Example #1
0
        public async Task Successful_token_request_should_trigger_authenticated_request_to_proper_api_when_multiple_clients_registered()
        {
            var tokenEndpointA = TokenEndpointHandler.ValidBearerToken("api-token-a", TimeSpan.MaxValue);
            var apiA           = new DownstreamApiHandler();
            var tokenEndpointB = TokenEndpointHandler.ValidBearerToken("api-token-b", TimeSpan.MaxValue);
            var apiB           = new DownstreamApiHandler();
            var client         = HostFactory.CreateClient(
                "api-b",
                services =>
            {
                services.AddHttpClient("api-a-authority").AddHttpMessageHandler(() => tokenEndpointA);
                services.AddHttpClient("api-b-authority").AddHttpMessageHandler(() => tokenEndpointB);
            },
                false,
                new DownstreamApi("api-a", apiA, b => b.AddOidcRefreshToken(o =>
            {
                _options(o);
                o.AuthorityHttpClientName = "api-a-authority";
            })),
                new DownstreamApi("api-b", apiB, b => b.AddOidcRefreshToken(o =>
            {
                _options(o);
                o.AuthorityHttpClientName = "api-b-authority";
            })));

            await client.GetAsync("https://api-b");

            Check.That(apiA.LastRequestToken).IsNull();
            Check.That(apiB.LastRequestToken).IsEqualTo("api-token-b");
        }
Example #2
0
        public async Task Authenticated_request_from_upstream_should_trigger_authenticated_request_to_proper_downstream_when_multiple_clients_registered()
        {
            var tokenEndpointA = TokenEndpointHandler.ValidBearerToken("downstream-token-a", TimeSpan.MaxValue);
            var downstreamApiA = new DownstreamApiHandler();
            var tokenEndpointB = TokenEndpointHandler.ValidBearerToken("downstream-token-b", TimeSpan.MaxValue);
            var downstreamApiB = new DownstreamApiHandler();
            var client         = WebHostFactory.CreateClient(
                services =>
            {
                services.AddHttpClient("api-a-authority").AddHttpMessageHandler(() => tokenEndpointA);
                services.AddHttpClient("api-b-authority").AddHttpMessageHandler(() => tokenEndpointB);
            },
                false,
                new DownstreamApi("downstream-a", downstreamApiA, b => b.AddOidcTokenDelegation(o =>
            {
                _options(o);
                o.Scope = "downstream-api-a";
                o.AuthorityHttpClientName = "api-a-authority";
            })),
                new DownstreamApi("downstream-b", downstreamApiB, b => b.AddOidcTokenDelegation(o =>
            {
                _options(o);
                o.Scope = "downstream-api-b";
                o.AuthorityHttpClientName = "api-b-authority";
            })));

            client.SetBearerToken("upstream-token");

            await client.GetAsync("https://downstream-b");

            Check.That(downstreamApiA.LastRequestToken).IsNull();
            Check.That(downstreamApiB.LastRequestToken).IsEqualTo("downstream-token-b");
        }
Example #3
0
        public async Task Token_request_error_should_trigger_unauthenticated_request_to_api()
        {
            var api    = new DownstreamApiHandler();
            var client = HostFactory.CreateClient(
                b => b.AddOidcRefreshToken(_options),
                TokenEndpointHandler.OidcProtocolError("invalid_grant"),
                api: api);

            await client.GetAsync("https://default");

            Check.That(api.LastRequestToken).IsNull();
        }
Example #4
0
        public async Task Token_delegation_error_should_trigger_unauthenticated_request_to_downstream()
        {
            var downstreamApi = new DownstreamApiHandler();
            var client        = WebHostFactory.CreateClient(
                b => b.AddOidcTokenDelegation(_options),
                TokenEndpointHandler.OidcProtocolError("invalid_grant"),
                downstreamApi: downstreamApi);

            client.SetBearerToken("1234");

            await client.GetAsync("https://default");

            Check.That(downstreamApi.LastRequestToken).IsNull();
        }
Example #5
0
        public void No_Authority_but_TokenEndpoint_should_not_throw()
        {
            Task Act() => HostFactory
            .CreateClient(
                b => b.AddOidcRefreshToken(o =>
            {
                o.TokenEndpoint         = "https://authority/connect/token";
                o.ClientId              = "test-client";
                o.ClientSecret          = "test-client secret key";
                o.RefreshTokenRetriever = (_) => "some-refresh-token";
            }),
                TokenEndpointHandler.ValidBearerToken("some-token", TimeSpan.MaxValue))
            .GetAsync("https://default");

            Check.ThatAsyncCode(Act).Not.ThrowsAny();
        }
Example #6
0
        public async Task Successful_token_request_should_trigger_TokenAcquired_event()
        {
            var eventsMock = new TokenEventsMock();
            var client     = HostFactory.CreateClient(
                b => b.AddOidcRefreshToken(o =>
            {
                _options(o);
                o.Events = eventsMock.CreateEvents();
            }),
                TokenEndpointHandler.ValidBearerToken("access-token", TimeSpan.MaxValue));

            await client.GetAsync("https://default");

            Check.That(eventsMock.LatestTokenAcquired).IsNotNull();
            Check.That(eventsMock.LatestTokenAcquired.AccessToken).IsEqualTo("access-token");
        }
Example #7
0
        public async Task Successful_token_request_should_trigger_authenticated_request_to_api()
        {
            var tokenEndpoint = TokenEndpointHandler.ValidBearerToken("access-token", TimeSpan.MaxValue);
            var api           = new DownstreamApiHandler();
            var client        = HostFactory.CreateClient(
                b => b.AddOidcRefreshToken(_options),
                tokenEndpoint,
                api: api);

            await client.GetAsync("https://default");

            Check.That(tokenEndpoint.LastRequestClientId).IsEqualTo(ClientId);
            Check.That(tokenEndpoint.LastRequestClientSecret).IsEqualTo(ClientSecret);
            Check.That(tokenEndpoint.LastRequestRefreshToken).IsEqualTo(RefreshToken);
            Check.That(api.LastRequestToken).IsEqualTo("access-token");
        }
Example #8
0
        public async Task Authenticated_request_from_upstream_should_trigger_authenticated_request_to_downstream()
        {
            var tokenEndpoint = TokenEndpointHandler.ValidBearerToken("downstream-token", TimeSpan.MaxValue);
            var downstreamApi = new DownstreamApiHandler();
            var client        = WebHostFactory.CreateClient(
                b => b.AddOidcTokenDelegation(_options),
                tokenEndpoint,
                downstreamApi: downstreamApi);

            client.SetBearerToken("upstream-token");

            await client.GetAsync("https://default");

            Check.That(tokenEndpoint.LastRequestToken).IsEqualTo("upstream-token");
            Check.That(downstreamApi.LastRequestToken).IsEqualTo("downstream-token");
        }
Example #9
0
        public async Task Token_request_error_should_trigger_TokenRequestFailed_event()
        {
            var eventsMock = new TokenEventsMock();
            var client     = HostFactory.CreateClient(
                b => b.AddOidcRefreshToken(o =>
            {
                _options(o);
                o.Events = eventsMock.CreateEvents();
            }),
                TokenEndpointHandler.OidcProtocolError("invalid_grant"));

            await client.GetAsync("https://default");

            Check.That(eventsMock.LatestTokenRequestFailed).IsNotNull();
            Check.That(eventsMock.LatestTokenRequestFailed.ErrorType).IsEqualTo(ResponseErrorType.Protocol);
            Check.That(eventsMock.LatestTokenRequestFailed.Error).IsEqualTo("invalid_grant");
        }
Example #10
0
        public void No_Authority_but_TokenEndpoint_should_not_throw()
        {
            Task Act() => HostFactory
            .CreateClient(
                b => b.AddOidcPassword(o =>
            {
                o.TokenEndpoint            = "https://authority/connect/token";
                o.ClientId                 = "test-client";
                o.ClientSecret             = "test-client secret key";
                o.Scope                    = "downstream-api";
                o.UserCredentialsRetriever = (_) => ("some-username", "some-password");
            }),
                TokenEndpointHandler.ValidBearerToken("some-token", TimeSpan.MaxValue))
            .GetAsync("https://default");

            Check.ThatAsyncCode(Act).Not.ThrowsAny();
        }
Example #11
0
        public void EnabledCaching_with_caching_service_should_not_throw()
        {
            Task Act() => HostFactory
            .CreateClient(
                b => b.AddOidcClientCredentials(o =>
            {
                o.TokenEndpoint = "https://authority/connect/token";
                o.ClientId      = "test-client";
                o.ClientSecret  = "test-client secret key";
                o.Scope         = "downstream-api";
            }),
                TokenEndpointHandler.ValidBearerToken("some-token", TimeSpan.MaxValue),
                addCaching: true)
            .GetAsync("https://default");

            Check.ThatAsyncCode(Act).Not.ThrowsAny();
        }