public void When_One_Request_Uri_Contains_A_Fragment_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); var parameter = new RegistrationParameter { RedirectUris = new List <string> { "http://localhost#localhost" } }; // ACT & ASSERTS var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter)); Assert.True(ex.Code == ErrorCodes.InvalidRedirectUri); Assert.True(ex.Message == string.Format(ErrorDescriptions.TheRedirectUrlCannotContainsFragment, "http://localhost#localhost")); }
public void When_Application_Type_Is_Web_And_Redirect_Uri_Is_Localhost_Then_Exception_Is_Raised() { // ARRANGE InitializeFakeObjects(); var parameter = new RegistrationParameter { RedirectUris = new List <string> { "http://localhost.fr" } }; // ACT & ASSERTS var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter)); Assert.True(ex.Code == ErrorCodes.InvalidRedirectUri); Assert.True(ex.Message == ErrorDescriptions.TheRedirectUriParameterIsNotValid); }
public void TestCreateUpdateAndDeleteRegistration() { RunTest((client) => { RegistrationParameter testParameter = new RegistrationParameter(TestRegistrationToken, TestLocation); var createdRegistration = client.Registrations.CreateOrUpdate(TestResourceGroupName, TestRegistrationName, testParameter); ValidateRegistration(createdRegistration); var updatedRegistration = client.Registrations.Update(TestResourceGroupName, TestRegistrationName, testParameter); AssertSame(createdRegistration, updatedRegistration); client.Registrations.Delete(TestResourceGroupName, TestRegistrationName); client.Registrations.Delete(TestResourceGroupName, TestRegistrationName); var expectedException = Assert.Throws <ErrorResponseException>(() => client.Registrations.Get(TestResourceGroupName, TestRegistrationName)); Assert.Equal("ResourceNotFound", expectedException.Body.Error.Code); }); }
public void When_One_Request_Uri_Is_Not_Valid_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); var parameter = new RegistrationParameter { RedirectUris = new List <string> { "invalid" } }; // ACT & ASSERTS var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter)); Assert.True(ex.Code == ErrorCodes.InvalidRedirectUri); Assert.True(ex.Message == string.Format(ErrorDescriptions.TheRedirectUrlIsNotValid, "invalid")); }
public void When_Application_Type_Is_Not_Defined_Then_Set_To_Web_Application() { // ARRANGE InitializeFakeObjects(); var parameter = new RegistrationParameter { RedirectUris = new List <string> { "https://google.fr" } }; // ACT _registrationParameterValidator.Validate(parameter); // ASSERT Assert.NotNull(parameter); Assert.True(parameter.ApplicationType == ApplicationTypes.web); }
public void When_InitiateLoginUri_Doesnt_Have_Https_Scheme_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); var parameter = new RegistrationParameter { RedirectUris = new List <string> { "https://google.fr" }, InitiateLoginUri = "http://localhost/identity" }; // ACT & ASSERTS var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter)); Assert.True(ex.Code == ErrorCodes.InvalidClientMetaData); Assert.True(ex.Message == string.Format(ErrorDescriptions.ParameterIsNotCorrect, SimpleIdServer.Dtos.Constants.ClientNames.InitiateLoginUri)); }
public async Task When_RegisterClient_Then_Operation_Is_Called() { // ARRANGE var parameter = new RegistrationParameter { RedirectUris = new List <string> { "https://localhost/callback" } }; InitializeFakeObjects(); // ACT await _clientActions.AddClient(parameter); // ASSERT _registerClientActionStub.Verify(g => g.Execute(parameter)); }
public void When_Request_Object_Encryption_Enc_Is_Specified_And_Request_Object_Encryption_Alg_Is_Not_Set_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); var parameter = new RegistrationParameter { RedirectUris = new List <string> { "https://google.fr" }, RequestObjectEncryptionEnc = Constants.JweEncNames.A128CBC_HS256 }; // ACT & ASSERTS var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter)); Assert.True(ex.Code == ErrorCodes.InvalidClientMetaData); Assert.True(ex.Message == ErrorDescriptions.TheParameterRequestObjectEncryptionAlgMustBeSpecified); }
public void When_SectorIdentifierUri_Is_Not_Valid_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); var parameter = new RegistrationParameter { RedirectUris = new List <string> { "https://google.fr" }, SectorIdentifierUri = "sector_identifier_uri" }; // ACT & ASSERTS var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter)); Assert.True(ex.Code == ErrorCodes.InvalidClientMetaData); Assert.True(ex.Message == string.Format(ErrorDescriptions.ParameterIsNotCorrect, SimpleIdServer.Dtos.Constants.ClientNames.SectorIdentifierUri)); }
public void When_ResponseType_Is_Not_Defined_Then_Set_To_Code() { // ARRANGE InitializeFakeObjects(); var parameter = new RegistrationParameter { RedirectUris = new List <string> { "https://google.fr" } }; // ACT _registrationParameterValidator.Validate(parameter); // ASSERT Assert.NotNull(parameter); Assert.True(parameter.ResponseTypes.Count == 1); Assert.True(parameter.ResponseTypes.Contains(ResponseType.code)); }
public void When_Set_Jwks_And_Jwks_Uri_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); var parameter = new RegistrationParameter { RedirectUris = new List <string> { "https://google.fr" }, JwksUri = "http://localhost/identity", Jwks = new JsonWebKeySet() }; // ACT & ASSERTS var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter)); Assert.True(ex.Code == ErrorCodes.InvalidClientMetaData); Assert.True(ex.Message == ErrorDescriptions.TheJwksParameterCannotBeSetBecauseJwksUrlIsUsed); }
public void When_GrantType_Is_Not_Defined_Then_Set_To_Authorization_Code() { // ARRANGE InitializeFakeObjects(); var parameter = new RegistrationParameter { RedirectUris = new List <string> { "https://google.fr" } }; // ACT _registrationParameterValidator.Validate(parameter); // ASSERT Assert.NotNull(parameter); Assert.True(parameter.GrantTypes.Count == 1); Assert.True(parameter.GrantTypes.Contains(Core.Common.Models.GrantType.authorization_code)); }
public void When_User_Info_Encrypted_Response_Enc_Is_Specified_And_User_Info_Encrypted_Alg_Is_Not_Correct_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); var parameter = new RegistrationParameter { RedirectUris = new List <string> { "https://google.fr" }, UserInfoEncryptedResponseEnc = Constants.JweEncNames.A128CBC_HS256, UserInfoEncryptedResponseAlg = "user_info_encrypted_response_alg_not_correct" }; // ACT & ASSERTS var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter)); Assert.True(ex.Code == ErrorCodes.InvalidClientMetaData); Assert.True(ex.Message == ErrorDescriptions.TheParameterUserInfoEncryptedResponseAlgMustBeSpecified); }
public void When_Passing_One_Not_Valid_Request_Uri_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); var parameter = new RegistrationParameter { RedirectUris = new List <string> { "https://google.fr" }, RequestUris = new List <string> { "not_valid_uri" } }; // ACT & ASSERTS var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter)); Assert.True(ex.Code == ErrorCodes.InvalidClientMetaData); Assert.True(ex.Message == ErrorDescriptions.OneOfTheRequestUriIsNotValid); }
public async Task <ClientRegistrationResponse> PostRegistration(RegistrationParameter registrationParameter) { if (registrationParameter == null) { throw new ArgumentNullException(nameof(registrationParameter)); } var processId = Guid.NewGuid().ToString(); try { _eventPublisher.Publish(new RegistrationReceived(Guid.NewGuid().ToString(), processId, _payloadSerializer.GetPayload(registrationParameter), 0)); var result = await _registerClientAction.Execute(registrationParameter); _eventPublisher.Publish(new RegistrationResultReceived(Guid.NewGuid().ToString(), processId, _payloadSerializer.GetPayload(result), 1)); return(result); } catch (IdentityServerException ex) { _eventPublisher.Publish(new OAuthErrorReceived(Guid.NewGuid().ToString(), processId, ex.Code, ex.Message, 1)); throw; } }
public Models.Client Execute(RegistrationParameter registrationParameter) { if (registrationParameter == null) { throw new ArgumentNullException(nameof(registrationParameter)); } // Validate the parameters _registrationParameterValidator.Validate(registrationParameter); // Generate the client var client = new Models.Client { RedirectionUrls = registrationParameter.RedirectUris, Contacts = registrationParameter.Contacts, // TODO : should support different languages for the client_name ClientName = registrationParameter.ClientName, ClientUri = registrationParameter.ClientUri, PolicyUri = registrationParameter.PolicyUri, TosUri = registrationParameter.TosUri, JwksUri = registrationParameter.JwksUri, SectorIdentifierUri = registrationParameter.SectorIdentifierUri, // TODO : should support both subject types SubjectType = Constants.SubjectTypeNames.Public, DefaultMaxAge = registrationParameter.DefaultMaxAge, DefaultAcrValues = registrationParameter.DefaultAcrValues, RequireAuthTime = registrationParameter.RequireAuthTime, InitiateLoginUri = registrationParameter.InitiateLoginUri, RequestUris = registrationParameter.RequestUris, LogoUri = registrationParameter.LogoUri, ScimProfile = registrationParameter.ScimProfile }; // If omitted then the default value is authorization code response type if (registrationParameter.ResponseTypes == null || !registrationParameter.ResponseTypes.Any()) { client.ResponseTypes = new List <ResponseType> { ResponseType.code }; } else { client.ResponseTypes = registrationParameter.ResponseTypes; } // If omitted then the default value is authorization code grant type if (registrationParameter.GrantTypes == null || !registrationParameter.GrantTypes.Any()) { client.GrantTypes = new List <GrantType> { GrantType.authorization_code }; } else { client.GrantTypes = registrationParameter.GrantTypes; } client.ApplicationType = registrationParameter.ApplicationType == null ? ApplicationTypes.web : registrationParameter.ApplicationType.Value; if (registrationParameter.Jwks != null) { var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(registrationParameter.Jwks); if (jsonWebKeys != null && jsonWebKeys.Any()) { client.JsonWebKeys = jsonWebKeys.ToList(); } } if (!string.IsNullOrWhiteSpace(registrationParameter.IdTokenSignedResponseAlg) && Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.IdTokenSignedResponseAlg)) { client.IdTokenSignedResponseAlg = registrationParameter.IdTokenSignedResponseAlg; } else { client.IdTokenSignedResponseAlg = Jwt.Constants.JwsAlgNames.RS256; } if (!string.IsNullOrWhiteSpace(registrationParameter.IdTokenEncryptedResponseAlg) && Constants.Supported.SupportedJweAlgs.Contains(registrationParameter.IdTokenEncryptedResponseAlg)) { client.IdTokenEncryptedResponseAlg = registrationParameter.IdTokenEncryptedResponseAlg; } else { client.IdTokenEncryptedResponseAlg = string.Empty; } if (!string.IsNullOrWhiteSpace(client.IdTokenEncryptedResponseAlg)) { if (!string.IsNullOrWhiteSpace(registrationParameter.IdTokenEncryptedResponseEnc) && Constants.Supported.SupportedJweEncs.Contains(registrationParameter.IdTokenEncryptedResponseEnc)) { client.IdTokenEncryptedResponseEnc = registrationParameter.IdTokenEncryptedResponseEnc; } else { client.IdTokenEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256; } } if (!string.IsNullOrWhiteSpace(registrationParameter.UserInfoSignedResponseAlg) && Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.UserInfoSignedResponseAlg)) { client.UserInfoSignedResponseAlg = registrationParameter.UserInfoSignedResponseAlg; } else { client.UserInfoSignedResponseAlg = Jwt.Constants.JwsAlgNames.NONE; } if (!string.IsNullOrWhiteSpace(registrationParameter.UserInfoEncryptedResponseAlg) && Constants.Supported.SupportedJweAlgs.Contains(registrationParameter.UserInfoEncryptedResponseAlg)) { client.UserInfoEncryptedResponseAlg = registrationParameter.UserInfoEncryptedResponseAlg; } else { client.UserInfoEncryptedResponseAlg = string.Empty; } if (!string.IsNullOrWhiteSpace(client.UserInfoEncryptedResponseAlg)) { if (!string.IsNullOrWhiteSpace(registrationParameter.UserInfoEncryptedResponseEnc) && Constants.Supported.SupportedJweEncs.Contains(registrationParameter.UserInfoEncryptedResponseEnc)) { client.UserInfoEncryptedResponseEnc = registrationParameter.UserInfoEncryptedResponseEnc; } else { client.UserInfoEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256; } } if (!string.IsNullOrWhiteSpace(registrationParameter.RequestObjectSigningAlg) && Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.RequestObjectSigningAlg)) { client.RequestObjectSigningAlg = registrationParameter.RequestObjectSigningAlg; } else { client.RequestObjectSigningAlg = string.Empty; } if (!string.IsNullOrWhiteSpace(registrationParameter.RequestObjectEncryptionAlg) && Constants.Supported.SupportedJweAlgs.Contains(registrationParameter.RequestObjectEncryptionAlg)) { client.RequestObjectEncryptionAlg = registrationParameter.RequestObjectEncryptionAlg; } else { client.RequestObjectEncryptionAlg = string.Empty; } if (!string.IsNullOrWhiteSpace(client.RequestObjectEncryptionAlg)) { if (!string.IsNullOrWhiteSpace(registrationParameter.RequestObjectEncryptionEnc) && Constants.Supported.SupportedJweEncs.Contains(registrationParameter.RequestObjectEncryptionEnc)) { client.RequestObjectEncryptionEnc = registrationParameter.RequestObjectEncryptionEnc; } else { client.RequestObjectEncryptionEnc = Jwt.Constants.JweEncNames.A128CBC_HS256; } } TokenEndPointAuthenticationMethods tokenEndPointAuthenticationMethod; if (string.IsNullOrWhiteSpace(registrationParameter.TokenEndPointAuthMethod) || !Enum.TryParse(registrationParameter.TokenEndPointAuthMethod, out tokenEndPointAuthenticationMethod)) { tokenEndPointAuthenticationMethod = TokenEndPointAuthenticationMethods.client_secret_basic; } client.TokenEndPointAuthMethod = tokenEndPointAuthenticationMethod; if (!string.IsNullOrWhiteSpace(registrationParameter.TokenEndPointAuthSigningAlg) && Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.TokenEndPointAuthSigningAlg)) { client.TokenEndPointAuthSigningAlg = registrationParameter.TokenEndPointAuthSigningAlg; } else { client.TokenEndPointAuthSigningAlg = string.Empty; } return(client); }
public async Task <ClientRegistrationResponse> Execute(RegistrationParameter registrationParameter) { if (registrationParameter == null) { throw new ArgumentNullException(nameof(registrationParameter)); } _simpleIdentityServerEventSource.StartRegistration(registrationParameter.ClientName); var client = _generateClientFromRegistrationRequest.Execute(registrationParameter); client.AllowedScopes = new List <Scope> { Constants.StandardScopes.OpenId, Constants.StandardScopes.ProfileScope, Constants.StandardScopes.Address, Constants.StandardScopes.Email, Constants.StandardScopes.Phone }; var clientId = Guid.NewGuid().ToString(); if (string.IsNullOrWhiteSpace(client.ClientName)) { client.ClientName = "Unknown " + clientId; } var result = new ClientRegistrationResponse { ClientId = clientId, ClientSecretExpiresAt = 0, ClientIdIssuedAt = DateTime.UtcNow.ConvertToUnixTimestamp().ToString(CultureInfo.InvariantCulture), ApplicationType = Enum.GetName(typeof(ApplicationTypes), client.ApplicationType), ClientUri = GetDefaultValue(client.ClientUri), ClientName = GetDefaultValue(client.ClientName), Contacts = GetDefaultValues(client.Contacts).ToArray(), DefaultAcrValues = GetDefaultValue(client.DefaultAcrValues), GrantTypes = client.GrantTypes == null ? new string[0] : client.GrantTypes.Select(g => Enum.GetName(typeof(GrantType), g)).ToArray(), DefaultMaxAge = client.DefaultMaxAge, IdTokenEncryptedResponseAlg = GetDefaultValue(client.IdTokenEncryptedResponseAlg), IdTokenEncryptedResponseEnc = GetDefaultValue(client.IdTokenEncryptedResponseEnc), JwksUri = GetDefaultValue(client.JwksUri), RequestObjectEncryptionAlg = GetDefaultValue(client.RequestObjectEncryptionAlg), RequestObjectEncryptionEnc = GetDefaultValue(client.RequestObjectEncryptionEnc), IdTokenSignedResponseAlg = GetDefaultValue(client.IdTokenSignedResponseAlg), LogoUri = GetDefaultValue(client.LogoUri), Jwks = registrationParameter.Jwks, RequireAuthTime = client.RequireAuthTime, InitiateLoginUri = GetDefaultValue(client.InitiateLoginUri), PolicyUri = GetDefaultValue(client.PolicyUri), RequestObjectSigningAlg = GetDefaultValue(client.RequestObjectSigningAlg), UserInfoEncryptedResponseAlg = GetDefaultValue(client.UserInfoEncryptedResponseAlg), UserInfoEncryptedResponseEnc = GetDefaultValue(client.UserInfoEncryptedResponseEnc), UserInfoSignedResponseAlg = GetDefaultValue(client.UserInfoSignedResponseAlg), TosUri = GetDefaultValue(client.TosUri), SectorIdentifierUri = GetDefaultValue(client.SectorIdentifierUri), SubjectType = GetDefaultValue(client.SubjectType), ResponseTypes = client.ResponseTypes == null ? new string[0] : client.ResponseTypes.Select(r => Enum.GetName(typeof(ResponseType), r)).ToArray(), RequestUris = GetDefaultValues(client.RequestUris).ToList(), RedirectUris = GetDefaultValues(client.RedirectionUrls).ToArray(), TokenEndpointAuthSigningAlg = GetDefaultValue(client.TokenEndPointAuthSigningAlg), TokenEndpointAuthMethod = Enum.GetName(typeof(TokenEndPointAuthenticationMethods), client.TokenEndPointAuthMethod), ScimProfile = client.ScimProfile }; if (client.TokenEndPointAuthMethod != TokenEndPointAuthenticationMethods.private_key_jwt) { result.ClientSecret = Guid.NewGuid().ToString(); client.Secrets = new List <ClientSecret> { new ClientSecret { Type = ClientSecretTypes.SharedSecret, Value = _encryptedPasswordFactory.Encrypt(result.ClientSecret) } }; } client.ClientId = result.ClientId; await _clientRepository.InsertAsync(client); _simpleIdentityServerEventSource.EndRegistration(result.ClientId, client.ClientName); return(result); }
/// <summary> /// Patch an Azure Stack registration. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroup'> /// Name of the resource group. /// </param> /// <param name='registrationName'> /// Name of the Azure Stack registration. /// </param> /// <param name='token'> /// Registration token /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public static async Task <Registration> UpdateAsync(this IRegistrationsOperations operations, string resourceGroup, string registrationName, RegistrationParameter token, CancellationToken cancellationToken = default(CancellationToken)) { using (var _result = await operations.UpdateWithHttpMessagesAsync(resourceGroup, registrationName, token, null, cancellationToken).ConfigureAwait(false)) { return(_result.Body); } }
/// <summary> /// Patch an Azure Stack registration. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroup'> /// Name of the resource group. /// </param> /// <param name='registrationName'> /// Name of the Azure Stack registration. /// </param> /// <param name='token'> /// Registration token /// </param> public static Registration Update(this IRegistrationsOperations operations, string resourceGroup, string registrationName, RegistrationParameter token) { return(operations.UpdateAsync(resourceGroup, registrationName, token).GetAwaiter().GetResult()); }
public void Validate(RegistrationParameter parameter) { if (parameter == null) { throw new ArgumentNullException(nameof(parameter)); } // Validate the redirection uris if (parameter.RedirectUris == null || !parameter.RedirectUris.Any()) { throw new IdentityServerException(ErrorCodes.InvalidRedirectUri, string.Format(ErrorDescriptions.MissingParameter, Dtos.Constants.ClientNames.RequestUris)); } // If the response type is not defined then set to code if (parameter.ResponseTypes == null || !parameter.ResponseTypes.Any()) { parameter.ResponseTypes = new List <ResponseType> { ResponseType.code }; } // If the grant type is not defined then set to authorization_code if (parameter.GrantTypes == null || !parameter.GrantTypes.Any()) { parameter.GrantTypes = new List <GrantType> { GrantType.authorization_code }; } // If the application type is not defined then set to web if (parameter.ApplicationType == null) { parameter.ApplicationType = ApplicationTypes.web; } // Check the parameters when the application type is web if (parameter.ApplicationType == ApplicationTypes.web) { foreach (var redirectUri in parameter.RedirectUris) { if (!CheckUriIsWellFormed(redirectUri)) { throw new IdentityServerException(ErrorCodes.InvalidRedirectUri, string.Format(ErrorDescriptions.TheRedirectUrlIsNotValid, redirectUri)); } var uri = new Uri(redirectUri); if (!string.IsNullOrWhiteSpace(uri.Fragment)) { throw new IdentityServerException(ErrorCodes.InvalidRedirectUri, string.Format(ErrorDescriptions.TheRedirectUrlCannotContainsFragment, redirectUri)); } } } else { foreach (var redirectUri in parameter.RedirectUris) { if (!CheckUriIsWellFormed(redirectUri)) { throw new IdentityServerException(ErrorCodes.InvalidRedirectUri, string.Format(ErrorDescriptions.TheRedirectUrlIsNotValid, redirectUri)); } } } ValidateNotMandatoryUri(parameter.LogoUri, Dtos.Constants.ClientNames.LogoUri); ValidateNotMandatoryUri(parameter.ClientUri, Dtos.Constants.ClientNames.ClientUri); ValidateNotMandatoryUri(parameter.TosUri, Dtos.Constants.ClientNames.TosUri); ValidateNotMandatoryUri(parameter.JwksUri, Dtos.Constants.ClientNames.JwksUri); if (parameter.Jwks != null) { if (!string.IsNullOrWhiteSpace(parameter.JwksUri)) { throw new IdentityServerException( ErrorCodes.InvalidClientMetaData, ErrorDescriptions.TheJwksParameterCannotBeSetBecauseJwksUrlIsUsed); } } ValidateNotMandatoryUri(parameter.SectorIdentifierUri, Dtos.Constants.ClientNames.SectorIdentifierUri, true); // Based on the RFC : http://openid.net/specs/openid-connect-registration-1_0.html#SectorIdentifierValidation validate the sector_identifier_uri if (!string.IsNullOrWhiteSpace(parameter.SectorIdentifierUri)) { var sectorIdentifierUris = GetSectorIdentifierUris(parameter.SectorIdentifierUri); foreach (var sectorIdentifierUri in sectorIdentifierUris) { if (!parameter.RedirectUris.Contains(sectorIdentifierUri)) { throw new IdentityServerException( ErrorCodes.InvalidClientMetaData, ErrorDescriptions.OneOrMoreSectorIdentifierUriIsNotARedirectUri); } } } if (!string.IsNullOrWhiteSpace(parameter.IdTokenEncryptedResponseEnc) && Jwt.Constants.MappingNameToJweEncEnum.Keys.Contains(parameter.IdTokenEncryptedResponseEnc)) { if (string.IsNullOrWhiteSpace(parameter.IdTokenEncryptedResponseAlg) || !Jwt.Constants.MappingNameToJweAlgEnum.ContainsKey(parameter.IdTokenEncryptedResponseAlg)) { throw new IdentityServerException( ErrorCodes.InvalidClientMetaData, ErrorDescriptions.TheParameterIsTokenEncryptedResponseAlgMustBeSpecified); } } if (!string.IsNullOrWhiteSpace(parameter.UserInfoEncryptedResponseEnc) && Jwt.Constants.MappingNameToJweEncEnum.Keys.Contains(parameter.UserInfoEncryptedResponseEnc)) { if (string.IsNullOrWhiteSpace(parameter.UserInfoEncryptedResponseAlg) || !Jwt.Constants.MappingNameToJweAlgEnum.ContainsKey(parameter.UserInfoEncryptedResponseAlg)) { throw new IdentityServerException( ErrorCodes.InvalidClientMetaData, ErrorDescriptions.TheParameterUserInfoEncryptedResponseAlgMustBeSpecified); } } if (!string.IsNullOrWhiteSpace(parameter.RequestObjectEncryptionEnc) && Jwt.Constants.MappingNameToJweEncEnum.Keys.Contains(parameter.RequestObjectEncryptionEnc)) { if (string.IsNullOrWhiteSpace(parameter.RequestObjectEncryptionAlg) || !Jwt.Constants.MappingNameToJweAlgEnum.ContainsKey(parameter.RequestObjectEncryptionAlg)) { throw new IdentityServerException( ErrorCodes.InvalidClientMetaData, ErrorDescriptions.TheParameterRequestObjectEncryptionAlgMustBeSpecified); } } ValidateNotMandatoryUri(parameter.InitiateLoginUri, Dtos.Constants.ClientNames.InitiateLoginUri, true); if (parameter.RequestUris != null && parameter.RequestUris.Any()) { foreach (var requestUri in parameter.RequestUris) { if (!CheckUriIsWellFormed(requestUri)) { throw new IdentityServerException( ErrorCodes.InvalidClientMetaData, ErrorDescriptions.OneOfTheRequestUriIsNotValid); } } } }
public void When_Passing_Registration_Parameter_With_Specific_Values_Then_Client_Is_Returned() { // ARRANGE InitializeFakeObjects(); const string clientName = "client_name"; const string clientUri = "client_uri"; const string policyUri = "policy_uri"; const string tosUri = "tos_uri"; const string jwksUri = "jwks_uri"; const string kid = "kid"; const string sectorIdentifierUri = "sector_identifier_uri"; const double defaultMaxAge = 3; const string defaultAcrValues = "default_acr_values"; const bool requireAuthTime = false; const string initiateLoginUri = "initiate_login_uri"; const string requestUri = "request_uri"; var registrationParameter = new RegistrationParameter { ClientName = clientName, ResponseTypes = new List <ResponseType> { ResponseType.token }, GrantTypes = new List <GrantType> { GrantType.@implicit }, ApplicationType = ApplicationTypes.native, ClientUri = clientUri, PolicyUri = policyUri, TosUri = tosUri, JwksUri = jwksUri, Jwks = new JsonWebKeySet(), SectorIdentifierUri = sectorIdentifierUri, IdTokenSignedResponseAlg = Jwt.Constants.JwsAlgNames.RS256, IdTokenEncryptedResponseAlg = Jwt.Constants.JweAlgNames.RSA1_5, IdTokenEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256, UserInfoSignedResponseAlg = Jwt.Constants.JwsAlgNames.RS256, UserInfoEncryptedResponseAlg = Jwt.Constants.JweAlgNames.RSA1_5, UserInfoEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256, RequestObjectSigningAlg = Jwt.Constants.JwsAlgNames.RS256, RequestObjectEncryptionAlg = Jwt.Constants.JweAlgNames.RSA1_5, RequestObjectEncryptionEnc = Jwt.Constants.JweEncNames.A128CBC_HS256, TokenEndPointAuthMethod = "client_secret_post", TokenEndPointAuthSigningAlg = Jwt.Constants.JwsAlgNames.RS256, DefaultMaxAge = defaultMaxAge, DefaultAcrValues = defaultAcrValues, RequireAuthTime = requireAuthTime, InitiateLoginUri = initiateLoginUri, RequestUris = new List <string> { requestUri } }; var jsonWebKeys = new List <JsonWebKey> { new JsonWebKey { Kid = kid } }; _jsonWebKeyConverterFake.Setup(j => j.ExtractSerializedKeys(It.IsAny <JsonWebKeySet>())) .Returns(jsonWebKeys); // ACT var client = _generateClientFromRegistrationRequest.Execute(registrationParameter); // ASSERT _registrationParameterValidatorFake.Verify(r => r.Validate(registrationParameter)); Assert.True(client.ResponseTypes.Contains(ResponseType.token)); Assert.True(client.GrantTypes.Contains(GrantType.@implicit)); Assert.True(client.ApplicationType == ApplicationTypes.native); Assert.True(client.ClientName == clientName); Assert.True(client.ClientUri == clientUri); Assert.True(client.PolicyUri == policyUri); Assert.True(client.TosUri == tosUri); Assert.True(client.JwksUri == jwksUri); Assert.NotNull(client.JsonWebKeys); Assert.True(client.JsonWebKeys.First().Kid == kid); Assert.True(client.IdTokenSignedResponseAlg == Jwt.Constants.JwsAlgNames.RS256); Assert.True(client.IdTokenEncryptedResponseAlg == Jwt.Constants.JweAlgNames.RSA1_5); Assert.True(client.IdTokenEncryptedResponseEnc == Jwt.Constants.JweEncNames.A128CBC_HS256); Assert.True(client.UserInfoSignedResponseAlg == Jwt.Constants.JwsAlgNames.RS256); Assert.True(client.UserInfoEncryptedResponseAlg == Jwt.Constants.JweAlgNames.RSA1_5); Assert.True(client.UserInfoEncryptedResponseEnc == Jwt.Constants.JweEncNames.A128CBC_HS256); Assert.True(client.RequestObjectSigningAlg == Jwt.Constants.JwsAlgNames.RS256); Assert.True(client.RequestObjectEncryptionAlg == Jwt.Constants.JweAlgNames.RSA1_5); Assert.True(client.RequestObjectEncryptionEnc == Jwt.Constants.JweEncNames.A128CBC_HS256); Assert.True(client.TokenEndPointAuthMethod == TokenEndPointAuthenticationMethods.client_secret_post); Assert.True(client.TokenEndPointAuthSigningAlg == Jwt.Constants.JwsAlgNames.RS256); Assert.True(client.DefaultMaxAge == defaultMaxAge); Assert.True(client.DefaultAcrValues == defaultAcrValues); Assert.True(client.RequireAuthTime == requireAuthTime); Assert.True(client.InitiateLoginUri == initiateLoginUri); Assert.True(client.RequestUris.First() == requestUri); }
public async Task When_Passing_Registration_Parameter_With_Specific_Values_Then_Client_Is_Returned() { // ARRANGE InitializeFakeObjects(); const string clientName = "client_name"; const string clientUri = "client_uri"; const string policyUri = "policy_uri"; const string tosUri = "tos_uri"; const string jwksUri = "jwks_uri"; const string kid = "kid"; const string sectorIdentifierUri = "sector_identifier_uri"; const double defaultMaxAge = 3; const string defaultAcrValues = "default_acr_values"; const bool requireAuthTime = false; const string initiateLoginUri = "initiate_login_uri"; const string requestUri = "request_uri"; var registrationParameter = new RegistrationParameter { ClientName = clientName, ResponseTypes = new List <ResponseType> { ResponseType.token }, GrantTypes = new List <GrantType> { GrantType.@implicit }, ApplicationType = ApplicationTypes.native, ClientUri = clientUri, PolicyUri = policyUri, TosUri = tosUri, JwksUri = jwksUri, Jwks = new JsonWebKeySet(), SectorIdentifierUri = sectorIdentifierUri, IdTokenSignedResponseAlg = Constants.JwsAlgNames.RS256, IdTokenEncryptedResponseAlg = Constants.JweAlgNames.RSA1_5, IdTokenEncryptedResponseEnc = Constants.JweEncNames.A128CBC_HS256, UserInfoSignedResponseAlg = Constants.JwsAlgNames.RS256, UserInfoEncryptedResponseAlg = Constants.JweAlgNames.RSA1_5, UserInfoEncryptedResponseEnc = Constants.JweEncNames.A128CBC_HS256, RequestObjectSigningAlg = Constants.JwsAlgNames.RS256, RequestObjectEncryptionAlg = Constants.JweAlgNames.RSA1_5, RequestObjectEncryptionEnc = Constants.JweEncNames.A128CBC_HS256, TokenEndPointAuthMethod = "client_secret_post", TokenEndPointAuthSigningAlg = Constants.JwsAlgNames.RS256, DefaultMaxAge = defaultMaxAge, DefaultAcrValues = defaultAcrValues, RequireAuthTime = requireAuthTime, InitiateLoginUri = initiateLoginUri, RequestUris = new List <string> { requestUri } }; var jsonWebKeys = new List <JsonWebKey> { new JsonWebKey { Kid = kid } }; var client = new Client { ClientName = clientName, ResponseTypes = new List <ResponseType> { ResponseType.token }, GrantTypes = new List <GrantType> { GrantType.@implicit }, ApplicationType = ApplicationTypes.native, ClientUri = clientUri, PolicyUri = policyUri, TosUri = tosUri, JwksUri = jwksUri, JsonWebKeys = new List <JsonWebKey>(), SectorIdentifierUri = sectorIdentifierUri, IdTokenSignedResponseAlg = Constants.JwsAlgNames.RS256, IdTokenEncryptedResponseAlg = Constants.JweAlgNames.RSA1_5, IdTokenEncryptedResponseEnc = Constants.JweEncNames.A128CBC_HS256, UserInfoSignedResponseAlg = Constants.JwsAlgNames.RS256, UserInfoEncryptedResponseAlg = Constants.JweAlgNames.RSA1_5, UserInfoEncryptedResponseEnc = Constants.JweEncNames.A128CBC_HS256, RequestObjectSigningAlg = Constants.JwsAlgNames.RS256, RequestObjectEncryptionAlg = Constants.JweAlgNames.RSA1_5, RequestObjectEncryptionEnc = Constants.JweEncNames.A128CBC_HS256, TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.client_secret_basic, TokenEndPointAuthSigningAlg = Constants.JwsAlgNames.RS256, DefaultMaxAge = defaultMaxAge, DefaultAcrValues = defaultAcrValues, RequireAuthTime = requireAuthTime, InitiateLoginUri = initiateLoginUri, RequestUris = new List <string> { requestUri } }; _generateClientFromRegistrationRequest.Setup(g => g.Execute(It.IsAny <RegistrationParameter>())) .Returns(client); _clientRepositoryFake.Setup(c => c.InsertAsync(It.IsAny <Client>())) .Callback <Client>(c => client = c) .Returns(Task.FromResult(true)); _clientInfoServiceStub.Setup(c => c.GetClientId()).Returns(Task.FromResult(Guid.NewGuid().ToString())); _clientInfoServiceStub.Setup(c => c.GetClientSecret()).Returns(Task.FromResult(Guid.NewGuid().ToString())); // ACT var result = await _registerClientAction.Execute(registrationParameter); // ASSERT _oauthEventSource.Verify(s => s.StartRegistration(clientName)); _clientRepositoryFake.Verify(c => c.InsertAsync(It.IsAny <Client>())); _oauthEventSource.Verify(s => s.EndRegistration(It.IsAny <string>(), clientName)); Assert.NotEmpty(result.ClientSecret); }
public Task <ClientRegistrationResponse> AddClient(RegistrationParameter registrationParameter) { return(_registerClientAction.Execute(registrationParameter)); }