public async Task CreateTokenRequestAsyncFails_IfProvidedGrantIsNotValid()
{
// Arrange
var requestParameters = new Dictionary <string, string[]>
{
[OpenIdConnectParameterNames.ClientId] = new[] { "clientId" },
[OpenIdConnectParameterNames.GrantType] = new[] { "authorization_code" },
[OpenIdConnectParameterNames.Code] = new[] { "invalid" }
};
var tokenRequestFactory = new TokenRequestFactory(
GetClientIdValidator(isClientIdValid: true, areClientCredentialsValid: true),
Mock.Of <IRedirectUriResolver>(), Mock.Of <IScopeResolver>(),
Enumerable.Empty <ITokenRequestValidator>(),
GetTestTokenManager(),
Mock.Of <ITimeStampManager>(), new ProtocolErrorProvider());
var expectedError = ProtocolErrorProvider.InvalidGrant();
// Act
var tokenRequest = await tokenRequestFactory.CreateTokenRequestAsync(requestParameters);
// Assert
Assert.NotNull(tokenRequest);
Assert.False(tokenRequest.IsValid);
Assert.Equal(expectedError, tokenRequest.Error, IdentityServiceErrorComparer.Instance);
}
public async Task CreateTokenRequestAsyncFails_IfCodeVerifierDoesNotMatchChallenge()
{
// Arrange
var requestParameters = new Dictionary <string, string[]>
{
[OpenIdConnectParameterNames.GrantType] = new[] { "authorization_code" },
[OpenIdConnectParameterNames.Code] = new[] { "valid" },
[OpenIdConnectParameterNames.ClientId] = new[] { "clientId" },
[OpenIdConnectParameterNames.RedirectUri] = new[] { "https://www.example.com" },
[ProofOfKeyForCodeExchangeParameterNames.CodeVerifier] = new[] { "0123456789012345678901234567890123456789012" }
};
var tokenRequestFactory = new TokenRequestFactory(
GetClientIdValidator(isClientIdValid: true, areClientCredentialsValid: true),
GetRedirectUriValidator(isRedirectUriValid: true),
Mock.Of <IScopeResolver>(),
Enumerable.Empty <ITokenRequestValidator>(),
GetTestTokenManager(GetValidAuthorizationCode(new[] {
new Claim(IdentityServiceClaimTypes.CodeChallenge, "challenge"),
new Claim(IdentityServiceClaimTypes.CodeChallengeMethod, ProofOfKeyForCodeExchangeChallengeMethods.SHA256),
})),
new TimeStampManager(), new ProtocolErrorProvider());
var expectedError = ProtocolErrorProvider.InvalidCodeVerifier();
// Act
var tokenRequest = await tokenRequestFactory.CreateTokenRequestAsync(requestParameters);
// Assert
Assert.NotNull(tokenRequest);
Assert.False(tokenRequest.IsValid);
Assert.Equal(expectedError, tokenRequest.Error, IdentityServiceErrorComparer.Instance);
}
public async Task CreateTokenRequestSucceeds_IfCodeVerifier_MatchesChallenge()
{
// Arrange
var requestParameters = new Dictionary <string, string[]>
{
[OpenIdConnectParameterNames.GrantType] = new[] { "authorization_code" },
[OpenIdConnectParameterNames.Code] = new[] { "valid" },
[OpenIdConnectParameterNames.ClientId] = new[] { "clientId" },
[OpenIdConnectParameterNames.RedirectUri] = new[] { "https://www.example.com" },
[ProofOfKeyForCodeExchangeParameterNames.CodeVerifier] = new[] { "0123456789012345678901234567890123456789012" }
};
var tokenRequestFactory = new TokenRequestFactory(
GetClientIdValidator(isClientIdValid: true, areClientCredentialsValid: true),
GetRedirectUriValidator(isRedirectUriValid: true),
Mock.Of <IScopeResolver>(),
Enumerable.Empty <ITokenRequestValidator>(),
GetTestTokenManager(GetValidAuthorizationCode(new[] {
new Claim(IdentityServiceClaimTypes.CodeChallenge, "_RpfHqw8pAZIomzVUE7sjRmHSM543WVdC4o-Kc4_3C0"),
new Claim(IdentityServiceClaimTypes.CodeChallengeMethod, ProofOfKeyForCodeExchangeChallengeMethods.SHA256),
})),
new TimeStampManager(), new ProtocolErrorProvider());
// Act
var tokenRequest = await tokenRequestFactory.CreateTokenRequestAsync(requestParameters);
// Assert
Assert.NotNull(tokenRequest);
Assert.True(tokenRequest.IsValid);
}
public async Task CreateTokenRequestAsyncFails_IfClientIdIsMissing()
{
// Arrange
var requestParameters = new Dictionary <string, string[]>
{
};
var tokenRequestFactory = new TokenRequestFactory(
Mock.Of <IClientIdValidator>(),
Mock.Of <IRedirectUriResolver>(), Mock.Of <IScopeResolver>(),
Enumerable.Empty <ITokenRequestValidator>(),
GetTestTokenManager(GetValidAuthorizationCode()),
new TimeStampManager(), new ProtocolErrorProvider());
var expectedError = ProtocolErrorProvider.MissingRequiredParameter(OpenIdConnectParameterNames.ClientId);
// Act
var tokenRequest = await tokenRequestFactory.CreateTokenRequestAsync(requestParameters);
// Assert
Assert.NotNull(tokenRequest);
Assert.False(tokenRequest.IsValid);
Assert.Equal(expectedError, tokenRequest.Error, IdentityServiceErrorComparer.Instance);
}
