public void HasScope_ReturnsExpectedResult(string scope, bool result)
        {
            // Arrange
            var request = new OpenIdConnectRequest();

            request.Scope = scope;

            // Act and assert
            Assert.Equal(result, request.HasScope(OpenIdConnectConstants.Scopes.OpenId));
        }
        public void HasScope_ThrowsAnExceptionForNullOrEmptyScope(string scope)
        {
            // Arrange
            var request = new OpenIdConnectRequest();

            // Act and assert
            var exception = Assert.Throws <ArgumentException>(delegate
            {
                request.HasScope(scope);
            });

            Assert.Equal("scope", exception.ParamName);
            Assert.StartsWith("The scope cannot be null or empty.", exception.Message);
        }
Beispiel #3
0
        private async Task <AuthenticationTicket> CreateTicket(OpenIdConnectRequest request, AuthenticationProperties properties = null)
        {
            //check if the client credentials exist
            var audience = await _audienceService.GetAudienceByIdSecret(request.ClientId, request.ClientSecret);

            if (audience == null)
            {
                return(null);
            }

            //var roles = audience.Channels?.Split(',');
            var    principal = CreateClaims(request, audience.AppName);
            var    ticket    = new AuthenticationTicket(principal, properties, OpenIdConnectServerDefaults.AuthenticationScheme);
            string resources = audience.Resources;

            if (!request.IsRefreshTokenGrantType())
            {
                foreach (var claim in principal.Claims)
                {
                    switch (claim.Type)
                    {
                    case Claims.Email:
                        if (request.HasScope(OpenIdConnectConstants.Scopes.Email))
                        {
                            claim.SetDestinations(Destinations.IdentityToken);
                        }
                        break;

                    case Claims.PhoneNumber:
                        if (request.HasScope(OpenIdConnectConstants.Scopes.Phone))
                        {
                            claim.SetDestinations(Destinations.IdentityToken);
                        }
                        break;

                    case Claims.Picture:
                        if (request.HasScope(OpenIdConnectConstants.Scopes.Profile))
                        {
                            claim.SetDestinations(Destinations.IdentityToken);
                        }
                        break;

                    case Claims.Region:
                        break;

                    default:
                        claim.SetDestinations(Destinations.AccessToken,
                                              Destinations.IdentityToken);
                        break;
                    }
                }

                ticket.SetScopes(new[]
                {
                    Scopes.OpenId,
                    Scopes.Email,
                    Scopes.Profile,
                    Scopes.OfflineAccess,
                    OpenIddictConstants.Scopes.Roles
                }.Intersect(request.GetScopes()));
            }
            ticket.SetResources(resources.Split(','));
            return(ticket);
        }