public CodeFlowTests()
{
_pipeline.IdentityScopes.Add(new IdentityResources.OpenId());
_pipeline.Clients.Add(new Client
{
Enabled = true,
ClientId = "code_pipeline.Client",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha512())
},
AllowedGrantTypes = GrantTypes.Code,
AllowedScopes = { "openid" },
RequireConsent = false,
RequirePkce = false,
RedirectUris = new List <Uri>
{
new Uri("https://code_pipeline.Client/callback"),
new Uri("https://code_pipeline.Client/callback?foo=bar&baz=quux")
}
});
_pipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_pipeline.Initialize();
}
public ResponseTypeResponseModeTests()
{
_mockPipeline.Initialize();
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
_mockPipeline.Clients.Add(new Client
{
Enabled = true,
ClientId = "code_client",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha512())
},
AllowedGrantTypes = GrantTypes.Code,
AllowedScopes = { "openid" },
RequireConsent = false,
RequirePkce = false,
RedirectUris = new List <string>
{
"https://code_client/callback"
}
});
_mockPipeline.IdentityScopes.Add(new IdentityResources.OpenId());
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
}
public SubpathHosting()
{
_mockPipeline.Clients.AddRange(new Client[] {
_client1 = new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid", "profile"
},
RedirectUris = new List <string> {
"https://client1/callback"
},
AllowAccessTokensViaBrowser = true
}
});
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email()
});
_mockPipeline.Initialize("/subpath");
}
public async Task Algorithms_supported_should_match_signing_key()
{
var key = CryptoHelper.CreateECDsaSecurityKey(JsonWebKeyECTypes.P256);
var expectedAlgorithm = SecurityAlgorithms.EcdsaSha256;
IdentityServerPipeline pipeline = new IdentityServerPipeline();
pipeline.OnPostConfigureServices += services =>
{
services.AddIdentityServerBuilder()
.AddSigningCredential(key, expectedAlgorithm);
};
pipeline.Initialize("/ROOT");
var result = await pipeline.BackChannelClient.GetAsync("https://server/root/.well-known/openid-configuration");
var json = await result.Content.ReadAsStringAsync();
var data = JObject.Parse(json);
var algorithmsSupported = data["id_token_signing_alg_values_supported"].Values <string>();
algorithmsSupported.Should().Contain(expectedAlgorithm);
}
public async Task Jwks_entries_should_contain_alg()
{
IdentityServerPipeline pipeline = new IdentityServerPipeline();
pipeline.Initialize("/ROOT");
var result = await pipeline.BackChannelClient.GetAsync("https://server/root/.well-known/openid-configuration/jwks");
var json = await result.Content.ReadAsStringAsync();
var data = JsonSerializer.Deserialize <Dictionary <string, JsonElement> >(json);
var keys = data["keys"];
keys.Should().NotBeNull();
var key = keys[0];
key.Should().NotBeNull();
var alg = key.TryGetValue("alg");
alg.GetString().Should().Be(Constants.SigningAlgorithms.RSA_SHA_256);
}
public JwtRequestAuthorizeTests()
{
IdentityModelEventSource.ShowPII = true;
_rsaKey = CryptoHelper.CreateRsaSecurityKey();
_mockPipeline.Clients.AddRange(new Client[]
{
_client = new Client
{
ClientName = "Client with keys",
ClientId = "client",
Enabled = true,
RequireRequestObject = true,
RedirectUris = { "https://client/callback" },
ClientSecrets =
{
new Secret
{
// x509 cert as base64 string
Type = IdentityServerConstants.SecretTypes.X509CertificateBase64,
Value = Convert.ToBase64String(TestCert.Load().Export(X509ContentType.Cert))
},
new Secret
{
// symmetric key as JWK
Type = IdentityServerConstants.SecretTypes.JsonWebKey,
Value = _symmetricJwk
},
new Secret
{
// RSA key as JWK
Type = IdentityServerConstants.SecretTypes.JsonWebKey,
Value = JsonConvert.SerializeObject(JsonWebKeyConverter.ConvertFromRSASecurityKey(_rsaKey))
},
new Secret
{
// x509 cert as JWK
Type = IdentityServerConstants.SecretTypes.JsonWebKey,
Value = JsonConvert.SerializeObject(JsonWebKeyConverter.ConvertFromX509SecurityKey(new X509SecurityKey(TestCert.Load())))
}
},
AllowedGrantTypes = GrantTypes.Implicit,
AllowedScopes = new List <string>
{
"openid", "profile", "api1", "api2"
}
},
});
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email()
});
_mockPipeline.ApiScopes.AddRange(new ApiResource[] {
new ApiResource
{
Name = "api",
Scopes =
{
new Scope
{
Name = "api1"
},
new Scope
{
Name = "api2"
}
}
}
});
_mockPipeline.Initialize();
}
public PkceTests()
{
_pipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_pipeline.IdentityScopes.Add(new IdentityResources.OpenId());
_pipeline.Clients.Add(client = new Client
{
Enabled = true,
ClientId = client_id,
ClientSecrets = new List <Secret>
{
new Secret(client_secret.Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
AllowedScopes = { "openid" },
RequireConsent = false,
RedirectUris = new List <string>
{
redirect_uri
}
});
_pipeline.Clients.Add(client = new Client
{
Enabled = true,
ClientId = client_id_optional,
ClientSecrets = new List <Secret>
{
new Secret(client_secret.Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = false,
AllowedScopes = { "openid" },
RequireConsent = false,
RedirectUris = new List <string>
{
redirect_uri
}
});
_pipeline.Clients.Add(client = new Client
{
Enabled = true,
ClientId = client_id_pkce,
ClientSecrets = new List <Secret>
{
new Secret(client_secret.Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
AllowedScopes = { "openid" },
RequireConsent = false,
RedirectUris = new List <string>
{
redirect_uri
}
});
// allow plain text PKCE
_pipeline.Clients.Add(client = new Client
{
Enabled = true,
ClientId = client_id_plain,
ClientSecrets = new List <Secret>
{
new Secret(client_secret.Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
AllowPlainTextPkce = true,
AllowedScopes = { "openid" },
RequireConsent = false,
RedirectUris = new List <string>
{
redirect_uri
}
});
_pipeline.Clients.Add(client = new Client
{
Enabled = true,
ClientId = client_id_pkce_plain,
ClientSecrets = new List <Secret>
{
new Secret(client_secret.Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
AllowPlainTextPkce = true,
AllowedScopes = { "openid" },
RequireConsent = false,
RedirectUris = new List <string>
{
redirect_uri
}
});
_pipeline.Initialize();
}
public RestrictAccessTokenViaBrowserTests()
{
_mockPipeline.Clients.AddRange(new Client[] {
new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client1/callback"
},
AllowAccessTokensViaBrowser = true
},
new Client
{
ClientId = "client2",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client2/callback"
},
AllowAccessTokensViaBrowser = false
},
new Client
{
ClientId = "client3",
AllowedGrantTypes = GrantTypes.Hybrid,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client3/callback"
},
AllowAccessTokensViaBrowser = true
},
new Client
{
ClientId = "client4",
AllowedGrantTypes = GrantTypes.Hybrid,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client4/callback"
},
AllowAccessTokensViaBrowser = false
}
});
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId()
});
_mockPipeline.Initialize();
}
public CibaTokenEndpointTests()
{
_mockPipeline.OnPostConfigureServices += services =>
{
services.AddSingleton <IBackchannelAuthenticationUserValidator>(_mockCibaUserValidator);
services.AddSingleton <IBackchannelAuthenticationUserNotificationService>(_mockCibaUserNotificationService);
};
_mockPipeline.Clients.AddRange(new Client[] {
_cibaClient = new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.Ciba,
ClientSecrets =
{
new Secret("secret".Sha256()),
},
AllowOfflineAccess = true,
AllowedScopes = new List <string> {
"openid", "profile", "scope1"
},
},
new Client
{
ClientId = "client2",
AllowedGrantTypes = GrantTypes.Ciba,
ClientSecrets =
{
new Secret("secret".Sha256()),
},
AllowOfflineAccess = true,
AllowedScopes = new List <string> {
"openid", "profile", "scope1"
},
},
new Client
{
ClientId = "client3",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256()),
},
AllowOfflineAccess = true,
AllowedScopes = new List <string> {
"openid", "profile", "scope1"
},
},
});
_mockPipeline.Users.Add(_user = new TestUser
{
SubjectId = "123",
Username = "******",
Password = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email()
});
_mockPipeline.ApiResources.AddRange(new ApiResource[] {
new ApiResource
{
Name = "urn:api1",
Scopes = { "scope1" }
},
new ApiResource
{
Name = "urn:api2",
Scopes = { "scope1" }
},
});
_mockPipeline.ApiScopes.AddRange(new ApiScope[] {
new ApiScope
{
Name = "scope1"
},
});
_mockPipeline.Initialize();
}
public EndSessionTests()
{
_mockPipeline.Clients.Add(new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client1/callback"
},
FrontChannelLogoutUri = "https://client1/signout",
PostLogoutRedirectUris = new List <string> {
"https://client1/signout-callback"
},
AllowAccessTokensViaBrowser = true
});
_mockPipeline.Clients.Add(new Client
{
ClientId = "client2",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client2/callback"
},
FrontChannelLogoutUri = "https://client2/signout",
PostLogoutRedirectUris = new List <string> {
"https://client2/signout-callback",
"https://client2/signout-callback2"
},
AllowAccessTokensViaBrowser = true
});
_mockPipeline.Clients.Add(new Client
{
ClientId = "client3",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client3/callback"
},
BackChannelLogoutUri = "https://client3/signout",
AllowAccessTokensViaBrowser = true
});
_mockPipeline.Clients.Add(_wsfedClient = new Client
{
ClientId = "client4",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client4/callback"
},
FrontChannelLogoutUri = "https://client4/signout",
AllowAccessTokensViaBrowser = true
});
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId()
});
_mockPipeline.Initialize();
}
public ServerSideSessionTests()
{
_urls.Origin = IdentityServerPipeline.BaseUrl;
_urls.BasePath = "/";
_pipeline.OnPostConfigureServices += s =>
{
s.AddSingleton <IServerUrls>(_urls);
s.AddIdentityServerBuilder().AddServerSideSessions();
};
_pipeline.OnPostConfigure += app =>
{
_pipeline.Options.ServerSideSessions.RemoveExpiredSessionsFrequency = TimeSpan.FromMilliseconds(100);
app.Map("/user", ep => {
ep.Run(ctx =>
{
if (ctx.User.Identity.IsAuthenticated)
{
ctx.Response.StatusCode = 200;
}
else
{
ctx.Response.StatusCode = 401;
}
return(Task.CompletedTask);
});
});
};
_pipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
});
_pipeline.Users.Add(new TestUser
{
SubjectId = "alice",
Username = "******",
});
_pipeline.Clients.Add(new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.Code,
RequireClientSecret = false,
RequireConsent = false,
RequirePkce = false,
AllowedScopes = { "openid", "api" },
AllowOfflineAccess = true,
CoordinateLifetimeWithUserSession = true,
RefreshTokenUsage = TokenUsage.ReUse,
RedirectUris = { "https://client/callback" },
BackChannelLogoutUri = "https://client/bc-logout"
});
_pipeline.IdentityScopes.Add(new IdentityResources.OpenId());
_pipeline.ApiScopes.Add(new ApiScope("api"));
_pipeline.Initialize();
_sessionStore = _pipeline.Resolve <IServerSideSessionStore>();
_ticketService = _pipeline.Resolve <IServerSideTicketService>();
_sessionMgmt = _pipeline.Resolve <ISessionManagementService>();
_grantStore = _pipeline.Resolve <IPersistedGrantStore>();
_refreshTokenStore = _pipeline.Resolve <IRefreshTokenStore>();
}
public void Init()
{
_mockPipeline = new IdentityServerPipeline();
_mockPipeline.Clients.AddRange(new Client[] {
new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid", "profile", "aid"
},
RedirectUris = new List <string> {
"https://client1/callback"
},
AllowAccessTokensViaBrowser = true,
AccessTokenLifetime = 3600,
IdentityTokenLifetime = 500
},
new Client
{
ClientId = "client2",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = true,
AllowedScopes = new List <string> {
"openid", "profile", "api1", "api2", "aid", "aid_idResource"
},
RedirectUris = new List <string> {
"https://client2/callback"
},
AllowAccessTokensViaBrowser = true,
AlwaysIncludeUserClaimsInIdToken = true
}
});
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email(),
new IdentityResource("aid_idResource", new [] { "aid" })
});
_mockPipeline.ApiScopes.AddRange(new ApiResource[] {
new ApiResource
{
Name = "api",
Scopes =
{
new Scope
{
Name = "api1"
},
new Scope
{
Name = "api2"
},
new Scope
{
Name = "aid",
UserClaims = new List <string>()
{
"aid"
}
}
}
}
});
_mockPipeline.Initialize();
}
public void Init()
{
_mockPipeline = new IdentityServerPipeline();
_mockPipeline.Initialize();
}
public void Init()
{
_mockPipeline = new IdentityServerPipeline();
_mockPipeline.Clients.AddRange(new Client[] {
_client1 = new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid", "profile"
},
RedirectUris = new List <string> {
"https://client1/callback"
},
AllowAccessTokensViaBrowser = true,
AccessTokenLifetime = 3600
},
new Client
{
ClientId = "client2",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = true,
AllowedScopes = new List <string> {
"openid", "profile", "api1", "api2"
},
RedirectUris = new List <string> {
"https://client2/callback"
},
AllowAccessTokensViaBrowser = true
},
new Client
{
ClientId = "client3",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid", "profile", "api1", "api2"
},
RedirectUris = new List <string> {
"https://client3/callback"
},
AllowAccessTokensViaBrowser = true,
EnableLocalLogin = false,
IdentityProviderRestrictions = new List <string> {
"google"
}
},
new Client
{
ClientId = "client4",
AllowedGrantTypes = GrantTypes.Code,
RequireClientSecret = false,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid", "profile", "api1", "api2"
},
RedirectUris = new List <string> {
"https://client4/callback"
},
AccessTokenLifetime = 3600
},
new Client
{
ClientId = client_id,
ClientSecrets = new List <Secret> {
new Secret(client_secret.Sha256())
},
AllowedGrantTypes = { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword },
AllowedScopes = new List <string> {
"api3"
},
AccessTokenLifetime = 3600
}
});
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Password = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email()
});
_mockPipeline.ApiScopes.AddRange(new ApiResource[] {
new ApiResource
{
Name = "api",
Scopes =
{
new Scope
{
Name = "api1"
},
new Scope
{
Name = "api2"
}
}
},
new ApiResource
{
Name = "api1",
ApiSecrets = new List <Secret> {
new Secret(scope_secret.Sha256())
},
Scopes =
{
new Scope
{
Name = scope_name
}
}
}
});
_mockPipeline.Initialize();
}
public AuthorizeLoggingTests()
{
_mockPipeline.Clients.AddRange(new Client[] {
_client1 = new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid", "profile"
},
RedirectUris = new List <string> {
"https://client1/callback"
},
AllowAccessTokensViaBrowser = true
},
new Client
{
ClientId = "client2",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = true,
AllowedScopes = new List <string> {
"openid", "profile", "api1", "api2"
},
RedirectUris = new List <string> {
"https://client2/callback"
},
AllowAccessTokensViaBrowser = true
},
new Client
{
ClientId = "client3",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid", "profile", "api1", "api2"
},
RedirectUris = new List <string> {
"https://client3/callback"
},
AllowAccessTokensViaBrowser = true,
EnableLocalLogin = false,
IdentityProviderRestrictions = new List <string> {
"google"
}
}
});
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email()
});
_mockPipeline.ApiScopes.AddRange(new ApiResource[] {
new ApiResource
{
Name = "api",
Scopes =
{
new Scope
{
Name = "api1"
},
new Scope
{
Name = "api2"
}
}
}
});
_mockPipeline.Initialize(enableLogging: true);
}
public ResourceTests()
{
_mockPipeline.Clients.AddRange(new Client[] {
_client1 = new Client
{
ClientId = "client1",
ClientSecrets = { new Secret("secret".Sha256()) },
AllowedGrantTypes = GrantTypes.Code,
RequireConsent = false,
RequirePkce = false,
AllowOfflineAccess = true,
AllowedScopes = new List <string> {
"openid", "profile", "scope1", "scope2", "scope3", "scope4"
},
RedirectUris = new List <string> {
"https://client1/callback"
},
},
new Client
{
ClientId = "client2",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowAccessTokensViaBrowser = true,
AllowedScopes = new List <string> {
"openid", "profile", "scope1", "scope2", "scope3", "scope4"
},
RedirectUris = new List <string> {
"https://client2/callback"
},
},
});
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email()
});
_mockPipeline.ApiResources.AddRange(new ApiResource[] {
new ApiResource
{
Name = "urn:resource1",
Scopes = { "scope1", "scope2" }
},
new ApiResource
{
Name = "urn:resource2",
Scopes = { "scope2" }
},
new ApiResource
{
RequireResourceIndicator = true,
Name = "urn:resource3",
Scopes = { "scope3" }
},
});
_mockPipeline.ApiScopes.AddRange(new ApiScope[] {
new ApiScope
{
Name = "scope1"
},
new ApiScope
{
Name = "scope2"
},
new ApiScope
{
Name = "scope3"
},
new ApiScope
{
Name = "scope4"
},
});
_mockPipeline.Initialize();
}
public CheckSessionTests()
{
_mockPipeline.Initialize();
}
public RevocationTests()
{
_mockPipeline.Clients.Add(new Client
{
ClientId = client_id,
ClientSecrets = new List <Secret> {
new Secret(client_secret.Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequireConsent = false,
RequirePkce = false,
AllowOfflineAccess = true,
AllowedScopes = new List <string> {
"api"
},
RedirectUris = new List <string> {
redirect_uri
},
AllowAccessTokensViaBrowser = true,
AccessTokenType = AccessTokenType.Reference,
RefreshTokenUsage = TokenUsage.ReUse
});
_mockPipeline.Clients.Add(new Client
{
ClientId = "implicit",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"api"
},
RedirectUris = new List <string> {
redirect_uri
},
AllowAccessTokensViaBrowser = true,
AccessTokenType = AccessTokenType.Reference
});
_mockPipeline.Clients.Add(new Client
{
ClientId = "implicit_and_client_creds",
AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials,
ClientSecrets = { new Secret("secret".Sha256()) },
RequireConsent = false,
AllowedScopes = new List <string> {
"api"
},
RedirectUris = new List <string> {
redirect_uri
},
AllowAccessTokensViaBrowser = true,
AccessTokenType = AccessTokenType.Reference
});
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId()
});
_mockPipeline.ApiResources.AddRange(new ApiResource[] {
new ApiResource
{
Name = "api",
ApiSecrets = new List <Secret> {
new Secret(scope_secret.Sha256())
},
Scopes = { scope_name }
}
});
_mockPipeline.ApiScopes.AddRange(new ApiScope[]
{
new ApiScope
{
Name = scope_name
}
});
_mockPipeline.Initialize();
}
public SessionIdTests()
{
_mockPipeline.Clients.AddRange(new Client[] {
new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid", "profile"
},
RedirectUris = new List <Uri> {
new Uri("https://client1/callback")
},
AllowAccessTokensViaBrowser = true
},
new Client
{
ClientId = "client2",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = true,
AllowedScopes = new List <string> {
"openid", "profile", "api1", "api2"
},
RedirectUris = new List <Uri> {
new Uri("https://client2/callback")
},
AllowAccessTokensViaBrowser = true
}
});
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email()
});
_mockPipeline.ApiResources.AddRange(new ApiResource[] {
new ApiResource
{
Name = "api",
}
});
_mockPipeline.ApiScopes.AddRange(new ApiScope[] {
new ApiScope
{
Name = "api1"
},
new ApiScope
{
Name = "api2"
}
});
_mockPipeline.Initialize();
}
