public static TokenValidator CreateTokenValidator(IReferenceTokenStore store = null, IProfileService profile = null) { if (profile == null) { profile = new TestProfileService(); } if (store == null) { store = CreateReferenceTokenStore(); } var clients = CreateClientStore(); var options = TestIdentityServerOptions.Create(); var context = new MockHttpContextAccessor(options); var logger = TestLogger.Create <TokenValidator>(); var validator = new TokenValidator( clients: clients, referenceTokenStore: store, customValidator: new DefaultCustomTokenValidator( profile: profile, clients: clients, logger: TestLogger.Create <DefaultCustomTokenValidator>()), keys: new DefaultKeyMaterialService(new[] { new DefaultValidationKeysStore(new[] { TestCert.LoadSigningCredentials().Key }) }), logger: logger, options: options, context: context); return(validator); }
public async Task JWT_Token_with_scopes_have_expected_claims(bool flag) { var options = TestIdentityServerOptions.Create(); options.EmitScopesAsSpaceDelimitedStringInJwt = flag; var signer = Factory.CreateDefaultTokenCreator(options); var jwt = await signer.CreateTokenAsync(TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write")); var validator = Factory.CreateTokenValidator(null); var result = await validator.ValidateAccessTokenAsync(jwt); result.IsError.Should().BeFalse(); result.Jwt.Should().NotBeNullOrEmpty(); result.Client.ClientId.Should().Be("roclient"); result.Claims.Count().Should().Be(9); var scopes = result.Claims.Where(c => c.Type == "scope").Select(c => c.Value).ToArray(); scopes.Count().Should().Be(2); scopes[0].Should().Be("read"); scopes[1].Should().Be("write"); }
public static IClientSecretValidator CreateClientSecretValidator(IClientStore clients = null, SecretParser parser = null, SecretValidator validator = null, IdentityServerOptions options = null) { options = options ?? TestIdentityServerOptions.Create(); if (clients == null) { clients = new InMemoryClientStore(TestClients.Get()); } if (parser == null) { var parsers = new List <ISecretParser> { new BasicAuthenticationSecretParser(options, TestLogger.Create <BasicAuthenticationSecretParser>()), new PostBodySecretParser(options, TestLogger.Create <PostBodySecretParser>()) }; parser = new SecretParser(parsers, TestLogger.Create <SecretParser>()); } if (validator == null) { var validators = new List <ISecretValidator> { new HashedSharedSecretValidator(TestLogger.Create <HashedSharedSecretValidator>()), new PlainTextSharedSecretValidator(TestLogger.Create <PlainTextSharedSecretValidator>()) }; validator = new SecretValidator(new StubClock(), validators, TestLogger.Create <SecretValidator>()); } return(new ClientSecretValidator(clients, parser, validator, new TestEventService(), TestLogger.Create <ClientSecretValidator>())); }
public static DeviceAuthorizationRequestValidator CreateDeviceAuthorizationRequestValidator( IdentityServerOptions options = null, IResourceStore resourceStore = null, IResourceValidator resourceValidator = null) { if (options == null) { options = TestIdentityServerOptions.Create(); } if (resourceStore == null) { resourceStore = new InMemoryResourcesStore(TestScopes.GetIdentity(), TestScopes.GetApis(), TestScopes.GetScopes()); } if (resourceValidator == null) { resourceValidator = CreateResourceValidator(resourceStore); } return(new DeviceAuthorizationRequestValidator( options, resourceValidator, TestLogger.Create <DeviceAuthorizationRequestValidator>())); }
public static TokenRequestValidator CreateTokenRequestValidator( IdentityServerOptions options = null, IScopeStore scopes = null, IAuthorizationCodeStore authorizationCodeStore = null, IRefreshTokenStore refreshTokens = null, IUserService userService = null, ICustomGrantValidator customGrantValidator = null, ICustomRequestValidator customRequestValidator = null, ScopeValidator scopeValidator = null, IDictionary <string, object> environment = null) { if (options == null) { options = TestIdentityServerOptions.Create(); } if (scopes == null) { scopes = new InMemoryScopeStore(TestScopes.Get()); } if (userService == null) { userService = new TestUserService(); } if (customRequestValidator == null) { customRequestValidator = new DefaultCustomRequestValidator(); } if (customGrantValidator == null) { customGrantValidator = new TestGrantValidator(); } if (refreshTokens == null) { refreshTokens = new InMemoryRefreshTokenStore(); } if (scopeValidator == null) { scopeValidator = new ScopeValidator(scopes); } IOwinContext context; if (environment == null) { context = new OwinContext(new Dictionary <string, object>()); } else { context = new OwinContext(environment); } return(new TokenRequestValidator(options, authorizationCodeStore, refreshTokens, userService, scopes, customGrantValidator, customRequestValidator, scopeValidator, context)); }
internal static ITokenCreationService CreateDefaultTokenCreator() { return(new DefaultTokenCreationService( new StubClock(), new DefaultKeyMaterialService(new IValidationKeysStore[] { }, new ISigningCredentialStore[] { new InMemorySigningCredentialsStore(TestCert.LoadSigningCredentials()) }), TestIdentityServerOptions.Create(), TestLogger.Create <DefaultTokenCreationService>())); }
public static TokenValidator CreateTokenValidator( IReferenceTokenStore store = null, IRefreshTokenStore refreshTokenStore = null, IProfileService profile = null, IdentityServerOptions options = null, ISystemClock clock = null) { if (options == null) { options = TestIdentityServerOptions.Create(); } if (profile == null) { profile = new TestProfileService(); } if (store == null) { store = CreateReferenceTokenStore(); } clock = clock ?? new StubClock(); if (refreshTokenStore == null) { refreshTokenStore = CreateRefreshTokenStore(); } var clients = CreateClientStore(); var context = new MockHttpContextAccessor(options); var logger = TestLogger.Create <TokenValidator>(); var keyInfo = new SecurityKeyInfo { Key = TestCert.LoadSigningCredentials().Key, SigningAlgorithm = "RS256" }; var validator = new TokenValidator( clients: clients, clock: clock, profile: profile, referenceTokenStore: store, refreshTokenStore: refreshTokenStore, customValidator: new DefaultCustomTokenValidator(), keys: new DefaultKeyMaterialService( new[] { new InMemoryValidationKeysStore(new[] { keyInfo }) }, Enumerable.Empty <ISigningCredentialStore>(), new NopAutomaticKeyManagerKeyStore() ), logger: logger, options: options, context: context); return(validator); }
public async Task Valid_JWT_Token() { var signer = new DefaultTokenSigningService(TestIdentityServerOptions.Create()); var jwt = await signer.SignTokenAsync(TokenFactory.CreateAccessToken("roclient", "valid", 600, "read", "write")); var validator = Factory.CreateTokenValidator(null); var result = await validator.ValidateAccessTokenAsync(jwt); Assert.IsFalse(result.IsError); }
public async Task Valid_IdentityToken_no_ClientId_supplied() { var signer = new DefaultTokenSigningService(TestIdentityServerOptions.Create()); var jwt = await signer.SignTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid")); var validator = Factory.CreateTokenValidator(); var result = await validator.ValidateIdentityTokenAsync(jwt); result.IsError.Should().BeFalse(); }
public async Task Valid_IdentityToken_SymmetricKeyType() { var signer = new DefaultTokenSigningService(TestIdentityServerOptions.Create()); var jwt = await signer.SignTokenAsync(TokenFactory.CreateIdentityToken("roclient_symmetric", "valid")); var validator = Factory.CreateTokenValidator(); var result = await validator.ValidateIdentityTokenAsync(jwt, "roclient_symmetric"); Assert.IsFalse(result.IsError); }
public async Task IdentityToken_InvalidClientId() { var signer = new DefaultTokenSigningService(TestIdentityServerOptions.Create()); var jwt = await signer.SignTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid")); var validator = Factory.CreateTokenValidator(); var result = await validator.ValidateIdentityTokenAsync(jwt, "invalid"); Assert.IsTrue(result.IsError); Assert.AreEqual(Constants.ProtectedResourceErrors.InvalidToken, result.Error); }
public async Task IdentityToken_Too_Long() { var signer = new DefaultTokenSigningService(TestIdentityServerOptions.Create()); var jwt = await signer.SignTokenAsync(TokenFactory.CreateIdentityTokenLong("roclient", "valid", 1000)); var validator = Factory.CreateTokenValidator(); var result = await validator.ValidateIdentityTokenAsync(jwt, "roclient"); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.ProtectedResourceErrors.InvalidToken); }
public static AuthorizeRequestValidator CreateAuthorizeRequestValidator( IdentityServerOptions options = null, IScopeStore scopes = null, IClientStore clients = null, IUserService users = null, ICustomRequestValidator customValidator = null, IRedirectUriValidator uriValidator = null, ScopeValidator scopeValidator = null, IDictionary <string, object> environment = null) { if (options == null) { options = TestIdentityServerOptions.Create(); } if (scopes == null) { scopes = new InMemoryScopeStore(TestScopes.Get()); } if (clients == null) { clients = new InMemoryClientStore(TestClients.Get()); } if (customValidator == null) { customValidator = new DefaultCustomRequestValidator(); } if (uriValidator == null) { uriValidator = new DefaultRedirectUriValidator(); } if (scopeValidator == null) { scopeValidator = new ScopeValidator(scopes); } IOwinContext context; if (environment == null) { context = new OwinContext(new Dictionary <string, object>()); } else { context = new OwinContext(environment); } return(new AuthorizeRequestValidator(options, clients, customValidator, uriValidator, scopeValidator, context)); }
public async Task JWT_Token_Too_Long() { var signer = new DefaultTokenSigningService(TestIdentityServerOptions.Create()); var jwt = await signer.SignTokenAsync(TokenFactory.CreateAccessTokenLong(new Client { ClientId = "roclient" }, "valid", 600, 1000, "read", "write")); var validator = Factory.CreateTokenValidator(null); var result = await validator.ValidateAccessTokenAsync(jwt); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.ProtectedResourceErrors.InvalidToken); }
public async Task JWT_Token_invalid_Audience() { var signer = new DefaultTokenSigningService(TestIdentityServerOptions.Create()); var token = TokenFactory.CreateAccessToken("roclient", "valid", 600, "read", "write"); token.Audience = "invalid"; var jwt = await signer.SignTokenAsync(token); var validator = Factory.CreateTokenValidator(null); var result = await validator.ValidateAccessTokenAsync(jwt); Assert.IsTrue(result.IsError); Assert.AreEqual(Constants.ProtectedResourceErrors.InvalidToken, result.Error); }
public static AuthorizeRequestValidator CreateAuthorizeRequestValidator( IdentityServerOptions options = null, IResourceStore resourceStore = null, IClientStore clients = null, IProfileService profile = null, ICustomAuthorizeRequestValidator customValidator = null, IRedirectUriValidator uriValidator = null, ScopeValidator scopeValidator = null) { if (options == null) { options = TestIdentityServerOptions.Create(); } if (resourceStore == null) { resourceStore = new InMemoryResourcesStore(TestScopes.GetIdentity(), TestScopes.GetApis()); } if (clients == null) { clients = new InMemoryClientStore(TestClients.Get()); } if (customValidator == null) { customValidator = new DefaultCustomAuthorizeRequestValidator(); } if (uriValidator == null) { uriValidator = new StrictRedirectUriValidator(); } if (scopeValidator == null) { scopeValidator = new ScopeValidator(resourceStore, new LoggerFactory().CreateLogger <ScopeValidator>()); } var sessionId = new MockSessionIdService(); return(new AuthorizeRequestValidator( options, clients, customValidator, uriValidator, scopeValidator, sessionId, TestLogger.Create <AuthorizeRequestValidator>())); }
public EndSessionRequestValidatorTests() { _user = new IdentityServerUser("alice").CreatePrincipal(); _options = TestIdentityServerOptions.Create(); _subject = new EndSessionRequestValidator( _context, _options, _stubTokenValidator, _stubRedirectUriValidator, _userSession, _mockLogoutNotificationService, _mockEndSessionMessageStore, TestLogger.Create <EndSessionRequestValidator>()); }
public EndSessionRequestValidatorTests() { _user = IdentityServerPrincipal.Create("alice", "Alice"); _clientStore = new InMemoryClientStore(new Client[0]); _options = TestIdentityServerOptions.Create(); _subject = new EndSessionRequestValidator( _context, _options, _stubTokenValidator, _stubRedirectUriValidator, _userSession, _clientStore, _mockEndSessionMessageStore, TestLogger.Create <EndSessionRequestValidator>()); }
public static TokenValidator CreateTokenValidator(ITokenHandleStore tokenStore = null) { var users = new TestUserService(); var clients = CreateClientStore(); var validator = new TokenValidator( options: TestIdentityServerOptions.Create(), users: users, clients: clients, tokenHandles: tokenStore, customValidator: new DefaultCustomTokenValidator( users: users, clients: clients)); return(validator); }
public MockHttpContextAccessor( IdentityServerOptions options = null, IUserSession userSession = null, IMessageStore <LogoutNotificationContext> endSessionStore = null, IServerUrls urls = null) { options = options ?? TestIdentityServerOptions.Create(); var services = new ServiceCollection(); services.AddSingleton(options); services.AddSingleton <IAuthenticationSchemeProvider>(Schemes); services.AddSingleton <IAuthenticationService>(AuthenticationService); services.AddAuthentication(auth => { auth.DefaultAuthenticateScheme = Schemes.Default; }); if (userSession == null) { services.AddScoped <IUserSession, DefaultUserSession>(); } else { services.AddSingleton(userSession); } if (endSessionStore == null) { services.AddTransient <IMessageStore <LogoutNotificationContext>, ProtectedDataMessageStore <LogoutNotificationContext> >(); } else { services.AddSingleton(endSessionStore); } if (urls != null) { services.AddSingleton <IServerUrls>(urls); } _context.RequestServices = services.BuildServiceProvider(); }
public static TokenValidator CreateTokenValidator( IReferenceTokenStore store = null, IRefreshTokenStore refreshTokenStore = null, IProfileService profile = null, IIssuerNameService issuerNameService = null, IdentityServerOptions options = null, ISystemClock clock = null) { options ??= TestIdentityServerOptions.Create(); profile ??= new TestProfileService(); store ??= CreateReferenceTokenStore(); clock ??= new StubClock(); refreshTokenStore ??= CreateRefreshTokenStore(); issuerNameService ??= new TestIssuerNameService(options.IssuerUri); var clients = CreateClientStore(); var logger = TestLogger.Create <TokenValidator>(); var keyInfo = new SecurityKeyInfo { Key = TestCert.LoadSigningCredentials().Key, SigningAlgorithm = "RS256" }; var validator = new TokenValidator( clients: clients, clock: clock, profile: profile, referenceTokenStore: store, customValidator: new DefaultCustomTokenValidator(), keys: new DefaultKeyMaterialService( new[] { new InMemoryValidationKeysStore(new[] { keyInfo }) }, Enumerable.Empty <ISigningCredentialStore>(), new NopAutomaticKeyManagerKeyStore() ), sessionCoordinationService: new StubSessionCoordinationService(), logger: logger, options: options, issuerNameService: issuerNameService); return(validator); }
public static TokenRequestValidator CreateTokenRequestValidator( IdentityServerOptions options = null, IScopeStore scopes = null, IPersistedGrantService grants = null, IResourceOwnerPasswordValidator resourceOwnerValidator = null, IProfileService profile = null, IEnumerable <IExtensionGrantValidator> extensionGrantValidators = null, ICustomTokenRequestValidator customRequestValidator = null, ScopeValidator scopeValidator = null) { if (options == null) { options = TestIdentityServerOptions.Create(); } if (scopes == null) { scopes = new InMemoryScopeStore(TestScopes.Get()); } if (resourceOwnerValidator == null) { resourceOwnerValidator = new TestResourceOwnerPasswordValidator(); } if (profile == null) { profile = new TestProfileService(); } if (customRequestValidator == null) { customRequestValidator = new DefaultCustomTokenRequestValidator(); } ExtensionGrantValidator aggregateExtensionGrantValidator; if (extensionGrantValidators == null) { aggregateExtensionGrantValidator = new ExtensionGrantValidator(new[] { new TestGrantValidator() }, TestLogger.Create <ExtensionGrantValidator>()); } else { aggregateExtensionGrantValidator = new ExtensionGrantValidator(extensionGrantValidators, TestLogger.Create <ExtensionGrantValidator>()); } if (grants == null) { grants = CreateGrantService(); } if (scopeValidator == null) { scopeValidator = new ScopeValidator(scopes, new LoggerFactory().CreateLogger <ScopeValidator>()); } return(new TokenRequestValidator( options, grants, resourceOwnerValidator, profile, aggregateExtensionGrantValidator, customRequestValidator, scopeValidator, new TestEventService(), TestLogger.Create <TokenRequestValidator>())); }
public static TokenRequestValidator CreateTokenRequestValidator( IdentityServerOptions options = null, IIssuerNameService issuerNameService = null, IResourceStore resourceStore = null, IAuthorizationCodeStore authorizationCodeStore = null, IRefreshTokenStore refreshTokenStore = null, IResourceOwnerPasswordValidator resourceOwnerValidator = null, IProfileService profile = null, IDeviceCodeValidator deviceCodeValidator = null, IEnumerable <IExtensionGrantValidator> extensionGrantValidators = null, ICustomTokenRequestValidator customRequestValidator = null, IRefreshTokenService refreshTokenService = null, IResourceValidator resourceValidator = null) { if (options == null) { options = TestIdentityServerOptions.Create(); } if (issuerNameService == null) { issuerNameService = new TestIssuerNameService(options.IssuerUri); } if (resourceStore == null) { resourceStore = new InMemoryResourcesStore(TestScopes.GetIdentity(), TestScopes.GetApis(), TestScopes.GetScopes()); } if (resourceOwnerValidator == null) { resourceOwnerValidator = new TestResourceOwnerPasswordValidator(); } if (profile == null) { profile = new TestProfileService(); } if (deviceCodeValidator == null) { deviceCodeValidator = new TestDeviceCodeValidator(); } if (customRequestValidator == null) { customRequestValidator = new DefaultCustomTokenRequestValidator(); } ExtensionGrantValidator aggregateExtensionGrantValidator; if (extensionGrantValidators == null) { aggregateExtensionGrantValidator = new ExtensionGrantValidator(new[] { new TestGrantValidator() }, TestLogger.Create <ExtensionGrantValidator>()); } else { aggregateExtensionGrantValidator = new ExtensionGrantValidator(extensionGrantValidators, TestLogger.Create <ExtensionGrantValidator>()); } if (authorizationCodeStore == null) { authorizationCodeStore = CreateAuthorizationCodeStore(); } if (refreshTokenStore == null) { refreshTokenStore = CreateRefreshTokenStore(); } if (resourceValidator == null) { resourceValidator = CreateResourceValidator(resourceStore); } if (refreshTokenService == null) { refreshTokenService = CreateRefreshTokenService( refreshTokenStore, profile); } return(new TokenRequestValidator( options, issuerNameService, authorizationCodeStore, resourceOwnerValidator, profile, deviceCodeValidator, aggregateExtensionGrantValidator, customRequestValidator, resourceValidator, resourceStore, refreshTokenService, new TestEventService(), new StubClock(), TestLogger.Create <TokenRequestValidator>())); }
public static AuthorizeRequestValidator CreateAuthorizeRequestValidator( IdentityServerOptions options = null, IIssuerNameService issuerNameService = null, IResourceStore resourceStore = null, IClientStore clients = null, IProfileService profile = null, ICustomAuthorizeRequestValidator customValidator = null, IRedirectUriValidator uriValidator = null, IResourceValidator resourceValidator = null, JwtRequestValidator jwtRequestValidator = null, IJwtRequestUriHttpClient jwtRequestUriHttpClient = null) { if (options == null) { options = TestIdentityServerOptions.Create(); } if (issuerNameService == null) { issuerNameService = new TestIssuerNameService(options.IssuerUri); } if (resourceStore == null) { resourceStore = new InMemoryResourcesStore(TestScopes.GetIdentity(), TestScopes.GetApis(), TestScopes.GetScopes()); } if (clients == null) { clients = new InMemoryClientStore(TestClients.Get()); } if (customValidator == null) { customValidator = new DefaultCustomAuthorizeRequestValidator(); } if (uriValidator == null) { uriValidator = new StrictRedirectUriValidator(); } if (resourceValidator == null) { resourceValidator = CreateResourceValidator(resourceStore); } if (jwtRequestValidator == null) { jwtRequestValidator = new JwtRequestValidator("https://identityserver", new LoggerFactory().CreateLogger <JwtRequestValidator>()); } if (jwtRequestUriHttpClient == null) { jwtRequestUriHttpClient = new DefaultJwtRequestUriHttpClient(new HttpClient(new NetworkHandler(new Exception("no jwt request uri response configured"))), options, new LoggerFactory()); } var userSession = new MockUserSession(); return(new AuthorizeRequestValidator( options, issuerNameService, clients, customValidator, uriValidator, resourceValidator, userSession, jwtRequestValidator, jwtRequestUriHttpClient, TestLogger.Create <AuthorizeRequestValidator>())); }
public static TokenRequestValidator CreateTokenRequestValidator( IdentityServerOptions options = null, IResourceStore resourceStore = null, IAuthorizationCodeStore authorizationCodeStore = null, IRefreshTokenStore refreshTokenStore = null, IResourceOwnerPasswordValidator resourceOwnerValidator = null, IProfileService profile = null, IEnumerable <IExtensionGrantValidator> extensionGrantValidators = null, ICustomTokenRequestValidator customRequestValidator = null, ScopeValidator scopeValidator = null) { if (options == null) { options = TestIdentityServerOptions.Create(); } if (resourceStore == null) { resourceStore = new InMemoryResourcesStore(TestScopes.GetIdentity(), TestScopes.GetApis()); } if (resourceOwnerValidator == null) { resourceOwnerValidator = new TestResourceOwnerPasswordValidator(); } if (profile == null) { profile = new TestProfileService(); } if (customRequestValidator == null) { customRequestValidator = new DefaultCustomTokenRequestValidator(); } ExtensionGrantValidator aggregateExtensionGrantValidator; if (extensionGrantValidators == null) { aggregateExtensionGrantValidator = new ExtensionGrantValidator(new[] { new TestGrantValidator() }, TestLogger.Create <ExtensionGrantValidator>()); } else { aggregateExtensionGrantValidator = new ExtensionGrantValidator(extensionGrantValidators, TestLogger.Create <ExtensionGrantValidator>()); } if (authorizationCodeStore == null) { authorizationCodeStore = CreateAuthorizationCodeStore(); } if (refreshTokenStore == null) { refreshTokenStore = CreateRefreshTokenStore(); } if (scopeValidator == null) { scopeValidator = new ScopeValidator(resourceStore, new LoggerFactory().CreateLogger <ScopeValidator>()); } return(new TokenRequestValidator( options, authorizationCodeStore, refreshTokenStore, resourceOwnerValidator, profile, aggregateExtensionGrantValidator, customRequestValidator, scopeValidator, new TestEventService(), TestLogger.Create <TokenRequestValidator>())); }