Ejemplo n.º 1
0
        public async Task OnGeneratingClaims_AddsAllScopesToAuthorizationCode()
        {
            // Arrange
            var applicationScopes = new List <ApplicationScope> {
                ApplicationScope.OpenId, new ApplicationScope("resourceId", "custom")
            };

            var context = new TokenGeneratingContext(
                new ClaimsPrincipal(),
                new ClaimsPrincipal(),
                new OpenIdConnectMessage()
            {
                RequestType = OpenIdConnectRequestType.Authentication
            },
                new RequestGrants()
            {
                Scopes = applicationScopes.ToList()
            });

            var claimsProvider = new ScopesTokenClaimsProvider();

            context.InitializeForToken(TokenTypes.AuthorizationCode);

            // Act
            await claimsProvider.OnGeneratingClaims(context);

            var claims = context.CurrentClaims;

            // Assert
            Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Scope) && c.Value.Equals("openid custom"));
            Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Resource) && c.Value.Equals("resourceId"));
        }
Ejemplo n.º 2
0
        public async Task OnGeneratingClaims_AddsCustomScopesFromRequest_ToAccessTokenOnAuthorization()
        {
            // Arrange
            var applicationScopes = new List <ApplicationScope> {
                ApplicationScope.OpenId, new ApplicationScope("resourceId", "custom")
            };
            var expectedResourceValue = applicationScopes.FirstOrDefault(s => s.ClientId != null)?.ClientId;

            var context = new TokenGeneratingContext(
                new ClaimsPrincipal(),
                new ClaimsPrincipal(),
                new OpenIdConnectMessage()
            {
                ClientId = "clientId"
            },
                new RequestGrants()
            {
                Scopes = applicationScopes.ToList()
            });

            var claimsProvider = new ScopesTokenClaimsProvider();

            context.InitializeForToken(TokenTypes.AccessToken);

            // Act
            await claimsProvider.OnGeneratingClaims(context);

            var claims = context.CurrentClaims;

            // Assert
            Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Scope) && c.Value.Equals("custom"));
            Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Audience) && c.Value.Equals("resourceId"));
            Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.AuthorizedParty) && c.Value.Equals("clientId"));
        }
Ejemplo n.º 3
0
        public async Task OnGeneratingClaims_AddsCustomScopesFromRequest_ToAccessTokenOnTokenRequest()
        {
            // Arrange
            var applicationScopes = new List <ApplicationScope> {
                ApplicationScope.OpenId,
                new ApplicationScope("resourceId", "custom"),
                new ApplicationScope("resourceId", "custom2")
            };

            var expectedResourceValue = applicationScopes.FirstOrDefault(s => s.ClientId != null)?.ClientId;

            var context = new TokenGeneratingContext(
                new ClaimsPrincipal(),
                new ClaimsPrincipal(),
                new OpenIdConnectMessage()
            {
                ClientId = "clientId"
            },
                new RequestGrants()
            {
                Scopes = applicationScopes.ToList(),
                // This is just to prove that we always pick the values for the scope related claims
                // from the set of granted scopes (for access tokens).
                Claims = new List <Claim>
                {
                    new Claim(IdentityServiceClaimTypes.Resource, "ridClaim"),
                    new Claim(IdentityServiceClaimTypes.Scope, "custom3")
                }
            });

            var claimsProvider = new ScopesTokenClaimsProvider();

            context.InitializeForToken(TokenTypes.AccessToken);

            // Act
            await claimsProvider.OnGeneratingClaims(context);

            var claims = context.CurrentClaims;

            // Assert
            Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Scope) && c.Value.Equals("custom custom2"));
            Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Audience) && c.Value.Equals("resourceId"));
            Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.AuthorizedParty) && c.Value.Equals("clientId"));
        }
Ejemplo n.º 4
0
        public async Task OnGeneratingClaims_AddsAllScopesFromGrantClaims_ToRefreshTokenOnTokenRequest()
        {
            // Arrange
            // This is just to prove that we always transfer the scope and resource claims from the grant
            // into the refresh token untouched.
            var applicationScopes = new List <ApplicationScope>
            {
                ApplicationScope.OpenId,
                new ApplicationScope("resourceId", "custom"),
                new ApplicationScope("resourceId", "custom2")
            };

            var expectedResourceValue = applicationScopes.FirstOrDefault(s => s.ClientId != null)?.ClientId;

            var context = new TokenGeneratingContext(
                new ClaimsPrincipal(),
                new ClaimsPrincipal(),
                new OpenIdConnectMessage()
            {
                ClientId = "clientId"
            },
                new RequestGrants()
            {
                Scopes = applicationScopes.ToList(),
                Claims = new List <Claim>
                {
                    new Claim(IdentityServiceClaimTypes.Resource, "ridClaim"),
                    new Claim(IdentityServiceClaimTypes.Scope, "openid custom3")
                }
            });

            var claimsProvider = new ScopesTokenClaimsProvider();

            context.InitializeForToken(TokenTypes.RefreshToken);

            // Act
            await claimsProvider.OnGeneratingClaims(context);

            var claims = context.CurrentClaims;

            // Assert
            Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Scope) && c.Value.Equals("openid custom3"));
            Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Resource) && c.Value.Equals("ridClaim"));
        }