public void SuccessfulResourceOwnerRevocation() { TokenClient client = null !; GrantedTokenResponse result = null !; "and a properly token client".x( () => client = new TokenClient( TokenCredentials.FromBasicAuthentication("client", "client"), Fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting auth token".x( async() => { var response = await client .GetToken(TokenRequest.FromPassword("user", "password", new[] { "openid" }, "pwd")) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; result = response.Item; }); "then can revoke token".x( async() => { var response = await client.RevokeToken(RevokeTokenRequest.Create(result)).ConfigureAwait(false); Assert.IsType <Option.Success>(response); }); }
public void SuccessfulResourceOwnerRefresh() { TokenClient client = null !; GrantedTokenResponse result = null !; "and a properly token client".x( () => client = new TokenClient( TokenCredentials.FromBasicAuthentication("clientCredentials", "clientCredentials"), Fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting auth token".x( async() => { var response = await client.GetToken(TokenRequest.FromScopes("api1", "offline")).ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(response); result = response !.Item; }); "then can get new token from refresh token".x( async() => { var response = await client.GetToken(TokenRequest.FromRefreshToken(result.RefreshToken !)) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(response); }); }
public void SuccessfulResourceOwnerRevocation() { TokenClient client = null !; GrantedTokenResponse result = null !; "and a properly token client".x( () => client = new TokenClient( TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"), _fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting auth token".x( async() => { var response = await client.GetToken(TokenRequest.FromScopes("api1", "offline")).ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(response); result = response.Item; }); "then can revoke token".x( async() => { var response = await client.RevokeToken(RevokeTokenRequest.Create(result)).ConfigureAwait(false); Assert.IsType <Option.Success>(response); }); }
public void SuccessfulPermissionCreation() { GrantedTokenResponse grantedToken = null !; UmaClient client = null !; JsonWebKeySet jwks = null !; string resourceId = null !; string ticketId = null !; "and the server's signing key".x( async() => { var json = await _fixture.Client().GetStringAsync(BaseUrl + "/jwks").ConfigureAwait(false); jwks = new JsonWebKeySet(json); Assert.NotEmpty(jwks.Keys); }); "and a valid UMA token".x( async() => { var tokenClient = new TokenClient( TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"), _fixture.Client, new Uri(WellKnownUmaConfiguration)); var token = await tokenClient.GetToken(TokenRequest.FromScopes("uma_protection")) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; grantedToken = token !.Item; }); "and a properly configured uma client".x( () => client = new UmaClient(_fixture.Client, new Uri(WellKnownUmaConfiguration))); "when registering resource".x( async() => { var resource = await client.AddResource( new ResourceSet { Name = "picture", Scopes = new[] { "read" } }, grantedToken.AccessToken) .ConfigureAwait(false) as Option <AddResourceSetResponse> .Result; resourceId = resource.Item.Id; }); "and adding permission".x( async() => { var response = await client.RequestPermission( grantedToken.AccessToken, requests: new PermissionRequest { ResourceSetId = resourceId, Scopes = new[] { "read" } }) .ConfigureAwait(false) as Option <TicketResponse> .Result; ticketId = response !.Item.TicketId; }); "then returns ticket id".x(() => { Assert.NotNull(ticketId); }); }
public void SuccessfulMultiplePermissionsCreation() { GrantedTokenResponse grantedToken = null !; UmaClient client = null !; string resourceId = null !; string ticketId = null !; "and a valid UMA token".x( async() => { var tokenClient = new TokenClient( TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"), Fixture.Client, new Uri(WellKnownUmaConfiguration)); var token = await tokenClient.GetToken(TokenRequest.FromScopes("uma_protection")) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; grantedToken = token !.Item; Assert.NotNull(grantedToken); }); "and a properly configured uma client".x( () => client = new UmaClient(Fixture.Client, new Uri(WellKnownUmaConfiguration))); "when registering resource".x( async() => { var resource = await client.AddResource( new ResourceSet { Name = "picture", Scopes = new[] { "read", "write" } }, grantedToken.AccessToken) .ConfigureAwait(false) as Option <AddResourceSetResponse> .Result; resourceId = resource !.Item.Id; Assert.NotNull(resourceId); }); "and adding permission".x( async() => { var response = await client.RequestPermission( grantedToken.AccessToken, CancellationToken.None, new PermissionRequest { ResourceSetId = resourceId, Scopes = new[] { "write" } }, new PermissionRequest { ResourceSetId = resourceId, Scopes = new[] { "read" } }) .ConfigureAwait(false) as Option <TicketResponse> .Result; ticketId = response !.Item.TicketId; Assert.NotNull(ticketId); }); "then returns ticket id".x(() => { Assert.NotNull(ticketId); }); }
public void SuccessfulResourceOwnerAuthentication() { TokenClient client = null !; GrantedTokenResponse result = null !; "and a properly configured token client".x( () => client = new TokenClient( TokenCredentials.FromBasicAuthentication("client", "client"), _fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting token".x( async() => { var response = await client .GetToken(TokenRequest.FromPassword("user", "password", new[] { "openid" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(response); result = response.Item; }); "then has valid access token".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKeys = _jwks.GetSigningKeys(), ValidAudience = "client", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(result.AccessToken, validationParameters, out var token); Assert.NotEmpty(((JwtSecurityToken)token).Claims); }); "and has valid id token".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKey = TestKeys.SecretKey.CreateJwk( JsonWebKeyUseNames.Sig, KeyOperations.Sign, KeyOperations.Verify), ValidAudience = "client", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(result.IdToken, validationParameters, out _); }); }
public void UserinfoAfterSuccessfulResourceOwnerAuthentication() { TokenClient client = null !; GrantedTokenResponse result = null !; "and a properly configured token client".x( () => client = new TokenClient( TokenCredentials.FromBasicAuthentication("client", "client"), _fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting token".x( async() => { var response = await client .GetToken(TokenRequest.FromPassword("user", "password", new[] { "openid" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; result = response.Item; }); "then has valid access token".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKeys = _jwks.GetSigningKeys(), ValidAudience = "client", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(result.AccessToken, validationParameters, out var token); Assert.NotEmpty(((JwtSecurityToken)token).Claims); }); "and can get user info".x( async() => { var userinfoRequest = new HttpRequestMessage { Method = HttpMethod.Get, RequestUri = new Uri(BaseUrl + "/userinfo") }; userinfoRequest.Headers.Authorization = new AuthenticationHeaderValue(result.TokenType, result.AccessToken); var userinfo = await _fixture.Client().SendAsync(userinfoRequest).ConfigureAwait(false); Assert.True(userinfo.IsSuccessStatusCode); }); }
public void SuccessfulTokenValidationFromMetadata() { GrantedTokenResponse tokenResponse = null !; JsonWebKeySet jwks = null !; "And a valid token".x( async() => { var tokenClient = new TokenClient( TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"), Fixture.Client, new Uri(WellKnownOpenidConfiguration)); var response = await tokenClient.GetToken(TokenRequest.FromScopes("api1")).ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(response); tokenResponse = response.Item; }); "then can download json web key set".x( async() => { var jwksJson = await Fixture.Client().GetStringAsync(BaseUrl + "/jwks").ConfigureAwait(false); Assert.NotNull(jwksJson); jwks = JsonWebKeySet.Create(jwksJson); }); "Then can create token validation parameters from service metadata".x( () => { var validationParameters = new TokenValidationParameters { IssuerSigningKeys = jwks.Keys, ValidIssuer = "https://localhost", ValidAudience = "clientCredentials" }; var handler = new JwtSecurityTokenHandler(); handler.ValidateToken(tokenResponse.AccessToken, validationParameters, out var securityToken); Assert.NotNull(securityToken); }); }
public void SuccessfulClientCredentialsAuthentication() { TokenClient client = null !; GrantedTokenResponse result = null !; "and a properly configured token client".x( () => client = new TokenClient( TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"), _fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting token".x( async() => { var response = await client.GetToken(TokenRequest.FromScopes("api1")).ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(response); result = response.Item; }); "then has valid access token".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKeys = _jwks.GetSigningKeys(), ValidAudience = "clientCredentials", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(result.AccessToken, validationParameters, out var token); }); "and can get user info".x( async() => { var userinfo = await client.GetUserInfo(result.AccessToken).ConfigureAwait(false) as Option <JwtPayload> .Result; Assert.NotNull(userinfo); Assert.NotNull(userinfo.Item); }); }
public void WhenClientHasNoSigningKeysThenUsesServerKey() { TokenClient client = null !; GrantedTokenResponse token = null !; "Given a token client".x( () => { client = new TokenClient( TokenCredentials.FromClientCredentials("no_key", "no_key"), _fixture.Client, new Uri(WellKnownOpenidConfiguration)); }); "When getting token".x( async() => { var response = await client .GetToken(TokenRequest.FromPassword("administrator", "password", new[] { "api" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; token = response.Item; Assert.NotNull(token); }); "Then token is signed with server key".x( () => { var key = _jwks.GetSignKeys().First(); var validationParameters = new TokenValidationParameters { IssuerSigningKey = key, ValidateAudience = false, ValidateActor = false, ValidateIssuer = false, ValidateLifetime = false, ValidateTokenReplay = false }; var handler = new JwtSecurityTokenHandler(); handler.ValidateToken(token.IdToken, validationParameters, out _); }); }
public void SuccessfulResourceOwnerRefresh() { TokenClient client = null !; GrantedTokenResponse result = null !; GrantedTokenResponse refreshed = null !; "and a properly token client".x( () => client = new TokenClient( TokenCredentials.FromBasicAuthentication("client", "client"), _fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting auth token".x( async() => { var response = await client .GetToken(TokenRequest.FromPassword("user", "password", new[] { "openid", "offline" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; result = response.Item; }); "then can get new token from refresh token".x( async() => { var response = await client.GetToken(TokenRequest.FromRefreshToken(result.RefreshToken)) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(response); refreshed = response.Item; }); "and token has custom custom claims".x( () => { var handler = new JwtSecurityTokenHandler(); var refreshedClaims = handler.ReadJwtToken(refreshed.AccessToken).Claims; Assert.Contains(refreshedClaims, c => c.Type == "acceptance_test"); }); }
public void ManagerCreatedUser() { GrantedTokenResponse userToken = null !; "When manager creates user".x( async() => { var created = await _managerClient.AddResourceOwner( new AddResourceOwnerRequest { Subject = "tester", Password = "******" }, _administratorToken.AccessToken) .ConfigureAwait(false) as Option <AddResourceOwnerResponse> .Result; Assert.Equal("tester", created.Item.Subject); }); "and user logs in".x( async() => { var response = await _tokenClient .GetToken(TokenRequest.FromPassword("tester", "tester", new[] { "openid" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; userToken = response.Item; }); "then user has custom user claim".x( () => { var handler = new JwtSecurityTokenHandler(); handler.ValidateToken( userToken.AccessToken, new NoOpTokenValidationParameters(SharedContext.Instance), out var token); Assert.Contains((token as JwtSecurityToken).Claims, c => c.Type == "acceptance_test"); }); }
public void SuccessfulPermissionCreation() { TestServerFixture fixture = null !; GrantedTokenResponse grantedToken = null !; UmaClient client = null !; string resourceId = null !; string ticketId = null !; "Given a running auth server".x(() => fixture = new TestServerFixture(_outputHelper, BaseUrl)) .Teardown(() => fixture.Dispose()); "and the server's signing key".x( async() => { var json = await fixture.Client().GetStringAsync(BaseUrl + "/jwks").ConfigureAwait(false); var jwks = new JsonWebKeySet(json); Assert.NotEmpty(jwks.Keys); }); "and a valid UMA token".x( async() => { var tokenClient = new TokenClient( TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"), fixture.Client, new Uri(WellKnownUmaConfiguration)); var token = await tokenClient.GetToken(TokenRequest.FromScopes("uma_protection")) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; var handler = new JwtSecurityTokenHandler(); var principal = handler.ReadJwtToken(token.Item.AccessToken); Assert.NotNull(principal.Issuer); grantedToken = token.Item; }); "and a properly configured uma client".x( () => client = new UmaClient(fixture.Client, new Uri(WellKnownUmaConfiguration))); "when registering resource".x( async() => { var resource = await client.AddResource( new ResourceSet { Name = "picture", Scopes = new[] { "read" } }, grantedToken.AccessToken) .ConfigureAwait(false) as Option <AddResourceSetResponse> .Result; resourceId = resource.Item.Id; }); "and adding permission".x( async() => { var response = await client.RequestPermission( grantedToken.AccessToken, requests: new PermissionRequest { IdToken = grantedToken.IdToken, ResourceSetId = resourceId, Scopes = new[] { "read" } }) .ConfigureAwait(false) as Option <TicketResponse> .Result; Assert.NotNull(response); ticketId = response.Item.TicketId; }); "then returns ticket id".x(() => { Assert.NotNull(ticketId); }); }
public void SuccessfulResourceOwnerClaimsUpdate() { TokenClient client = null !; GrantedTokenResponse tokenResponse = null !; HttpResponseMessage updateResponse = null !; "and a properly configured token client".x( () => client = new TokenClient( TokenCredentials.FromBasicAuthentication("client", "client"), _fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting token".x( async() => { var response = await client .GetToken(TokenRequest.FromPassword("user", "password", new[] { "openid", "offline" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; tokenResponse = response.Item; }); "and valid access token is received".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKeys = _jwks.GetSigningKeys(), ValidAudience = "client", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(tokenResponse.AccessToken, validationParameters, out var token); Assert.NotEmpty(((JwtSecurityToken)token).Claims); }); "and updating own claims".x( async() => { var updateRequest = new UpdateResourceOwnerClaimsRequest { Subject = "user", Claims = new[] { new ClaimData { Type = "test", Value = "something" } } }; var json = JsonConvert.SerializeObject(updateRequest); var request = new HttpRequestMessage { Content = new StringContent(json, Encoding.UTF8, "application/json"), Method = HttpMethod.Post, RequestUri = new Uri(_fixture.Server.BaseAddress + "resource_owners/claims") }; request.Headers.Authorization = new AuthenticationHeaderValue( JwtBearerDefaults.AuthenticationScheme, tokenResponse.AccessToken); updateResponse = await _fixture.Client().SendAsync(request).ConfigureAwait(false); }); "then update is successful".x(() => { Assert.Equal(HttpStatusCode.OK, updateResponse.StatusCode); }); }
public void CanRegisterAResourceForUserAndManagePolicies() { TokenClient client = null !; UmaClient umaClient = null !; GrantedTokenResponse token = null !; AddResourceSetResponse resourceSetResponse = null !; EditPolicyResponse policyRules = null !; "Given a token client".x( () => { client = new TokenClient( TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"), _fixture.Client, new Uri(WellKnownOpenidConfiguration)); }); "And a UMA client".x(() => { umaClient = new UmaClient(_fixture.Client, new Uri(BaseUrl)); }); "When getting a PAT token".x( async() => { var response = await client.GetToken( TokenRequest.FromPassword("administrator", "password", new[] { "uma_protection" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; token = response.Item; Assert.NotNull(token); }); "Then can register a resource".x( async() => { var resource = new ResourceSet { AuthorizationPolicies = new[] { new PolicyRule { ClientIdsAllowed = new[] { "clientCredentials" }, IsResourceOwnerConsentNeeded = true, Scopes = new[] { "read" } } }, Name = "test resource", Scopes = new[] { "read" }, Type = "test" }; var response = await umaClient.AddResource(resource, token.AccessToken).ConfigureAwait(false) as Option <AddResourceSetResponse> .Result; Assert.NotNull(response); resourceSetResponse = response.Item; }); "And can view resource policies".x( async() => { var msg = new HttpRequestMessage { Method = HttpMethod.Get, RequestUri = new Uri(resourceSetResponse.UserAccessPolicyUri) }; msg.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); msg.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token.AccessToken); var policyResponse = await _fixture.Client().SendAsync(msg).ConfigureAwait(false); Assert.True(policyResponse.IsSuccessStatusCode); var content = await policyResponse.Content.ReadAsStringAsync().ConfigureAwait(false); policyRules = JsonConvert.DeserializeObject <EditPolicyResponse>(content); Assert.Single(policyRules !.Rules); }); "And can update resource policies".x( async() => { policyRules.Rules[0] = policyRules.Rules[0] with { IsResourceOwnerConsentNeeded = false }; var msg = new HttpRequestMessage { Method = HttpMethod.Put, RequestUri = new Uri(resourceSetResponse.UserAccessPolicyUri), Content = new StringContent(JsonConvert.SerializeObject(policyRules)) }; msg.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token.AccessToken); var policyResponse = await _fixture.Client().SendAsync(msg).ConfigureAwait(false); Assert.True(policyResponse.IsSuccessStatusCode); }); }
public void CanUpdateOwnClaimsAndLogInAgain() { HttpResponseMessage response = null !; GrantedTokenResponse updatedToken = null !; GrantedTokenResponse newToken = null !; "When updating user claims".x( async() => { var updateRequest = new UpdateResourceOwnerClaimsRequest { Subject = "administrator", Claims = new[] { new ClaimData { Type = "added_claim_test", Value = "something" } } }; var json = JsonConvert.SerializeObject(updateRequest); var request = new HttpRequestMessage { Content = new StringContent(json, Encoding.UTF8, "application/json"), Method = HttpMethod.Post, RequestUri = new Uri(_fixture.Server.BaseAddress + "resource_owners/claims") }; request.Headers.Authorization = new AuthenticationHeaderValue( "Bearer", _administratorToken.AccessToken); response = await _fixture.Client().SendAsync(request).ConfigureAwait(false); }); "Then is ok request".x(() => { Assert.Equal(HttpStatusCode.OK, response.StatusCode); }); "and has new token".x( async() => { var json = await response.Content.ReadAsStringAsync().ConfigureAwait(false); updatedToken = JsonConvert.DeserializeObject <GrantedTokenResponse>(json); Assert.NotNull(updatedToken); }); "When logging out".x( async() => { var result = await _tokenClient.RevokeToken(RevokeTokenRequest.Create(updatedToken)) .ConfigureAwait(false); Assert.IsType <Option.Success>(result); }); "and logging in again".x( async() => { var result = await _tokenClient .GetToken(TokenRequest.FromPassword("administrator", "password", new[] { "manager" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(result); newToken = result.Item; }); "then gets updated claim in token".x( () => { var handler = new JwtSecurityTokenHandler(); var updatedJwt = handler.ReadJwtToken(updatedToken.AccessToken); var newJwt = handler.ReadJwtToken(newToken.AccessToken); Assert.Equal( updatedJwt.Claims.First(x => x.Type == "added_claim_test").Value, newJwt.Claims.First(x => x.Type == "added_claim_test").Value); }); }
public void SuccessfulTicketAuthentication() { GrantedTokenResponse umaToken = null !; AddResourceSetResponse resourceSetResponse = null !; UmaClient umaClient = null !; TokenClient client = null !; GrantedTokenResponse result = null !; string ticketId = null !; "and a properly configured token client".x( () => client = new TokenClient( TokenCredentials.FromClientCredentials("post_client", "post_client"), _fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting token".x( async() => { var response = await client .GetToken(TokenRequest.FromPassword("user", "password", new[] { "uma_protection", "offline" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; result = response.Item; }); "then has valid access token".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKeys = _jwks.GetSigningKeys(), ValidAudience = "post_client", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(result.AccessToken, validationParameters, out var token); Assert.NotEmpty(((JwtSecurityToken)token).Claims); }); "given a uma client".x( () => { umaClient = new UmaClient( _fixture.Client, new Uri("https://localhost/.well-known/uma2-configuration")); }); "when creating resource set".x( async() => { var resourceSet = new ResourceSet { Name = "Local", Scopes = new[] { "api1" }, Type = "url", }; var resourceResponse = await umaClient.AddResource(resourceSet, result.AccessToken).ConfigureAwait(false) as Option <AddResourceSetResponse> .Result; resourceSetResponse = resourceResponse.Item; Assert.NotNull(resourceResponse); }); "and setting access policy".x( async() => { var resourceSet = new ResourceSet { Id = resourceSetResponse.Id, Name = "Local", Scopes = new[] { "api1" }, Type = "url", AuthorizationPolicies = new[] { new PolicyRule { Scopes = new[] { "api1" }, Claims = new[] { new ClaimData { Type = ClaimTypes.NameIdentifier, Value = "user" } }, ClientIdsAllowed = new[] { "post_client" }, IsResourceOwnerConsentNeeded = false } } }; var resourceResponse = await umaClient.UpdateResource(resourceSet, result.AccessToken).ConfigureAwait(false) as Option <UpdateResourceSetResponse> .Result; Assert.NotNull(resourceResponse); }); "then can get redirection".x( async() => { var request = new HttpRequestMessage { Method = HttpMethod.Get, RequestUri = new Uri("http://localhost/data/" + resourceSetResponse.Id) }; request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); var response = await _fixture.Client().SendAsync(request).ConfigureAwait(false); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); var httpHeaderValueCollection = response.Headers.WwwAuthenticate; Assert.True(httpHeaderValueCollection != null); var match = Regex.Match( httpHeaderValueCollection.First().Parameter, ".+ticket=\"(.+)\".*", RegexOptions.Compiled); ticketId = match.Groups[1].Value; }); "when requesting token".x( async() => { var response = await client.GetToken(TokenRequest.FromTicketId(ticketId, result.IdToken)) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; umaToken = response.Item; Assert.NotNull(umaToken.AccessToken); }); "then can get resource with token".x( async() => { var request = new HttpRequestMessage { Method = HttpMethod.Get, RequestUri = new Uri("http://localhost/data/" + resourceSetResponse.Id) }; request.Headers.Authorization = new AuthenticationHeaderValue( umaToken.TokenType, umaToken.AccessToken); var response = await _fixture.Client().SendAsync(request).ConfigureAwait(false); var content = await response.Content.ReadAsStringAsync().ConfigureAwait(false); Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal("\"Hello\"", content); }); }
public void UnsuccessfulTicketAuthentication() { Option <GrantedTokenResponse> ticketResponse = null !; AddResourceSetResponse resourceSetResponse = null !; UmaClient umaClient = null !; TokenClient client = null !; GrantedTokenResponse result = null !; string ticketId = null !; "and a properly configured token client".x( () => client = new TokenClient( TokenCredentials.FromClientCredentials("post_client", "post_client"), _fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting token".x( async() => { var response = await client .GetToken(TokenRequest.FromPassword("user", "password", new[] { "uma_protection" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; result = response.Item; }); "then has valid access token".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKeys = _jwks.GetSigningKeys(), ValidAudience = "post_client", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(result.AccessToken, validationParameters, out var token); Assert.NotEmpty(((JwtSecurityToken)token).Claims); }); "given a uma client".x( () => { umaClient = new UmaClient( _fixture.Client, new Uri("https://localhost/.well-known/uma2-configuration")); }); "when creating resource set with deviating scopes".x( async() => { var resourceSet = new ResourceSet { Name = "Local", Scopes = new[] { "api1" }, Type = "url", AuthorizationPolicies = new[] { new PolicyRule { Scopes = new[] { "anotherApi" }, Claims = new[] { new ClaimData { Type = "sub", Value = "user" } }, ClientIdsAllowed = new[] { "post_client" }, IsResourceOwnerConsentNeeded = false } } }; var resourceResponse = await umaClient.AddResource(resourceSet, result.AccessToken).ConfigureAwait(false) as Option <AddResourceSetResponse> .Result; Assert.NotNull(resourceResponse); resourceSetResponse = resourceResponse.Item; }); "and requesting permission ticket".x( async() => { var permission = new PermissionRequest { ResourceSetId = resourceSetResponse.Id, Scopes = new[] { "api1" } }; var permissionResponse = await umaClient.RequestPermission(result.AccessToken, requests: permission) .ConfigureAwait(false) as Option <TicketResponse> .Result; Assert.NotNull(permissionResponse); ticketId = permissionResponse.Item.TicketId; }); "and requesting token from ticket".x( async() => { ticketResponse = await client.GetToken(TokenRequest.FromTicketId(ticketId, result.IdToken)) .ConfigureAwait(false); }); "then has error".x(() => { Assert.IsType <Option <GrantedTokenResponse> .Error>(ticketResponse); }); }
public void DefaultPolicyTicketAuthentication() { AddResourceSetResponse resourceSetResponse = null !; UmaClient umaClient = null !; TokenClient client = null !; GrantedTokenResponse result = null !; string ticketId = null !; "and a properly configured token client".x( () => client = new TokenClient( TokenCredentials.FromClientCredentials("post_client", "post_client"), _fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting token".x( async() => { var response = await client .GetToken(TokenRequest.FromPassword("user", "password", new[] { "uma_protection" })) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; result = response.Item; }); "then has valid access token".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKeys = _jwks.GetSigningKeys(), ValidAudience = "post_client", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(result.AccessToken, validationParameters, out var token); Assert.NotEmpty(((JwtSecurityToken)token).Claims); }); "given a uma client".x( () => { umaClient = new UmaClient(_fixture.Client, new Uri("https://localhost/")); }); "when creating resource set without a policy".x( async() => { var resourceSet = new ResourceSet { Name = "Local", Scopes = new[] { "api1" }, Type = "url", AuthorizationPolicies = null }; var resourceResponse = await umaClient.AddResource(resourceSet, result.AccessToken).ConfigureAwait(false) as Option <AddResourceSetResponse> .Result; resourceSetResponse = resourceResponse.Item; Assert.NotNull(resourceResponse); }); "then can get redirection".x( async() => { var request = new HttpRequestMessage { Method = HttpMethod.Get, RequestUri = new Uri("http://localhost/data/" + resourceSetResponse.Id) }; request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); var response = await _fixture.Client().SendAsync(request).ConfigureAwait(false); Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode); var httpHeaderValueCollection = response.Headers.WwwAuthenticate; Assert.True(httpHeaderValueCollection != null); var match = Regex.Match( httpHeaderValueCollection.First().Parameter, ".+ticket=\"(.+)\".*", RegexOptions.Compiled); ticketId = match.Groups[1].Value; }); "when requesting token".x( async() => { var response = await client.GetToken(TokenRequest.FromTicketId(ticketId, result.IdToken)) .ConfigureAwait(false); Assert.IsType <Option <GrantedTokenResponse> .Error>(response); }); }
public void ExecuteDeviceAuthorizationFlowWithUserApproval() { const string clientId = "device"; ITokenClient tokenClient = null !; DeviceAuthorizationResponse response = null !; GrantedTokenResponse token = null !; Task <Option <GrantedTokenResponse> > pollingTask = null !; "Given a token client".x( () => { tokenClient = new TokenClient( TokenCredentials.AsDevice(), _fixture.Client, new Uri(WellKnownOpenidConfiguration)); Assert.NotNull(tokenClient); }); "and an access token".x( async() => { var authClient = new TokenClient( TokenCredentials.FromClientCredentials(clientId, "client"), _fixture.Client, new Uri(WellKnownOpenidConfiguration)); var tokenResponse = await authClient.GetToken( TokenRequest.FromPassword("user", "password", new[] { "openid" })) .ConfigureAwait(false); Assert.IsType <Option <GrantedTokenResponse> .Result>(tokenResponse); token = (tokenResponse as Option <GrantedTokenResponse> .Result).Item; }); "When a device requests authorization".x( async() => { var genericResponse = await tokenClient.GetAuthorization(new DeviceAuthorizationRequest(clientId)) .ConfigureAwait(false); Assert.IsType <Option <DeviceAuthorizationResponse> .Result>(genericResponse); response = (genericResponse as Option <DeviceAuthorizationResponse> .Result).Item; }); "and the device polls the token server".x( async() => { pollingTask = tokenClient.GetToken( TokenRequest.FromDeviceCode(clientId, response.DeviceCode, response.Interval)); Assert.False(pollingTask.IsCompleted); }); "and user successfully posts user code".x( async() => { var client = _fixture.Client(); var msg = new HttpRequestMessage { Method = HttpMethod.Post, RequestUri = new Uri(response.VerificationUri), Content = new FormUrlEncodedContent( new[] { new KeyValuePair <string, string>("code", response.UserCode) }) }; msg.Headers.Authorization = new AuthenticationHeaderValue(token.TokenType, token.AccessToken); var approval = await client.SendAsync(msg).ConfigureAwait(false); Assert.Equal(HttpStatusCode.OK, approval.StatusCode); }); "then token is returned from polling".x( async() => { var tokenResponse = await pollingTask.ConfigureAwait(false); Assert.IsType <Option <GrantedTokenResponse> .Result>(tokenResponse); }); }