public async Task Valid_User_IdentityScopes()
{
var client = new TokenClient(
TokenEndpoint,
"roclient",
"secret",
innerHttpMessageHandler: _handler);
var response = await client.RequestResourceOwnerPasswordAsync("bob", "bob", "openid email api1");
response.IsError.Should().Be(false);
response.ExpiresIn.Should().Be(3600);
response.TokenType.Should().Be("Bearer");
response.IdentityToken.Should().BeNull();
response.RefreshToken.Should().BeNull();
var payload = GetPayload(response);
payload.Count().Should().Be(10);
payload.Should().Contain("iss", "https://idsrv3");
payload.Should().Contain("aud", "https://idsrv3/resources");
payload.Should().Contain("client_id", "roclient");
payload.Should().Contain("sub", "88421113");
payload.Should().Contain("idp", "idsrv");
var amr = payload["amr"] as JArray;
amr.Count().Should().Be(1);
amr.First().ToString().Should().Be("password");
var scopes = payload["scope"] as JArray;
scopes.Count().Should().Be(3);
scopes.First().ToString().Should().Be("api1");
scopes.Skip(1).First().ToString().Should().Be("email");
scopes.Skip(2).First().ToString().Should().Be("openid");
}
static TokenResponse GetToken(string tokenUrl, string clientId, string secret, string scope, string username = null, string password = null)
{
var client = new TokenClient(tokenUrl, clientId, secret);
if (string.IsNullOrWhiteSpace(username)||string.IsNullOrWhiteSpace(password))
return client.RequestClientCredentialsAsync(scope).Result;
else
return client.RequestResourceOwnerPasswordAsync(username, password, scope).Result;
}
public static TokenResponse GetClientToken()
{
var client = new TokenClient("https://localhost:44333/connect/token", "carbon",
"21B5F798-BE55-42BC-8AA8-0025B903DC3B");
//return client.RequestClientCredentialsAsync("LeagueComparer").Result;
return client.RequestResourceOwnerPasswordAsync("bob", "secret", "LeagueComparer").Result;
}
static TokenResponse RequestToken()
{
var client = new TokenClient(
Constants.TokenEndpoint,
"roclient.reference",
"secret");
return client.RequestResourceOwnerPasswordAsync("bob", "bob", "api1").Result;
}
static TokenResponse GetToken()
{
var client = new TokenClient(
"http://localhost:44333/connect/token",
"ConsoleApplication",
"F621F470-9731-4A25-80EF-67A6F7C5F4B8");
return client.RequestResourceOwnerPasswordAsync("bob", "secret", "WebApi1").Result;
}
/// <summary>
/// Request an access token on behalf of a user
/// </summary>
static TokenResponse GetUserToken()
{
var client = new TokenClient("https://localhost:44333/connect/token",
"freightshare2",
"IIPiBTywUcK5Qv0kvmVXbSiax5wBStDMGTAIA0T/RSM=");
//return client.RequestResourceOwnerPasswordAsync("bob", "secret", "api1").Result;
return client.RequestResourceOwnerPasswordAsync("alice", "secret", "api1").Result;
}
static TokenResponse GetUserToken()
{
var client = new TokenClient(
"https://localhost:44333/connect/token",
"carbon",
"21B5F798-BE55-42BC-8AA8-0025B903DC3B");
return client.RequestResourceOwnerPasswordAsync("bob", "secret", "api1").Result;
}
static TokenResponse RequestToken()
{
var client = new TokenClient(
Constants.TokenEndpoint,
"ro.client",
"secret");
return client.RequestResourceOwnerPasswordAsync("bob", "bob", "openid email").Result;
}
static TokenResponse RequestToken()
{
var client = new TokenClient(
Constants.TokenEndpoint,
"roclient",
"secret");
//return client.RequestResourceOwnerPasswordAsync("wooboo","kop","read write").Result;
return client.RequestResourceOwnerPasswordAsync("bubu","bubu","read write").Result;
}
public async Task<IHttpActionResult> Authenticate(AuthenticateRequest authenticateRequest)
{
var tokenClient = new TokenClient("https://localhost:44302/connect/token", "AngularClient", "secret");
var result = await tokenClient.RequestResourceOwnerPasswordAsync(authenticateRequest.Username,authenticateRequest.Password, "Api"); //offline_access scope enables refresh token
return Ok(new
{
result.AccessToken,
result.RefreshToken
});
}
public Task<TokenResponse> Login([FromBody]CredentialsModel credentials)
{
var clientId = (string)ConfigurationManager.AppSettings["oauth2.clientid"];
var client = new TokenClient(
(string)ConfigurationManager.AppSettings["openid.endpoints.token"],
clientId,
(string)ConfigurationManager.AppSettings["oauth2.client-secret"]
);
return client.RequestResourceOwnerPasswordAsync(credentials.Username, credentials.Password, clientId);
}
static string GetJwt()
{
var oauth2Client = new TokenClient(
Constants.TokenEndpoint,
"ro.client",
"secret");
var tokenResponse =
oauth2Client.RequestResourceOwnerPasswordAsync("bob", "bob", "write").Result;
return tokenResponse.AccessToken;
}
static TokenResponse RequestToken()
{
var client = new TokenClient(
Constants.TokenEndpoint,
"roclient",
"secret");
// idsrv supports additional non-standard parameters
// that get passed through to the user service
var optional = new
{
acr_values = "tenant:custom_account_store1 foo bar quux"
};
return client.RequestResourceOwnerPasswordAsync("dabs", "dabs", "read write", optional).Result;
}
private static void Main(string[] args)
{
var tokenClient = new TokenClient(Constants.TokenEndpoint, "roclient", "secret");
var response = tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "read write offline_access").Result;
var refresh_token = response.RefreshToken;
while (true)
{
response = RefreshToken(refresh_token, tokenClient);
Console.ReadLine();
//CallService(response.AccessToken);
if (response.RefreshToken != refresh_token)
{
refresh_token = response.RefreshToken;
}
}
}
private static void Main()
{
Console.Write($"Please enter the Authority URL, press enter to use dev default or QUIT to exit{Environment.NewLine}>> ");
var authorityUrl = Console.ReadLine();
while (!authorityUrl.ToLower().Equals("quit"))
{
Console.Write($"Please enter the space separated API Scope(s){Environment.NewLine}>> ");
var apiScope = Console.ReadLine();
var discoveryResponse = DiscoveryClient.GetAsync(string.IsNullOrWhiteSpace(authorityUrl) ? "http://*****:*****@zupa.co.uk" : username,
string.IsNullOrWhiteSpace(password) ? "Password0-" : password,
apiScope).Result;
Console.WriteLine(tokenResponseWithClaim.IsError
? $"ERROR: {tokenResponseWithClaim.Error}"
: $"{Environment.NewLine}{tokenResponseWithClaim.Json}{Environment.NewLine}");
Console.Write($"Please enter the Authority URL or QUIT to exit{Environment.NewLine}>> ");
authorityUrl = Console.ReadLine();
}
}
public async Task No_Identity_Scope()
{
var tokenClient = new TokenClient(
TokenEndpoint,
"roclient",
"secret",
innerHttpMessageHandler: _handler);
var response = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "api1");
response.IsError.Should().BeFalse();
var userInfoclient = new UserInfoClient(
new Uri(UserInfoEndpoint),
response.AccessToken,
_handler);
var userInfo = await userInfoclient.GetAsync();
userInfo.IsError.Should().BeTrue();
userInfo.HttpErrorStatusCode.Should().Be(HttpStatusCode.Forbidden);
}
public virtual async Task<IResponse> RequestTokenAsync(string userName, string password) {
var disco = await DiscoveryClient.GetAsync(_options.Authority);
string clientId = _httpContext.Request.Headers[ClientId];
if (string.IsNullOrWhiteSpace(clientId)) {
clientId = _options.DefaultClientId;
}
string clientSecret = _httpContext.Request.Headers[ClientSecret];
if (string.IsNullOrWhiteSpace(clientSecret)) {
clientSecret = _options.DefaultClientSecret;
}
string scope = _httpContext.Request.Headers[Scope];
if (string.IsNullOrWhiteSpace(scope)) {
scope = _options.DefaultScope;
}
var client = new TokenClient(disco.TokenEndpoint, clientId, clientSecret);
var response = await client.RequestResourceOwnerPasswordAsync(userName, password, scope);
return ApiResponse.FromTokenResponse(response);
}
public async Task introspecting_same_access_token_twice_should_have_same_exp()
{
var tokenClient = new TokenClient(TokenEndpoint, clientId, clientSecret, _handler);
var tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "api1 offline_access");
var introspectionClient = new IntrospectionClient(IntrospectionEndpoint, scope, scopeSecret, _handler);
var introspectionResponse1 = await introspectionClient.SendAsync(new IntrospectionRequest
{
Token = tokenResponse.AccessToken
});
var introspectionResponse2 = await introspectionClient.SendAsync(new IntrospectionRequest
{
Token = tokenResponse.AccessToken
});
var exp1 = Int32.Parse(introspectionResponse1.Claims.Single(x => x.Item1 == "exp").Item2);
var exp2 = Int32.Parse(introspectionResponse2.Claims.Single(x => x.Item1 == "exp").Item2);
exp1.Should().Be(exp2);
}
public async Task Address_Scope()
{
var tokenClient = new TokenClient(
TokenEndpoint,
"roclient",
"secret",
innerHttpMessageHandler: _handler);
var response = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "openid address");
response.IsError.Should().BeFalse();
var userInfoclient = new UserInfoClient(
new Uri(UserInfoEndpoint),
response.AccessToken,
_handler);
var userInfo = await userInfoclient.GetAsync();
userInfo.IsError.Should().BeFalse();
userInfo.Raw.Should().Be("{\"sub\":\"88421113\",\"address\":{\"street_address\":\"One Hacker Way\",\"locality\":\"Heidelberg\",\"postal_code\":69118,\"country\":\"Germany\"}}");
}
public async Task when_refreshing_new_exp_should_be_prior_to_old_exp()
{
var tokenClient = new TokenClient(TokenEndpoint, clientId, clientSecret, _handler);
var tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "api1 offline_access");
var introspectionClient = new IntrospectionClient(IntrospectionEndpoint, scope, scopeSecret, _handler);
var introspectionResponse1 = await introspectionClient.SendAsync(new IntrospectionRequest
{
Token = tokenResponse.AccessToken
});
var exp1 = Int32.Parse(introspectionResponse1.Claims.Single(x => x.Item1 == "exp").Item2);
await Task.Delay(1000);
var refreshResponse = await tokenClient.RequestRefreshTokenAsync(tokenResponse.RefreshToken);
var introspectionResponse2 = await introspectionClient.SendAsync(new IntrospectionRequest
{
Token = refreshResponse.AccessToken
});
var exp2 = Int32.Parse(introspectionResponse2.Claims.Single(x => x.Item1 == "exp").Item2);
exp1.Should().BeLessThan(exp2);
}
public async Task Valid_Client()
{
var tokenClient = new TokenClient(
TokenEndpoint,
"roclient",
"secret",
innerHttpMessageHandler: _handler);
var response = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "openid email api1");
response.IsError.Should().BeFalse();
var userInfoclient = new UserInfoClient(
new Uri(UserInfoEndpoint),
response.AccessToken,
_handler);
var userInfo = await userInfoclient.GetAsync();
userInfo.IsError.Should().BeFalse();
userInfo.Claims.Count().Should().Be(3);
userInfo.Claims.Should().Contain(Tuple.Create("sub", "88421113"));
userInfo.Claims.Should().Contain(Tuple.Create("email", "*****@*****.**"));
userInfo.Claims.Should().Contain(Tuple.Create("email_verified", "True"));
}
public async Task Invalid_Password()
{
var client = new TokenClient(
TokenEndpoint,
"roclient",
"secret",
innerHttpMessageHandler: _handler);
var response = await client.RequestResourceOwnerPasswordAsync("bob", "invalid", "api1");
response.IsError.Should().Be(true);
response.Error.Should().Be("invalid_grant");
}