public void When_One_Request_Uri_Contains_A_Fragment_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new RegistrationParameter
{
RedirectUris = new List <string>
{
"http://localhost#localhost"
}
};
// ACT & ASSERTS
var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter));
Assert.True(ex.Code == ErrorCodes.InvalidRedirectUri);
Assert.True(ex.Message == string.Format(ErrorDescriptions.TheRedirectUrlCannotContainsFragment, "http://localhost#localhost"));
}
public void When_Application_Type_Is_Web_And_Redirect_Uri_Is_Localhost_Then_Exception_Is_Raised()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new RegistrationParameter
{
RedirectUris = new List <string>
{
"http://localhost.fr"
}
};
// ACT & ASSERTS
var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter));
Assert.True(ex.Code == ErrorCodes.InvalidRedirectUri);
Assert.True(ex.Message == ErrorDescriptions.TheRedirectUriParameterIsNotValid);
}
public void TestCreateUpdateAndDeleteRegistration()
{
RunTest((client) =>
{
RegistrationParameter testParameter = new RegistrationParameter(TestRegistrationToken, TestLocation);
var createdRegistration = client.Registrations.CreateOrUpdate(TestResourceGroupName, TestRegistrationName, testParameter);
ValidateRegistration(createdRegistration);
var updatedRegistration = client.Registrations.Update(TestResourceGroupName, TestRegistrationName, testParameter);
AssertSame(createdRegistration, updatedRegistration);
client.Registrations.Delete(TestResourceGroupName, TestRegistrationName);
client.Registrations.Delete(TestResourceGroupName, TestRegistrationName);
var expectedException = Assert.Throws <ErrorResponseException>(() => client.Registrations.Get(TestResourceGroupName, TestRegistrationName));
Assert.Equal("ResourceNotFound", expectedException.Body.Error.Code);
});
}
public void When_One_Request_Uri_Is_Not_Valid_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new RegistrationParameter
{
RedirectUris = new List <string>
{
"invalid"
}
};
// ACT & ASSERTS
var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter));
Assert.True(ex.Code == ErrorCodes.InvalidRedirectUri);
Assert.True(ex.Message == string.Format(ErrorDescriptions.TheRedirectUrlIsNotValid, "invalid"));
}
public void When_Application_Type_Is_Not_Defined_Then_Set_To_Web_Application()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new RegistrationParameter
{
RedirectUris = new List <string>
{
"https://google.fr"
}
};
// ACT
_registrationParameterValidator.Validate(parameter);
// ASSERT
Assert.NotNull(parameter);
Assert.True(parameter.ApplicationType == ApplicationTypes.web);
}
public void When_InitiateLoginUri_Doesnt_Have_Https_Scheme_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new RegistrationParameter
{
RedirectUris = new List <string>
{
"https://google.fr"
},
InitiateLoginUri = "http://localhost/identity"
};
// ACT & ASSERTS
var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter));
Assert.True(ex.Code == ErrorCodes.InvalidClientMetaData);
Assert.True(ex.Message == string.Format(ErrorDescriptions.ParameterIsNotCorrect, SimpleIdServer.Dtos.Constants.ClientNames.InitiateLoginUri));
}
public async Task When_RegisterClient_Then_Operation_Is_Called()
{
// ARRANGE
var parameter = new RegistrationParameter
{
RedirectUris = new List <string>
{
"https://localhost/callback"
}
};
InitializeFakeObjects();
// ACT
await _clientActions.AddClient(parameter);
// ASSERT
_registerClientActionStub.Verify(g => g.Execute(parameter));
}
public void When_Request_Object_Encryption_Enc_Is_Specified_And_Request_Object_Encryption_Alg_Is_Not_Set_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new RegistrationParameter
{
RedirectUris = new List <string>
{
"https://google.fr"
},
RequestObjectEncryptionEnc = Constants.JweEncNames.A128CBC_HS256
};
// ACT & ASSERTS
var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter));
Assert.True(ex.Code == ErrorCodes.InvalidClientMetaData);
Assert.True(ex.Message == ErrorDescriptions.TheParameterRequestObjectEncryptionAlgMustBeSpecified);
}
public void When_SectorIdentifierUri_Is_Not_Valid_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new RegistrationParameter
{
RedirectUris = new List <string>
{
"https://google.fr"
},
SectorIdentifierUri = "sector_identifier_uri"
};
// ACT & ASSERTS
var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter));
Assert.True(ex.Code == ErrorCodes.InvalidClientMetaData);
Assert.True(ex.Message == string.Format(ErrorDescriptions.ParameterIsNotCorrect, SimpleIdServer.Dtos.Constants.ClientNames.SectorIdentifierUri));
}
public void When_ResponseType_Is_Not_Defined_Then_Set_To_Code()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new RegistrationParameter
{
RedirectUris = new List <string>
{
"https://google.fr"
}
};
// ACT
_registrationParameterValidator.Validate(parameter);
// ASSERT
Assert.NotNull(parameter);
Assert.True(parameter.ResponseTypes.Count == 1);
Assert.True(parameter.ResponseTypes.Contains(ResponseType.code));
}
public void When_Set_Jwks_And_Jwks_Uri_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new RegistrationParameter
{
RedirectUris = new List <string>
{
"https://google.fr"
},
JwksUri = "http://localhost/identity",
Jwks = new JsonWebKeySet()
};
// ACT & ASSERTS
var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter));
Assert.True(ex.Code == ErrorCodes.InvalidClientMetaData);
Assert.True(ex.Message == ErrorDescriptions.TheJwksParameterCannotBeSetBecauseJwksUrlIsUsed);
}
public void When_GrantType_Is_Not_Defined_Then_Set_To_Authorization_Code()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new RegistrationParameter
{
RedirectUris = new List <string>
{
"https://google.fr"
}
};
// ACT
_registrationParameterValidator.Validate(parameter);
// ASSERT
Assert.NotNull(parameter);
Assert.True(parameter.GrantTypes.Count == 1);
Assert.True(parameter.GrantTypes.Contains(Core.Common.Models.GrantType.authorization_code));
}
public void When_User_Info_Encrypted_Response_Enc_Is_Specified_And_User_Info_Encrypted_Alg_Is_Not_Correct_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new RegistrationParameter
{
RedirectUris = new List <string>
{
"https://google.fr"
},
UserInfoEncryptedResponseEnc = Constants.JweEncNames.A128CBC_HS256,
UserInfoEncryptedResponseAlg = "user_info_encrypted_response_alg_not_correct"
};
// ACT & ASSERTS
var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter));
Assert.True(ex.Code == ErrorCodes.InvalidClientMetaData);
Assert.True(ex.Message == ErrorDescriptions.TheParameterUserInfoEncryptedResponseAlgMustBeSpecified);
}
public void When_Passing_One_Not_Valid_Request_Uri_Then_Exception_Is_Thrown()
{
// ARRANGE
InitializeFakeObjects();
var parameter = new RegistrationParameter
{
RedirectUris = new List <string>
{
"https://google.fr"
},
RequestUris = new List <string>
{
"not_valid_uri"
}
};
// ACT & ASSERTS
var ex = Assert.Throws <IdentityServerException>(() => _registrationParameterValidator.Validate(parameter));
Assert.True(ex.Code == ErrorCodes.InvalidClientMetaData);
Assert.True(ex.Message == ErrorDescriptions.OneOfTheRequestUriIsNotValid);
}
public async Task <ClientRegistrationResponse> PostRegistration(RegistrationParameter registrationParameter)
{
if (registrationParameter == null)
{
throw new ArgumentNullException(nameof(registrationParameter));
}
var processId = Guid.NewGuid().ToString();
try
{
_eventPublisher.Publish(new RegistrationReceived(Guid.NewGuid().ToString(), processId, _payloadSerializer.GetPayload(registrationParameter), 0));
var result = await _registerClientAction.Execute(registrationParameter);
_eventPublisher.Publish(new RegistrationResultReceived(Guid.NewGuid().ToString(), processId, _payloadSerializer.GetPayload(result), 1));
return(result);
}
catch (IdentityServerException ex)
{
_eventPublisher.Publish(new OAuthErrorReceived(Guid.NewGuid().ToString(), processId, ex.Code, ex.Message, 1));
throw;
}
}
public Models.Client Execute(RegistrationParameter registrationParameter)
{
if (registrationParameter == null)
{
throw new ArgumentNullException(nameof(registrationParameter));
}
// Validate the parameters
_registrationParameterValidator.Validate(registrationParameter);
// Generate the client
var client = new Models.Client
{
RedirectionUrls = registrationParameter.RedirectUris,
Contacts = registrationParameter.Contacts,
// TODO : should support different languages for the client_name
ClientName = registrationParameter.ClientName,
ClientUri = registrationParameter.ClientUri,
PolicyUri = registrationParameter.PolicyUri,
TosUri = registrationParameter.TosUri,
JwksUri = registrationParameter.JwksUri,
SectorIdentifierUri = registrationParameter.SectorIdentifierUri,
// TODO : should support both subject types
SubjectType = Constants.SubjectTypeNames.Public,
DefaultMaxAge = registrationParameter.DefaultMaxAge,
DefaultAcrValues = registrationParameter.DefaultAcrValues,
RequireAuthTime = registrationParameter.RequireAuthTime,
InitiateLoginUri = registrationParameter.InitiateLoginUri,
RequestUris = registrationParameter.RequestUris,
LogoUri = registrationParameter.LogoUri,
ScimProfile = registrationParameter.ScimProfile
};
// If omitted then the default value is authorization code response type
if (registrationParameter.ResponseTypes == null ||
!registrationParameter.ResponseTypes.Any())
{
client.ResponseTypes = new List <ResponseType>
{
ResponseType.code
};
}
else
{
client.ResponseTypes = registrationParameter.ResponseTypes;
}
// If omitted then the default value is authorization code grant type
if (registrationParameter.GrantTypes == null ||
!registrationParameter.GrantTypes.Any())
{
client.GrantTypes = new List <GrantType>
{
GrantType.authorization_code
};
}
else
{
client.GrantTypes = registrationParameter.GrantTypes;
}
client.ApplicationType = registrationParameter.ApplicationType == null ? ApplicationTypes.web
: registrationParameter.ApplicationType.Value;
if (registrationParameter.Jwks != null)
{
var jsonWebKeys = _jsonWebKeyConverter.ExtractSerializedKeys(registrationParameter.Jwks);
if (jsonWebKeys != null &&
jsonWebKeys.Any())
{
client.JsonWebKeys = jsonWebKeys.ToList();
}
}
if (!string.IsNullOrWhiteSpace(registrationParameter.IdTokenSignedResponseAlg) &&
Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.IdTokenSignedResponseAlg))
{
client.IdTokenSignedResponseAlg = registrationParameter.IdTokenSignedResponseAlg;
}
else
{
client.IdTokenSignedResponseAlg = Jwt.Constants.JwsAlgNames.RS256;
}
if (!string.IsNullOrWhiteSpace(registrationParameter.IdTokenEncryptedResponseAlg) &&
Constants.Supported.SupportedJweAlgs.Contains(registrationParameter.IdTokenEncryptedResponseAlg))
{
client.IdTokenEncryptedResponseAlg = registrationParameter.IdTokenEncryptedResponseAlg;
}
else
{
client.IdTokenEncryptedResponseAlg = string.Empty;
}
if (!string.IsNullOrWhiteSpace(client.IdTokenEncryptedResponseAlg))
{
if (!string.IsNullOrWhiteSpace(registrationParameter.IdTokenEncryptedResponseEnc) &&
Constants.Supported.SupportedJweEncs.Contains(registrationParameter.IdTokenEncryptedResponseEnc))
{
client.IdTokenEncryptedResponseEnc = registrationParameter.IdTokenEncryptedResponseEnc;
}
else
{
client.IdTokenEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256;
}
}
if (!string.IsNullOrWhiteSpace(registrationParameter.UserInfoSignedResponseAlg) &&
Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.UserInfoSignedResponseAlg))
{
client.UserInfoSignedResponseAlg = registrationParameter.UserInfoSignedResponseAlg;
}
else
{
client.UserInfoSignedResponseAlg = Jwt.Constants.JwsAlgNames.NONE;
}
if (!string.IsNullOrWhiteSpace(registrationParameter.UserInfoEncryptedResponseAlg) &&
Constants.Supported.SupportedJweAlgs.Contains(registrationParameter.UserInfoEncryptedResponseAlg))
{
client.UserInfoEncryptedResponseAlg = registrationParameter.UserInfoEncryptedResponseAlg;
}
else
{
client.UserInfoEncryptedResponseAlg = string.Empty;
}
if (!string.IsNullOrWhiteSpace(client.UserInfoEncryptedResponseAlg))
{
if (!string.IsNullOrWhiteSpace(registrationParameter.UserInfoEncryptedResponseEnc) &&
Constants.Supported.SupportedJweEncs.Contains(registrationParameter.UserInfoEncryptedResponseEnc))
{
client.UserInfoEncryptedResponseEnc = registrationParameter.UserInfoEncryptedResponseEnc;
}
else
{
client.UserInfoEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256;
}
}
if (!string.IsNullOrWhiteSpace(registrationParameter.RequestObjectSigningAlg) &&
Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.RequestObjectSigningAlg))
{
client.RequestObjectSigningAlg = registrationParameter.RequestObjectSigningAlg;
}
else
{
client.RequestObjectSigningAlg = string.Empty;
}
if (!string.IsNullOrWhiteSpace(registrationParameter.RequestObjectEncryptionAlg) &&
Constants.Supported.SupportedJweAlgs.Contains(registrationParameter.RequestObjectEncryptionAlg))
{
client.RequestObjectEncryptionAlg = registrationParameter.RequestObjectEncryptionAlg;
}
else
{
client.RequestObjectEncryptionAlg = string.Empty;
}
if (!string.IsNullOrWhiteSpace(client.RequestObjectEncryptionAlg))
{
if (!string.IsNullOrWhiteSpace(registrationParameter.RequestObjectEncryptionEnc) &&
Constants.Supported.SupportedJweEncs.Contains(registrationParameter.RequestObjectEncryptionEnc))
{
client.RequestObjectEncryptionEnc = registrationParameter.RequestObjectEncryptionEnc;
}
else
{
client.RequestObjectEncryptionEnc = Jwt.Constants.JweEncNames.A128CBC_HS256;
}
}
TokenEndPointAuthenticationMethods tokenEndPointAuthenticationMethod;
if (string.IsNullOrWhiteSpace(registrationParameter.TokenEndPointAuthMethod) ||
!Enum.TryParse(registrationParameter.TokenEndPointAuthMethod, out tokenEndPointAuthenticationMethod))
{
tokenEndPointAuthenticationMethod = TokenEndPointAuthenticationMethods.client_secret_basic;
}
client.TokenEndPointAuthMethod = tokenEndPointAuthenticationMethod;
if (!string.IsNullOrWhiteSpace(registrationParameter.TokenEndPointAuthSigningAlg) &&
Constants.Supported.SupportedJwsAlgs.Contains(registrationParameter.TokenEndPointAuthSigningAlg))
{
client.TokenEndPointAuthSigningAlg = registrationParameter.TokenEndPointAuthSigningAlg;
}
else
{
client.TokenEndPointAuthSigningAlg = string.Empty;
}
return(client);
}
public async Task <ClientRegistrationResponse> Execute(RegistrationParameter registrationParameter)
{
if (registrationParameter == null)
{
throw new ArgumentNullException(nameof(registrationParameter));
}
_simpleIdentityServerEventSource.StartRegistration(registrationParameter.ClientName);
var client = _generateClientFromRegistrationRequest.Execute(registrationParameter);
client.AllowedScopes = new List <Scope>
{
Constants.StandardScopes.OpenId,
Constants.StandardScopes.ProfileScope,
Constants.StandardScopes.Address,
Constants.StandardScopes.Email,
Constants.StandardScopes.Phone
};
var clientId = Guid.NewGuid().ToString();
if (string.IsNullOrWhiteSpace(client.ClientName))
{
client.ClientName = "Unknown " + clientId;
}
var result = new ClientRegistrationResponse
{
ClientId = clientId,
ClientSecretExpiresAt = 0,
ClientIdIssuedAt = DateTime.UtcNow.ConvertToUnixTimestamp().ToString(CultureInfo.InvariantCulture),
ApplicationType = Enum.GetName(typeof(ApplicationTypes), client.ApplicationType),
ClientUri = GetDefaultValue(client.ClientUri),
ClientName = GetDefaultValue(client.ClientName),
Contacts = GetDefaultValues(client.Contacts).ToArray(),
DefaultAcrValues = GetDefaultValue(client.DefaultAcrValues),
GrantTypes = client.GrantTypes == null ?
new string[0] :
client.GrantTypes.Select(g => Enum.GetName(typeof(GrantType), g)).ToArray(),
DefaultMaxAge = client.DefaultMaxAge,
IdTokenEncryptedResponseAlg = GetDefaultValue(client.IdTokenEncryptedResponseAlg),
IdTokenEncryptedResponseEnc = GetDefaultValue(client.IdTokenEncryptedResponseEnc),
JwksUri = GetDefaultValue(client.JwksUri),
RequestObjectEncryptionAlg = GetDefaultValue(client.RequestObjectEncryptionAlg),
RequestObjectEncryptionEnc = GetDefaultValue(client.RequestObjectEncryptionEnc),
IdTokenSignedResponseAlg = GetDefaultValue(client.IdTokenSignedResponseAlg),
LogoUri = GetDefaultValue(client.LogoUri),
Jwks = registrationParameter.Jwks,
RequireAuthTime = client.RequireAuthTime,
InitiateLoginUri = GetDefaultValue(client.InitiateLoginUri),
PolicyUri = GetDefaultValue(client.PolicyUri),
RequestObjectSigningAlg = GetDefaultValue(client.RequestObjectSigningAlg),
UserInfoEncryptedResponseAlg = GetDefaultValue(client.UserInfoEncryptedResponseAlg),
UserInfoEncryptedResponseEnc = GetDefaultValue(client.UserInfoEncryptedResponseEnc),
UserInfoSignedResponseAlg = GetDefaultValue(client.UserInfoSignedResponseAlg),
TosUri = GetDefaultValue(client.TosUri),
SectorIdentifierUri = GetDefaultValue(client.SectorIdentifierUri),
SubjectType = GetDefaultValue(client.SubjectType),
ResponseTypes = client.ResponseTypes == null ? new string[0] :
client.ResponseTypes.Select(r => Enum.GetName(typeof(ResponseType), r)).ToArray(),
RequestUris = GetDefaultValues(client.RequestUris).ToList(),
RedirectUris = GetDefaultValues(client.RedirectionUrls).ToArray(),
TokenEndpointAuthSigningAlg = GetDefaultValue(client.TokenEndPointAuthSigningAlg),
TokenEndpointAuthMethod = Enum.GetName(typeof(TokenEndPointAuthenticationMethods), client.TokenEndPointAuthMethod),
ScimProfile = client.ScimProfile
};
if (client.TokenEndPointAuthMethod != TokenEndPointAuthenticationMethods.private_key_jwt)
{
result.ClientSecret = Guid.NewGuid().ToString();
client.Secrets = new List <ClientSecret>
{
new ClientSecret
{
Type = ClientSecretTypes.SharedSecret,
Value = _encryptedPasswordFactory.Encrypt(result.ClientSecret)
}
};
}
client.ClientId = result.ClientId;
await _clientRepository.InsertAsync(client);
_simpleIdentityServerEventSource.EndRegistration(result.ClientId,
client.ClientName);
return(result);
}
/// <summary>
/// Patch an Azure Stack registration.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroup'>
/// Name of the resource group.
/// </param>
/// <param name='registrationName'>
/// Name of the Azure Stack registration.
/// </param>
/// <param name='token'>
/// Registration token
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
public static async Task <Registration> UpdateAsync(this IRegistrationsOperations operations, string resourceGroup, string registrationName, RegistrationParameter token, CancellationToken cancellationToken = default(CancellationToken))
{
using (var _result = await operations.UpdateWithHttpMessagesAsync(resourceGroup, registrationName, token, null, cancellationToken).ConfigureAwait(false))
{
return(_result.Body);
}
}
/// <summary>
/// Patch an Azure Stack registration.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroup'>
/// Name of the resource group.
/// </param>
/// <param name='registrationName'>
/// Name of the Azure Stack registration.
/// </param>
/// <param name='token'>
/// Registration token
/// </param>
public static Registration Update(this IRegistrationsOperations operations, string resourceGroup, string registrationName, RegistrationParameter token)
{
return(operations.UpdateAsync(resourceGroup, registrationName, token).GetAwaiter().GetResult());
}
public void Validate(RegistrationParameter parameter)
{
if (parameter == null)
{
throw new ArgumentNullException(nameof(parameter));
}
// Validate the redirection uris
if (parameter.RedirectUris == null ||
!parameter.RedirectUris.Any())
{
throw new IdentityServerException(ErrorCodes.InvalidRedirectUri, string.Format(ErrorDescriptions.MissingParameter, Dtos.Constants.ClientNames.RequestUris));
}
// If the response type is not defined then set to code
if (parameter.ResponseTypes == null ||
!parameter.ResponseTypes.Any())
{
parameter.ResponseTypes = new List <ResponseType>
{
ResponseType.code
};
}
// If the grant type is not defined then set to authorization_code
if (parameter.GrantTypes == null ||
!parameter.GrantTypes.Any())
{
parameter.GrantTypes = new List <GrantType>
{
GrantType.authorization_code
};
}
// If the application type is not defined then set to web
if (parameter.ApplicationType == null)
{
parameter.ApplicationType = ApplicationTypes.web;
}
// Check the parameters when the application type is web
if (parameter.ApplicationType == ApplicationTypes.web)
{
foreach (var redirectUri in parameter.RedirectUris)
{
if (!CheckUriIsWellFormed(redirectUri))
{
throw new IdentityServerException(ErrorCodes.InvalidRedirectUri, string.Format(ErrorDescriptions.TheRedirectUrlIsNotValid, redirectUri));
}
var uri = new Uri(redirectUri);
if (!string.IsNullOrWhiteSpace(uri.Fragment))
{
throw new IdentityServerException(ErrorCodes.InvalidRedirectUri, string.Format(ErrorDescriptions.TheRedirectUrlCannotContainsFragment, redirectUri));
}
}
}
else
{
foreach (var redirectUri in parameter.RedirectUris)
{
if (!CheckUriIsWellFormed(redirectUri))
{
throw new IdentityServerException(ErrorCodes.InvalidRedirectUri, string.Format(ErrorDescriptions.TheRedirectUrlIsNotValid, redirectUri));
}
}
}
ValidateNotMandatoryUri(parameter.LogoUri, Dtos.Constants.ClientNames.LogoUri);
ValidateNotMandatoryUri(parameter.ClientUri, Dtos.Constants.ClientNames.ClientUri);
ValidateNotMandatoryUri(parameter.TosUri, Dtos.Constants.ClientNames.TosUri);
ValidateNotMandatoryUri(parameter.JwksUri, Dtos.Constants.ClientNames.JwksUri);
if (parameter.Jwks != null)
{
if (!string.IsNullOrWhiteSpace(parameter.JwksUri))
{
throw new IdentityServerException(
ErrorCodes.InvalidClientMetaData,
ErrorDescriptions.TheJwksParameterCannotBeSetBecauseJwksUrlIsUsed);
}
}
ValidateNotMandatoryUri(parameter.SectorIdentifierUri,
Dtos.Constants.ClientNames.SectorIdentifierUri, true);
// Based on the RFC : http://openid.net/specs/openid-connect-registration-1_0.html#SectorIdentifierValidation validate the sector_identifier_uri
if (!string.IsNullOrWhiteSpace(parameter.SectorIdentifierUri))
{
var sectorIdentifierUris = GetSectorIdentifierUris(parameter.SectorIdentifierUri);
foreach (var sectorIdentifierUri in sectorIdentifierUris)
{
if (!parameter.RedirectUris.Contains(sectorIdentifierUri))
{
throw new IdentityServerException(
ErrorCodes.InvalidClientMetaData,
ErrorDescriptions.OneOrMoreSectorIdentifierUriIsNotARedirectUri);
}
}
}
if (!string.IsNullOrWhiteSpace(parameter.IdTokenEncryptedResponseEnc) &&
Jwt.Constants.MappingNameToJweEncEnum.Keys.Contains(parameter.IdTokenEncryptedResponseEnc))
{
if (string.IsNullOrWhiteSpace(parameter.IdTokenEncryptedResponseAlg) ||
!Jwt.Constants.MappingNameToJweAlgEnum.ContainsKey(parameter.IdTokenEncryptedResponseAlg))
{
throw new IdentityServerException(
ErrorCodes.InvalidClientMetaData,
ErrorDescriptions.TheParameterIsTokenEncryptedResponseAlgMustBeSpecified);
}
}
if (!string.IsNullOrWhiteSpace(parameter.UserInfoEncryptedResponseEnc) &&
Jwt.Constants.MappingNameToJweEncEnum.Keys.Contains(parameter.UserInfoEncryptedResponseEnc))
{
if (string.IsNullOrWhiteSpace(parameter.UserInfoEncryptedResponseAlg) ||
!Jwt.Constants.MappingNameToJweAlgEnum.ContainsKey(parameter.UserInfoEncryptedResponseAlg))
{
throw new IdentityServerException(
ErrorCodes.InvalidClientMetaData,
ErrorDescriptions.TheParameterUserInfoEncryptedResponseAlgMustBeSpecified);
}
}
if (!string.IsNullOrWhiteSpace(parameter.RequestObjectEncryptionEnc) &&
Jwt.Constants.MappingNameToJweEncEnum.Keys.Contains(parameter.RequestObjectEncryptionEnc))
{
if (string.IsNullOrWhiteSpace(parameter.RequestObjectEncryptionAlg) ||
!Jwt.Constants.MappingNameToJweAlgEnum.ContainsKey(parameter.RequestObjectEncryptionAlg))
{
throw new IdentityServerException(
ErrorCodes.InvalidClientMetaData,
ErrorDescriptions.TheParameterRequestObjectEncryptionAlgMustBeSpecified);
}
}
ValidateNotMandatoryUri(parameter.InitiateLoginUri,
Dtos.Constants.ClientNames.InitiateLoginUri, true);
if (parameter.RequestUris != null &&
parameter.RequestUris.Any())
{
foreach (var requestUri in parameter.RequestUris)
{
if (!CheckUriIsWellFormed(requestUri))
{
throw new IdentityServerException(
ErrorCodes.InvalidClientMetaData,
ErrorDescriptions.OneOfTheRequestUriIsNotValid);
}
}
}
}
public void When_Passing_Registration_Parameter_With_Specific_Values_Then_Client_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string clientName = "client_name";
const string clientUri = "client_uri";
const string policyUri = "policy_uri";
const string tosUri = "tos_uri";
const string jwksUri = "jwks_uri";
const string kid = "kid";
const string sectorIdentifierUri = "sector_identifier_uri";
const double defaultMaxAge = 3;
const string defaultAcrValues = "default_acr_values";
const bool requireAuthTime = false;
const string initiateLoginUri = "initiate_login_uri";
const string requestUri = "request_uri";
var registrationParameter = new RegistrationParameter
{
ClientName = clientName,
ResponseTypes = new List <ResponseType>
{
ResponseType.token
},
GrantTypes = new List <GrantType>
{
GrantType.@implicit
},
ApplicationType = ApplicationTypes.native,
ClientUri = clientUri,
PolicyUri = policyUri,
TosUri = tosUri,
JwksUri = jwksUri,
Jwks = new JsonWebKeySet(),
SectorIdentifierUri = sectorIdentifierUri,
IdTokenSignedResponseAlg = Jwt.Constants.JwsAlgNames.RS256,
IdTokenEncryptedResponseAlg = Jwt.Constants.JweAlgNames.RSA1_5,
IdTokenEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256,
UserInfoSignedResponseAlg = Jwt.Constants.JwsAlgNames.RS256,
UserInfoEncryptedResponseAlg = Jwt.Constants.JweAlgNames.RSA1_5,
UserInfoEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256,
RequestObjectSigningAlg = Jwt.Constants.JwsAlgNames.RS256,
RequestObjectEncryptionAlg = Jwt.Constants.JweAlgNames.RSA1_5,
RequestObjectEncryptionEnc = Jwt.Constants.JweEncNames.A128CBC_HS256,
TokenEndPointAuthMethod = "client_secret_post",
TokenEndPointAuthSigningAlg = Jwt.Constants.JwsAlgNames.RS256,
DefaultMaxAge = defaultMaxAge,
DefaultAcrValues = defaultAcrValues,
RequireAuthTime = requireAuthTime,
InitiateLoginUri = initiateLoginUri,
RequestUris = new List <string>
{
requestUri
}
};
var jsonWebKeys = new List <JsonWebKey>
{
new JsonWebKey
{
Kid = kid
}
};
_jsonWebKeyConverterFake.Setup(j => j.ExtractSerializedKeys(It.IsAny <JsonWebKeySet>()))
.Returns(jsonWebKeys);
// ACT
var client = _generateClientFromRegistrationRequest.Execute(registrationParameter);
// ASSERT
_registrationParameterValidatorFake.Verify(r => r.Validate(registrationParameter));
Assert.True(client.ResponseTypes.Contains(ResponseType.token));
Assert.True(client.GrantTypes.Contains(GrantType.@implicit));
Assert.True(client.ApplicationType == ApplicationTypes.native);
Assert.True(client.ClientName == clientName);
Assert.True(client.ClientUri == clientUri);
Assert.True(client.PolicyUri == policyUri);
Assert.True(client.TosUri == tosUri);
Assert.True(client.JwksUri == jwksUri);
Assert.NotNull(client.JsonWebKeys);
Assert.True(client.JsonWebKeys.First().Kid == kid);
Assert.True(client.IdTokenSignedResponseAlg == Jwt.Constants.JwsAlgNames.RS256);
Assert.True(client.IdTokenEncryptedResponseAlg == Jwt.Constants.JweAlgNames.RSA1_5);
Assert.True(client.IdTokenEncryptedResponseEnc == Jwt.Constants.JweEncNames.A128CBC_HS256);
Assert.True(client.UserInfoSignedResponseAlg == Jwt.Constants.JwsAlgNames.RS256);
Assert.True(client.UserInfoEncryptedResponseAlg == Jwt.Constants.JweAlgNames.RSA1_5);
Assert.True(client.UserInfoEncryptedResponseEnc == Jwt.Constants.JweEncNames.A128CBC_HS256);
Assert.True(client.RequestObjectSigningAlg == Jwt.Constants.JwsAlgNames.RS256);
Assert.True(client.RequestObjectEncryptionAlg == Jwt.Constants.JweAlgNames.RSA1_5);
Assert.True(client.RequestObjectEncryptionEnc == Jwt.Constants.JweEncNames.A128CBC_HS256);
Assert.True(client.TokenEndPointAuthMethod == TokenEndPointAuthenticationMethods.client_secret_post);
Assert.True(client.TokenEndPointAuthSigningAlg == Jwt.Constants.JwsAlgNames.RS256);
Assert.True(client.DefaultMaxAge == defaultMaxAge);
Assert.True(client.DefaultAcrValues == defaultAcrValues);
Assert.True(client.RequireAuthTime == requireAuthTime);
Assert.True(client.InitiateLoginUri == initiateLoginUri);
Assert.True(client.RequestUris.First() == requestUri);
}
public async Task When_Passing_Registration_Parameter_With_Specific_Values_Then_Client_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
const string clientName = "client_name";
const string clientUri = "client_uri";
const string policyUri = "policy_uri";
const string tosUri = "tos_uri";
const string jwksUri = "jwks_uri";
const string kid = "kid";
const string sectorIdentifierUri = "sector_identifier_uri";
const double defaultMaxAge = 3;
const string defaultAcrValues = "default_acr_values";
const bool requireAuthTime = false;
const string initiateLoginUri = "initiate_login_uri";
const string requestUri = "request_uri";
var registrationParameter = new RegistrationParameter
{
ClientName = clientName,
ResponseTypes = new List <ResponseType>
{
ResponseType.token
},
GrantTypes = new List <GrantType>
{
GrantType.@implicit
},
ApplicationType = ApplicationTypes.native,
ClientUri = clientUri,
PolicyUri = policyUri,
TosUri = tosUri,
JwksUri = jwksUri,
Jwks = new JsonWebKeySet(),
SectorIdentifierUri = sectorIdentifierUri,
IdTokenSignedResponseAlg = Constants.JwsAlgNames.RS256,
IdTokenEncryptedResponseAlg = Constants.JweAlgNames.RSA1_5,
IdTokenEncryptedResponseEnc = Constants.JweEncNames.A128CBC_HS256,
UserInfoSignedResponseAlg = Constants.JwsAlgNames.RS256,
UserInfoEncryptedResponseAlg = Constants.JweAlgNames.RSA1_5,
UserInfoEncryptedResponseEnc = Constants.JweEncNames.A128CBC_HS256,
RequestObjectSigningAlg = Constants.JwsAlgNames.RS256,
RequestObjectEncryptionAlg = Constants.JweAlgNames.RSA1_5,
RequestObjectEncryptionEnc = Constants.JweEncNames.A128CBC_HS256,
TokenEndPointAuthMethod = "client_secret_post",
TokenEndPointAuthSigningAlg = Constants.JwsAlgNames.RS256,
DefaultMaxAge = defaultMaxAge,
DefaultAcrValues = defaultAcrValues,
RequireAuthTime = requireAuthTime,
InitiateLoginUri = initiateLoginUri,
RequestUris = new List <string>
{
requestUri
}
};
var jsonWebKeys = new List <JsonWebKey>
{
new JsonWebKey
{
Kid = kid
}
};
var client = new Client
{
ClientName = clientName,
ResponseTypes = new List <ResponseType>
{
ResponseType.token
},
GrantTypes = new List <GrantType>
{
GrantType.@implicit
},
ApplicationType = ApplicationTypes.native,
ClientUri = clientUri,
PolicyUri = policyUri,
TosUri = tosUri,
JwksUri = jwksUri,
JsonWebKeys = new List <JsonWebKey>(),
SectorIdentifierUri = sectorIdentifierUri,
IdTokenSignedResponseAlg = Constants.JwsAlgNames.RS256,
IdTokenEncryptedResponseAlg = Constants.JweAlgNames.RSA1_5,
IdTokenEncryptedResponseEnc = Constants.JweEncNames.A128CBC_HS256,
UserInfoSignedResponseAlg = Constants.JwsAlgNames.RS256,
UserInfoEncryptedResponseAlg = Constants.JweAlgNames.RSA1_5,
UserInfoEncryptedResponseEnc = Constants.JweEncNames.A128CBC_HS256,
RequestObjectSigningAlg = Constants.JwsAlgNames.RS256,
RequestObjectEncryptionAlg = Constants.JweAlgNames.RSA1_5,
RequestObjectEncryptionEnc = Constants.JweEncNames.A128CBC_HS256,
TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.client_secret_basic,
TokenEndPointAuthSigningAlg = Constants.JwsAlgNames.RS256,
DefaultMaxAge = defaultMaxAge,
DefaultAcrValues = defaultAcrValues,
RequireAuthTime = requireAuthTime,
InitiateLoginUri = initiateLoginUri,
RequestUris = new List <string>
{
requestUri
}
};
_generateClientFromRegistrationRequest.Setup(g => g.Execute(It.IsAny <RegistrationParameter>()))
.Returns(client);
_clientRepositoryFake.Setup(c => c.InsertAsync(It.IsAny <Client>()))
.Callback <Client>(c => client = c)
.Returns(Task.FromResult(true));
_clientInfoServiceStub.Setup(c => c.GetClientId()).Returns(Task.FromResult(Guid.NewGuid().ToString()));
_clientInfoServiceStub.Setup(c => c.GetClientSecret()).Returns(Task.FromResult(Guid.NewGuid().ToString()));
// ACT
var result = await _registerClientAction.Execute(registrationParameter);
// ASSERT
_oauthEventSource.Verify(s => s.StartRegistration(clientName));
_clientRepositoryFake.Verify(c => c.InsertAsync(It.IsAny <Client>()));
_oauthEventSource.Verify(s => s.EndRegistration(It.IsAny <string>(), clientName));
Assert.NotEmpty(result.ClientSecret);
}
public Task <ClientRegistrationResponse> AddClient(RegistrationParameter registrationParameter)
{
return(_registerClientAction.Execute(registrationParameter));
}
