public async Task OnGeneratingClaims_DoesNotAddNonce_WhenNotPresentInTheRequest(string tokenType)
{
// Arrange
var context = new TokenGeneratingContext(
new ClaimsPrincipal(),
new ClaimsPrincipal(),
new OpenIdConnectMessage()
{
RequestType = OpenIdConnectRequestType.Authentication
},
new RequestGrants()
{
// Makes sure we don't add the nonce in an authorization request
// even if for some reason ends up in the claims grant (which is not
// used in authentication).
Claims = new List <Claim> {
new Claim(IdentityServiceClaimTypes.Nonce, "nonce-value")
}
});
var claimsProvider = new NonceTokenClaimsProvider();
context.InitializeForToken(tokenType);
// Act
await claimsProvider.OnGeneratingClaims(context);
var claims = context.CurrentClaims;
// Assert
Assert.DoesNotContain(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Nonce));
}
public async Task OnGeneratingClaims_AddsNonce_WhenPresentInTheGrantClaimsOfATokenRequest(string tokenType)
{
// Arrange
var context = new TokenGeneratingContext(
new ClaimsPrincipal(),
new ClaimsPrincipal(),
new OpenIdConnectMessage()
{
RequestType = OpenIdConnectRequestType.Token,
// Makes sure we ignore the value from the request
// for non authorization requests even when its present.
Nonce = "invalid-value"
},
new RequestGrants()
{
Claims = new List <Claim> {
new Claim(IdentityServiceClaimTypes.Nonce, "nonce-value")
}
});
var claimsProvider = new NonceTokenClaimsProvider();
context.InitializeForToken(tokenType);
// Act
await claimsProvider.OnGeneratingClaims(context);
var claims = context.CurrentClaims;
// Assert
Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Nonce) && c.Value.Equals("nonce-value"));
}
public async Task OnGeneratingClaims_AddsNonceToCodeAccessAndIdToken_WhenPresentInTheRequest(string tokenType)
{
// Arrange
var context = new TokenGeneratingContext(
new ClaimsPrincipal(),
new ClaimsPrincipal(),
new OpenIdConnectMessage()
{
Nonce = "nonce-value",
RequestType = OpenIdConnectRequestType.Authentication
},
new RequestGrants()
{
Claims = new List <Claim> {
new Claim(IdentityServiceClaimTypes.Nonce, "invalid-nonce")
}
});
var claimsProvider = new NonceTokenClaimsProvider();
context.InitializeForToken(tokenType);
// Act
await claimsProvider.OnGeneratingClaims(context);
var claims = context.CurrentClaims;
// Assert
Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Nonce) && c.Value.Equals("nonce-value"));
}
