public void OriginalCallbackUri_Not_Changed()
{
// arrange
#pragma warning disable CS0618 // Type or member is obsolete
var options = new OpenIDConnectOptions();
#pragma warning restore CS0618 // Type or member is obsolete
var requestContext = OwinTestHelpers.CreateRequest("GET", string.Empty);
// act
var redirectUri = UriUtility.CalculateFullRedirectUri(options, requestContext.Request);
// assert
Assert.StartsWith(options.AuthDomain, redirectUri);
Assert.Contains("response_type=code", redirectUri);
Assert.Contains("scope=openid", redirectUri);
Assert.EndsWith("redirect_uri=" + WebUtility.UrlEncode("http://localhost/signin-oidc"), redirectUri);
}
public void Configure_ObsoleteVersion_NoServiceInfo_ReturnsDefaults()
{
// arrange
#pragma warning disable CS0618 // Type or member is obsolete
var opts = new OpenIDConnectOptions();
#pragma warning restore CS0618 // Type or member is obsolete
string authURL = "http://" + CloudFoundryDefaults.OAuthServiceUrl;
// act
OpenIdConnectConfigurer.Configure(null, opts);
// assert
Assert.Equal("PivotalSSO", opts.AuthenticationType);
Assert.Equal(CloudFoundryDefaults.ClientId, opts.ClientId);
Assert.Equal(CloudFoundryDefaults.ClientSecret, opts.ClientSecret);
Assert.Equal(new PathString("/signin-oidc"), opts.CallbackPath);
Assert.Equal(authURL + CloudFoundryDefaults.CheckTokenUri, opts.TokenInfoUrl);
Assert.True(opts.ValidateCertificates);
}
public void ConfigureServices(IServiceCollection services)
{
// Configuring the database connection
services.AddDbContext <Context>(options =>
{
options.UseMySql(this._Config.GetConnectionString("Database"));
});
// Configuring the authentication
var oidcOpt = new OpenIDConnectOptions();
this._Config.GetSection("OIDC")
.Bind(oidcOpt);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, opt => {
opt.TokenValidationParameters = new TokenValidationParameters
{
ClockSkew = TimeSpan.FromMinutes(5),
RequireSignedTokens = true,
RequireExpirationTime = true,
ValidateLifetime = true,
ValidateAudience = true,
ValidateIssuer = true
};
if (oidcOpt.ValidAudiences != null)
{
opt.TokenValidationParameters.ValidAudiences =
oidcOpt.ValidAudiences;
}
if (oidcOpt.ValidIssuers != null)
{
opt.TokenValidationParameters.ValidIssuers =
oidcOpt.ValidIssuers;
}
if (oidcOpt.IssuerSigningKeys != null)
{
opt.TokenValidationParameters.IssuerSigningKeys =
oidcOpt.IssuerSigningKeys.Select(
k => new JsonWebKey(k));
}
if (oidcOpt.Configuration != null)
{
opt.ConfigurationManager =
new ConfigurationManager <OpenIdConnectConfiguration>(
oidcOpt.Configuration,
new OpenIdConnectConfigurationRetriever());
}
});
// Configuring the endpoint controllers
services.AddControllers(opt =>
{
// Any request to any controller shall require an authenticated
// user. (The AllowAnonymousAttribute may override this.)
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
opt.Filters.Add(new AuthorizeFilter(policy));
})
.AddJsonOptions(opt =>
{
opt.JsonSerializerOptions.Converters.Add(
new JsonStringEnumConverter());
});
}
