IdentityServerProxy_GetResourceOwnerTokenAsync_Valid_User_Custom_IdentityServerBuilderOptions_Token_Endpoint_Disabled_Fails() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .UseResourceOwnerPasswordValidator(typeof(SimpleResourceOwnerPasswordValidator)) .UseIdentityServerOptionsBuilder(options => options.Endpoints.EnableTokenEndpoint = false) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), "api1", "offline_access"); Assert.NotNull(tokenResponse); Assert.True(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); }
public async Task IdentityServerProxy_GetClientCredentialsAsync_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1" }, AllowedGrantTypes = new[] { GrantType.ClientCredentials }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200 }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var tokenResponse = await identityServerProxy.GetClientAccessTokenAsync(clientConfiguration, "api1"); Assert.NotNull(tokenResponse); Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); Assert.NotNull(tokenResponse.AccessToken); Assert.Equal(7200, tokenResponse.ExpiresIn); Assert.Equal("Bearer", tokenResponse.TokenType); }
public async Task IdentityServerProxy_GetResourceOwnerTokenAsync_Invalid_User_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator()) .CreateWebHostBuider(); var identityServerClient = new IdentityServerProxy(webHostBuilder); var tokenResponse = await identityServerClient.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password1"), "api1", "offline_access"); Assert.NotNull(tokenResponse); Assert.True(tokenResponse.IsError); }
private void ConfigureIdentityServer() { var clientConfiguration = new ClientConfiguration("TestClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "jp_api.user", "jp_api.is4" }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200 }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource { Name = "jp_api", DisplayName = "JP API", Description = "OAuth2 Server Management Api", ApiSecrets = { new Secret("Q&tGrEQMypEk.XxPU:%bWDZMdpZeJiyMwpLv4F7d**w9x:7KuJ#fy,E8KPHpKz++".Sha256()) }, UserClaims = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.Email, "is4-rights", "username", "roles" }, Scopes = { new Scope() { Name = "jp_api.user", DisplayName = "User Management - Full access", Description = "Full access to User Management", Required = true }, new Scope() { Name = "jp_api.is4", DisplayName = "OAuth2 Server", Description = "Manage mode to IS4", Required = true } } }) .UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator()) .CreateWebHostBuider(); IdentityServerClient = new IdentityServerProxy(webHostBuilder); }
public void IdentityServerWebHostBuilder_UseResourceOwnerPasswordValidator_Typed_Resolveable() { var webHost = new IdentityServerHostBuilder() .UseResourceOwnerPasswordValidator(typeof(SimpleResourceOwnerPasswordValidator)) .CreateWebHostBuider() .Build(); webHost.Services.GetRequiredService <IResourceOwnerPasswordValidator>(); }
public void IdentityServerWebHostBuilder_UseProfileService_Typed_Resolveable() { var webHost = new IdentityServerHostBuilder() .UseProfileService(typeof(SimpleProfileService)) .CreateWebHostBuider() .Build(); webHost.Services.GetRequiredService <IProfileService>(); }
public async Task IdentityServerProxy_GetUserInfoAsync_Valid_Token_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess, IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .AddIdentityResources(new IdentityResources.OpenId(), new IdentityResources.Profile()) .UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator()) .UseProfileService(new SimpleProfileService()) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var scopes = new[] { "api1", "offline_access", "openid", "profile" }; var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), scopes); // We are breaking the pattern arrange / act / assert here but we need to make sure token requested successfully first Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); var userInfoResponse = await identityServerProxy .GetUserInfoAsync(tokenResponse.AccessToken); Assert.NotNull(userInfoResponse); Assert.False(userInfoResponse.IsError); Assert.NotNull(userInfoResponse.Claims); var subjectClaim = userInfoResponse.Claims.First(claim => claim.Type == JwtClaimTypes.Subject); Assert.NotNull(subjectClaim); Assert.Equal("user", subjectClaim.Value); }
public async Task IdentityServerProxy_GetRefreshTokenAsync_WithScope_In_Parameters_Valid_User_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator()) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); const string scopes = "api1 offline_access"; var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), new Dictionary <string, string> { { "Scope", scopes } }); // We are breaking the pattern arrange / act / assert here but we need to make sure token requested successfully first Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); var refreshTokenResponse = await identityServerProxy .GetRefreshTokenAsync(clientConfiguration, tokenResponse.RefreshToken, new Dictionary <string, string> { { "Scope", scopes } }); Assert.NotNull(refreshTokenResponse); Assert.False(refreshTokenResponse.IsError, refreshTokenResponse.Error ?? refreshTokenResponse.ErrorDescription); Assert.NotNull(refreshTokenResponse.AccessToken); Assert.NotNull(refreshTokenResponse.RefreshToken); Assert.Equal(7200, refreshTokenResponse.ExpiresIn); Assert.Equal("Bearer", refreshTokenResponse.TokenType); }
public void IdentityServerWebHostBuilder_UseResourceOwnerPasswordValidator_With_Dependencies_Resolveable() { InitializeSerilog(); var webHost = new IdentityServerHostBuilder() .UseLoggingBuilder((context, builder) => builder.AddSerilog()) .UseResourceOwnerPasswordValidator(typeof(ResourceOwnerValidatorWithDependencies)) .CreateWebHostBuider() .Build(); webHost.Services.GetRequiredService <IResourceOwnerPasswordValidator>(); }
public async Task IdentityServerProxy_GetTokenAsync_Extension_Grant_Valid_User_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess, IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile }, AllowedGrantTypes = new[] { "Custom" }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .AddIdentityResources(new IdentityResources.OpenId(), new IdentityResources.Profile()) .UseServices((context, collection) => collection.AddScoped <IExtensionGrantValidator, ExtensionsGrantValidator>()) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var scopes = new[] { "api1", "offline_access", "openid", "profile" }; var tokenResponse = await identityServerProxy.GetTokenAsync(clientConfiguration, "Custom", new Dictionary <string, string> { { "scope", string.Join(" ", scopes) }, { "username", "user" }, { "password", "password" }, }); Assert.NotNull(tokenResponse); Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); Assert.Equal(7200, tokenResponse.ExpiresIn); Assert.NotNull(tokenResponse.AccessToken); Assert.NotNull(tokenResponse.RefreshToken); }
public async Task IdentityServerProxy_GetResourceOwnerTokenAsync_Custom_WebHost_Succeeds() { var host = new IdentityServerHostBuilder() .UseWebHostBuilder(Program.CreateWebHostBuilder(new string[] { })) .CreateWebHostBuider(); var proxy = new IdentityServerProxy(host); var scopes = new[] { "api1", "offline_access", "openid", "profile" }; var tokenResponse = await proxy.GetResourceOwnerPasswordAccessTokenAsync( new ClientConfiguration(Clients.Id, Clients.Secret), new UserLoginConfiguration("user1", "password1"), scopes); Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); }
public void IdentityServerWebHostBuilder_UseConfigurationBuilder_HasSettings() { var webHost = new IdentityServerHostBuilder() .UseConfigurationBuilder((context, builder) => { context.HostingEnvironment.WebRootPath = AppContext.BaseDirectory; builder.AddJsonFile(Path.Combine(AppContext.BaseDirectory, "testappsettings.json"), false); }) .CreateWebHostBuider() .Build(); var configuration = webHost.Services.GetRequiredService <IConfiguration>(); var hostingEnvironment = webHost.Services.GetRequiredService <IWebHostEnvironment>(); Assert.Equal("PropValue", configuration["Prop"]); Assert.Equal(AppContext.BaseDirectory, hostingEnvironment.ContentRootPath); }
IdentityServerProxy_GetResourceOwnerTokenAsync_Valid_User_Custom_IdentityServerBuilder_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .UseResourceOwnerPasswordValidator(typeof(SimpleResourceOwnerPasswordValidator)) .UseIdentityServerBuilder(services => services .AddIdentityServer() .AddDefaultEndpoints() .AddDeveloperSigningCredential() ) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), "api1", "offline_access"); Assert.NotNull(tokenResponse); Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); Assert.NotNull(tokenResponse.AccessToken); Assert.NotNull(tokenResponse.RefreshToken); Assert.Equal(7200, tokenResponse.ExpiresIn); Assert.Equal("Bearer", tokenResponse.TokenType); }
public async Task IdentityServerProxy_GetDiscoverDocumentAsync_Succeeds() { var webHostBuilder = new IdentityServerHostBuilder() .AddClients(new Client { ClientId = "MyClient", ClientSecrets = new List <Secret> { new Secret("MySecret".Sha256()) } }) .AddApiResources(new ApiResource()) .CreateWebHostBuider(); var identityServerClient = new IdentityServerProxy(webHostBuilder); var discoveryResponse = await identityServerClient.GetDiscoverResponseAsync(); Assert.NotNull(discoveryResponse); Assert.False(discoveryResponse.IsError, discoveryResponse.Error); }
public async Task IdentityServerProxy_GetClientCredentialsAsync_Authorize_Api_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1" }, AllowedGrantTypes = new[] { GrantType.ClientCredentials }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200 }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var tokenResponse = await identityServerProxy.GetClientAccessTokenAsync(clientConfiguration, "api1"); var apiWebHostBuilder = WebHost.CreateDefaultBuilder() .ConfigureServices(services => services.AddSingleton(identityServerProxy.IdentityServer.CreateHandler())) .UseStartup <IdentityServer4.Api.Startup>(); var apiServer = new TestServer(apiWebHostBuilder); var apiClient = apiServer.CreateClient(); apiClient.SetBearerToken(tokenResponse.AccessToken); var apiResponse = await apiClient.GetAsync("api/auth"); Assert.True(apiResponse.IsSuccessStatusCode, "should have been authenticated!"); }
public async Task IdentityServerWebHostBuilder_UseLoggingBuilder_Serilog_Expect_Logger_And_Provider() { InitializeSerilog(); var webHost = new IdentityServerHostBuilder() .UseLoggingBuilder((context, builder) => builder.AddSerilog()) .CreateWebHostBuider() .UseContentRoot(AppContext.BaseDirectory) .Build(); var logger = webHost .Services .GetRequiredService <ILogger <IdentityServerWebHostBuilderTests> >(); var path = Path.Combine(AppContext.BaseDirectory, "Logs", $"{Assembly.GetExecutingAssembly().GetName().Name}-{DateTime.UtcNow:yyyyMMdd}.log"); logger.LogError($"Logging to path {path} works!"); await Task.Delay(100); Assert.True(File.Exists(path)); }