public async Task When_ResourceSetId_Is_Null_Then_Error_Is_Returned()
{
var ticket = await _umaClient.RequestPermission(
"header",
requests : new PermissionRequest {
ResourceSetId = string.Empty
})
.ConfigureAwait(false) as Option <TicketResponse> .Error;
Assert.Equal(ErrorCodes.InvalidRequest, ticket.Details.Title);
Assert.Equal("The parameter resource_set_id needs to be specified", ticket.Details.Detail);
}
public async Task <IActionResult> Index(string id, CancellationToken cancellationToken)
{
var userIdentity = User.Identity as ClaimsIdentity;
if (userIdentity.TryGetUmaTickets(out var permissions) && permissions.Any(x => x.ResourceSetId == id))
{
return(Ok("Hello"));
}
var token = await HttpContext.GetTokenAsync("access_token").ConfigureAwait(false);
var request = new PermissionRequest {
ResourceSetId = id, Scopes = new[] { "api1" }
};
var ticket =
await _umaClient.RequestPermission(token, cancellationToken, request).ConfigureAwait(false) as
Option <TicketResponse> .Result;
Response.StatusCode = (int)HttpStatusCode.Unauthorized;
Response.Headers[HeaderNames.WWWAuthenticate] =
$"UMA as_uri=\"{_umaClient.Authority.AbsoluteUri}\", ticket=\"{ticket.Item.TicketId}\"";
return(StatusCode((int)HttpStatusCode.Unauthorized));
}
public async Task When_Using_TicketId_Grant_Type_Then_AccessToken_Is_Returned()
{
var handler = new JwtSecurityTokenHandler();
var set = new JsonWebKeySet();
set.Keys.Add(_server.SharedUmaCtx.SignatureKey);
var securityToken = new JwtSecurityToken(
"http://server.example.com",
"s6BhdRkqt3",
new[] { new Claim("sub", "248289761001") },
null,
DateTime.UtcNow.AddYears(1),
new SigningCredentials(set.GetSignKeys().First(), SecurityAlgorithms.HmacSha256));
var jwt = handler.WriteToken(securityToken);
var tc = new TokenClient(
TokenCredentials.FromClientCredentials("resource_server", "resource_server"),
_server.Client,
new Uri(BaseUrl + WellKnownUma2Configuration));
// Get PAT.
var result = await tc.GetToken(TokenRequest.FromScopes("uma_protection", "uma_authorization"))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
var resourceSet = new ResourceSet
{
Name = "name",
Scopes = new[] { "read", "write", "execute" },
AuthorizationPolicies = new[]
{
new PolicyRule
{
ClientIdsAllowed = new[] { "resource_server" },
Scopes = new[] { "read", "write", "execute" }
}
}
};
var resource =
await _umaClient.AddResource(resourceSet, result.Item.AccessToken).ConfigureAwait(false) as
Option <AddResourceSetResponse> .Result;
resourceSet = resourceSet with {
Id = resource.Item.Id
};
await _umaClient.UpdateResource(resourceSet, result.Item.AccessToken).ConfigureAwait(false);
var ticket = await _umaClient.RequestPermission(
"header",
requests : new PermissionRequest // Add permission & retrieve a ticket id.
{
ResourceSetId = resource.Item.Id, Scopes = new[] { "read" }
})
.ConfigureAwait(false) as Option <TicketResponse> .Result;
Assert.NotNull(ticket.Item);
var tokenClient = new TokenClient(
TokenCredentials.FromClientCredentials("resource_server", "resource_server"),
_server.Client,
new Uri(BaseUrl + WellKnownUma2Configuration));
var token = await tokenClient.GetToken(TokenRequest.FromTicketId(ticket.Item.TicketId, jwt))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
var jwtToken = handler.ReadJwtToken(token.Item.AccessToken);
Assert.NotNull(jwtToken.Claims);
}
