either the
- From the sample app, under
Options > Level of Service
, selectBiometric Comparison
, then clickSign in
. - From the Login.gov sign in page, choose
Create an account
, enter your email with a modifier to make it unique, e.g.,first.last+yymmdd@gsa.gov
, and create your new account. - Using a mobile device or the hybrid handoff flow, go through identity verification up through document/selfie capture and note any issues with the
Acuant SDK. Things to look for may include:
- Does the SDK start?
- Does the SDK use the full screen?
- Does capture happen automatically?
- Does voice over work as expected?
- Is your ID successfully verified?
- Is the new feature we’re deploying working properly?
- Attempt to upload mismatched ID types:
- Proceed through the identity verification flow and select
Driver's License
, but upload aPassport
- Proceed through the identity verification and select
Passport
but upload aDriver's License
- The expected result should be that the IdP rejects the upload and displays an error message.
- Proceed through the identity verification flow and select
- Perform a valid passport test.
- Select
Passport
on theChoose your ID page
and verify your identity using aPassport
- Select
- Test the Socure flow:
- Lexis Nexis and Socure are typically split 50/50 in staging. If your run lands on the Lexis Nexis flow, create additional new accounts until you enter the Socure flow.
- Once in the
Socure
flow, complete it, ensuring Socure validation passes successfully
- Complete the full Identity Verification flow (including steps after Doc Auth).
- Previously, testing stopped after Doc Auth, but now the full Identity Verification journey must be completed.
Communications
Slack: @login-oncall-charity
receives a reminder, in #login-team-charity
on Tuesday and Thursday
mornings, to test the release prior to the day’s deploy (others are welcome to test as well!). When
conducting the test, react to the reminder with 👀 and reply in thread with:
- The mobile platform used (OS, browser, version)
- The path to document capture
- hybrid (start on desktop, switch to phone for capture)
- standard (start on phone)
- The git sha of the IdP tested (available from the Environment status page)
- Any issues encountered!
If an issue is found, we need to work quickly to triage and determine if the problem is being
introduced in the current deploy or if it is an existing bug. If new, work with @login-deployer
to try and revert the breaking changes prior to deployment. If old, file a bug in Jira and share
on the team’s channel for visibility.