public async Task Valid_Client_Multiple_Scopes()
{
var client = new TokenClient(
TokenEndpoint,
"client",
"secret",
innerHttpMessageHandler: _handler);
var response = await client.RequestClientCredentialsAsync("api1 api2");
response.IsError.Should().Be(false);
response.ExpiresIn.Should().Be(3600);
response.TokenType.Should().Be("Bearer");
response.IdentityToken.Should().BeNull();
response.RefreshToken.Should().BeNull();
var payload = GetPayload(response);
payload.Count().Should().Be(6);
payload.Should().Contain("iss", "https://idsrv4");
payload.Should().Contain("aud", "https://idsrv4/resources");
payload.Should().Contain("client_id", "client");
var scopes = payload["scope"] as JArray;
scopes.Count().Should().Be(2);
scopes.First().ToString().Should().Be("api1");
scopes.Skip(1).First().ToString().Should().Be("api2");
}
/// <summary>
/// Busca o token de acesso no IdentityServer para ser utilizado na API.
/// </summary>
/// <returns></returns>
private async Task<TokenResponse> GetTokenAsync()
{
var client = new TokenClient("https://localhost:44302/identity/connect/token"
, "mvc_service"
, "secret");
return await client.RequestClientCredentialsAsync("gac_erp_appservice");
}
private static string RequestAccessTokenClientCredentials()
{
//did we store the token before?
var cookie = HttpContext.Current.Request.Cookies.Get("tripGalleryCookie");
if (cookie != null && cookie["access_token"] != null)
{
return cookie["access_token"];
}
var tokenClient = new TokenClient(
TripGallery.Constants.TripGallerySTSTokenEndpoint,
"tripgalleryclientcredentials",
TripGallery.Constants.TripGalleryClientSecret
);
var tokenResponse = tokenClient.RequestClientCredentialsAsync("gallerymanagement").Result;
//just to debug
TokenHelper.DecodeAndWrite(tokenResponse.AccessToken);
//save token in a cookie
HttpContext.Current.Response.Cookies["TripGalleryCookie"]["access_token"] = tokenResponse.AccessToken;
return tokenResponse.AccessToken;
}
/// <summary>
/// request ID server for a token using the ClientId and secret
/// </summary>
/// <returns>An access token in string format</returns>
private static string RequestAccessTokenClientCredentials(string clientId,string secret)
{
// did we store the token before?
var cookie = HttpContext.Current.Request.Cookies.Get("TripGalleryCookie");
if (cookie != null && cookie["access_token"] != null)
{
return cookie["access_token"];
}
// no token found - get one
// create an oAuth2 Client
var oAuth2Client = new TokenClient(
TripGallery.Constants.TripGallerySTSTokenEndpoint,
clientId,
secret);
// ask for a token, containing the gallerymanagement scope
var tokenResponse = oAuth2Client.RequestClientCredentialsAsync("gallerymanagement").Result;
// decode & write out the token, so we can see what's in it
// TokenHelper.DecodeAndWrite(tokenResponse.AccessToken);
// we save the token in a cookie for use later on
HttpContext.Current.Response.Cookies["TripGalleryCookie"]["access_token"] = tokenResponse.AccessToken;
// return the token
return tokenResponse.AccessToken;
}
static void Main(string[] args)
{
var tokenClient = new TokenClient(
"http://localhost:18942/connect/token",
"test",
"secret");
//This responds with the token for the "api" scope, based on the username/password above
var response = tokenClient.RequestClientCredentialsAsync("api1").Result;
//Test area to show api/values is protected
//Should return that the request is unauthorized
try
{
var unTokenedClient = new HttpClient();
var unTokenedClientResponse = unTokenedClient.GetAsync("http://localhost:19806/api/values").Result;
Console.WriteLine("Un-tokened response: {0}", unTokenedClientResponse.StatusCode);
}
catch (Exception ex)
{
Console.WriteLine("Exception of: {0} while calling api without token.", ex.Message);
}
//Now we make the same request with the token received by the auth service.
var client = new HttpClient();
client.SetBearerToken(response.AccessToken);
var apiResponse = client.GetAsync("http://localhost:19806/identity").Result;
var callApiResponse = client.GetAsync("http://localhost:19806/api/values").Result;
Console.WriteLine("Tokened response: {0}", callApiResponse.StatusCode);
Console.WriteLine(callApiResponse.Content.ReadAsStringAsync().Result);
Console.Read();
}
static TokenResponse GetToken(string tokenUrl, string clientId, string secret, string scope, string username = null, string password = null)
{
var client = new TokenClient(tokenUrl, clientId, secret);
if (string.IsNullOrWhiteSpace(username)||string.IsNullOrWhiteSpace(password))
return client.RequestClientCredentialsAsync(scope).Result;
else
return client.RequestResourceOwnerPasswordAsync(username, password, scope).Result;
}
static TokenResponse GetClientToken()
{
var client = new TokenClient("https://localhost:44333/connect/token",
"freightshare1",
"IIPiBTywUcK5Qv0kvmVXbSiax5wBStDMGTAIA0T/RSM=");
return client.RequestClientCredentialsAsync("api1").Result;
}
static TokenResponse GetClientToken()
{
var client = new TokenClient(
"https://100.105.80.38:13855/connect/token",
"silicon",
"F621F470-9731-4A25-80EF-67A6F7C5F4B8");
return client.RequestClientCredentialsAsync("api1").Result;
}
private async static Task<string> RequestToken()
{
var tokenClient = new TokenClient("https://localhost:44302/connect/token", "ConsoleClient", "secret");
var response = await tokenClient.RequestClientCredentialsAsync("Api");
return response.AccessToken;
}
private async Task<TokenResponse> GetTokenAsync()
{
var client = new TokenClient(IdConstants.IdHost +
"identity/connect/token",
"mvc_service",
"secret");
return await client.RequestClientCredentialsAsync("sampleApi");
}
static TokenResponse GetToken()
{
var client = new TokenClient(
"https://localhost:44300/connect/token",
"test",
"secret");
return client.RequestClientCredentialsAsync("api1").Result;
}
//requests the access token using the client credentials
static TokenResponse GetClientToken()
{
var client = new TokenClient(
"http://localhost:44333/connect/token",
"silicon",
"F621F470-9731-4A25-80EF-67A6F7C5F4B8");
return client.RequestClientCredentialsAsync("api1").Result;
}
static TokenResponse RequestToken()
{
var client = new TokenClient(
Constants.TokenEndpoint,
"client",
"secret");
return client.RequestClientCredentialsAsync("read write").Result;
}
protected async Task<TokenResponse> GetTokenAsync()
{
string _url = Constants.IdentityServerUri + "/connect/token";
var client = new TokenClient(
_url,
Constants.APIClient,
Constants.IdentitySecret);
return await client.RequestClientCredentialsAsync("apiAccess");
}
static TokenResponse RequestToken()
{
var client = new TokenClient(
Constants.TokenEndpoint,
"clientcredentials.client",
"secret",
AuthenticationStyle.PostValues);
return client.RequestClientCredentialsAsync("read write").Result;
}
static void Main(string[] args)
{
var tokenClient = new TokenClient(
"http://localhost:5000/connect/token",
"test",
"secret");
var response = tokenClient.RequestClientCredentialsAsync("api1").Result;
var client = new HttpClient();
client.SetBearerToken(response.AccessToken);
var apiResponse = client.GetAsync("http://localhost:19806/identity").Result;
Console.WriteLine(apiResponse.StatusCode);
}
static TokenResponse RequestToken()
{
var cert = new X509Certificate2("Client.pfx");
var handler = new WebRequestHandler();
handler.ClientCertificates.Add(cert);
var client = new TokenClient(
Constants.TokenEndpoint,
"clientcredentials.client",
handler);
return client.RequestClientCredentialsAsync("read write").Result;
}
private static async Task ExecuteAsync()
{
// discover endpoints from metadata
var disco = await DiscoveryClient.GetAsync("http://localhost:5000");
if (disco.IsError)
{
Console.WriteLine(disco.Error);
return;
}
// request token
Console.WriteLine("Requesting Token");
var tokenClient = new IdentityModel.Client.TokenClient(disco.TokenEndpoint, "apiclient", "secret");
var tokenResponse = await tokenClient.RequestClientCredentialsAsync("api1");
if (tokenResponse.IsError)
{
Console.WriteLine(tokenResponse.Error);
return;
}
Console.WriteLine(tokenResponse.Json);
// call api
Console.WriteLine("Calling API");
var client = new HttpClient();
client.SetBearerToken(tokenResponse.AccessToken);
var response = await client.GetAsync("http://localhost:5002/identity");
if (!response.IsSuccessStatusCode)
{
Console.WriteLine(response.StatusCode);
}
else
{
var content = await response.Content.ReadAsStringAsync();
Console.WriteLine(JArray.Parse(content));
}
return;
}
/// <summary>
/// Gets access token.
/// </summary>
/// <param name="address">
/// Address of the service.
/// </param>
/// <param name="clientId">
/// Client id.
/// </param>
/// <param name="clientSecret">
/// Client secret.
/// </param>
/// <param name="extraData">
/// Additional data to be sent.
/// </param>
/// <returns>
/// An access token.
/// </returns>
public async Task <string> GetAccessTokenAsync(string address, string clientId, string clientSecret, object extraData)
{
#pragma warning disable 618
var client = new IdentityModelTokenClient.TokenClient(
#pragma warning restore 618
address,
clientId,
clientSecret,
this.ClientHandler)
{
BasicAuthenticationHeaderStyle = BasicAuthenticationHeaderStyle.Rfc2617,
};
var response = await client.RequestClientCredentialsAsync("identity request_claims", extraData);
if (response.HttpStatusCode != HttpStatusCode.OK)
{
throw new Exception($"Could not get access token from: {address} {response.HttpStatusCode} {response.ErrorDescription} {response.Json}");
}
return(response.AccessToken);
}
private async Task <bool> RenewTokensAsync(CancellationToken cancellationToken)
{
if (await _lock.WaitAsync(Timeout, cancellationToken).ConfigureAwait(false))
{
try
{
var response = await _tokenClient.RequestClientCredentialsAsync(_scope, cancellationToken : cancellationToken).ConfigureAwait(false);
if (!response.IsError)
{
_accessToken = response.AccessToken;
#pragma warning disable 4014
Task.Run(() =>
{
foreach (EventHandler <TokenRenewedEventArgs> del in TokenRenewed.GetInvocationList())
{
try
{
del(this, new TokenRenewedEventArgs(response.AccessToken, response.ExpiresIn));
}
catch { }
}
}).ConfigureAwait(false);
#pragma warning restore 4014
return(true);
}
}
finally
{
_lock.Release();
}
}
return(false);
}
public async Task Valid_Client()
{
var client = new TokenClient(
TokenEndpoint,
"client",
"secret",
innerHttpMessageHandler: _handler);
var response = await client.RequestClientCredentialsAsync("api1");
response.IsError.Should().Be(false);
response.ExpiresIn.Should().Be(3600);
response.TokenType.Should().Be("Bearer");
response.IdentityToken.Should().BeNull();
response.RefreshToken.Should().BeNull();
var payload = GetPayload(response);
payload.Count().Should().Be(6);
payload.Should().Contain("iss", "https://idsrv3");
payload.Should().Contain("aud", "https://idsrv3/resources");
payload.Should().Contain("client_id", "client");
payload.Should().Contain("scope", "api1");
}
public async Task Valid_Token_Valid_Scope_Multiple()
{
var tokenClient = new TokenClient(
TokenEndpoint,
"client1",
"secret",
_handler);
var tokenResponse = await tokenClient.RequestClientCredentialsAsync("api1 api2");
var introspectionClient = new IntrospectionClient(
IntrospectionEndpoint,
"api1",
"secret",
_handler);
var response = await introspectionClient.SendAsync(new IntrospectionRequest
{
Token = tokenResponse.AccessToken
});
response.IsActive.Should().Be(true);
response.IsError.Should().Be(false);
var scopes = from c in response.Claims
where c.Item1 == "scope"
select c;
scopes.Count().Should().Be(1);
scopes.First().Item2.Should().Be("api1");
}
public async Task Authorized_and_UnauthorizedScope()
{
var client = new TokenClient(
TokenEndpoint,
"client",
"secret",
innerHttpMessageHandler: _handler);
var response = await client.RequestClientCredentialsAsync("api1 api3");
response.IsError.Should().Be(true);
response.Error.Should().Be("invalid_scope");
}
public async Task Invalid_Client()
{
var client = new TokenClient(
TokenEndpoint,
"invalid",
"secret",
innerHttpMessageHandler: _handler);
var response = await client.RequestClientCredentialsAsync("api1");
response.IsError.Should().Be(true);
response.Error.Should().Be("invalid_client");
}
public async Task Valid_Token_Invalid_Scope()
{
var tokenClient = new TokenClient(
TokenEndpoint,
"client1",
"secret",
_handler);
var tokenResponse = await tokenClient.RequestClientCredentialsAsync("api1");
var introspectionClient = new IntrospectionClient(
IntrospectionEndpoint,
"api2",
"secret",
_handler);
var response = await introspectionClient.SendAsync(new IntrospectionRequest
{
Token = tokenResponse.AccessToken
});
response.IsActive.Should().Be(false);
response.IsError.Should().Be(false);
}
