public async Task No_state_should_not_result_in_shash()
{
await _pipeline.LoginAsync("bob");
var nonce = Guid.NewGuid().ToString();
_pipeline.BrowserClient.AllowAutoRedirect = false;
var url = _pipeline.CreateAuthorizeUrl(
clientId: "code_pipeline.Client",
responseType: "code",
scope: "openid",
redirectUri: "https://code_pipeline.Client/callback?foo=bar&baz=quux",
nonce: nonce);
var response = await _pipeline.BrowserClient.GetAsync(url);
var authorization = _pipeline.ParseAuthorizationResponseUrl(response.Headers.Location.ToString());
authorization.Code.Should().NotBeNull();
var code = authorization.Code;
// backchannel client
var wrapper = new MessageHandlerWrapper(_pipeline.Handler);
var tokenClient = new HttpClient(wrapper);
var tokenResult = await tokenClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
Address = IdentityServerPipeline.TokenEndpoint,
ClientId = "code_pipeline.Client",
ClientSecret = "secret",
Code = code,
RedirectUri = "https://code_pipeline.Client/callback?foo=bar&baz=quux"
});
tokenResult.IsError.Should().BeFalse();
tokenResult.HttpErrorReason.Should().Be("OK");
tokenResult.TokenType.Should().Be("Bearer");
tokenResult.AccessToken.Should().NotBeNull();
tokenResult.ExpiresIn.Should().BeGreaterThan(0);
tokenResult.IdentityToken.Should().NotBeNull();
var token = new JwtSecurityToken(tokenResult.IdentityToken);
token.Claims.Count().Should().Be(12);
var s_hash = token.Claims.FirstOrDefault(c => c.Type == "s_hash");
s_hash.Should().BeNull();
}
public async Task Preserves_query_parameters_in_redirect_uri()
{
await _mockPipeline.LoginAsync("bob");
var nonce = Guid.NewGuid().ToString();
var state = Guid.NewGuid().ToString();
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var url = _mockPipeline.CreateAuthorizeUrl(
clientId: "code_client",
responseType: "code",
scope: "openid",
redirectUri: "https://code_client/callback?foo=bar&baz=quux",
state: state,
nonce: nonce);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.Should().Be(HttpStatusCode.Redirect);
response.Headers.Location.ToString().Should().StartWith("https://code_client/callback?");
var authorization = _mockPipeline.ParseAuthorizationResponseUrl(response.Headers.Location.ToString());
authorization.Code.Should().NotBeNull();
authorization.State.Should().Be(state);
var query = Microsoft.AspNetCore.WebUtilities.QueryHelpers.ParseQuery(response.Headers.Location.Query);
query["foo"].ToString().Should().Be("bar");
query["baz"].ToString().Should().Be("quux");
}
public async Task Token_endpoint_supports_client_authentication_with_basic_authentication_with_POST()
{
await _pipeline.LoginAsync("bob");
var nonce = Guid.NewGuid().ToString();
_pipeline.BrowserClient.AllowAutoRedirect = false;
var url = _pipeline.CreateAuthorizeUrl(
clientId: "code_pipeline.Client",
responseType: "code",
scope: "openid",
redirectUri: "https://code_pipeline.Client/callback?foo=bar&baz=quux",
nonce: nonce);
var response = await _pipeline.BrowserClient.GetAsync(url);
var authorization = _pipeline.ParseAuthorizationResponseUrl(response.Headers.Location.ToString());
authorization.Code.Should().NotBeNull();
var code = authorization.Code;
// backchannel client
var wrapper = new MessageHandlerWrapper(_pipeline.Handler);
var tokenClient = new HttpClient(wrapper);
var tokenResult = await tokenClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
Address = IdentityServerPipeline.TokenEndpoint,
ClientId = "code_pipeline.Client",
ClientSecret = "secret",
Code = code,
RedirectUri = "https://code_pipeline.Client/callback?foo=bar&baz=quux"
});
tokenResult.IsError.Should().BeFalse();
tokenResult.HttpErrorReason.Should().Be("OK");
tokenResult.TokenType.Should().Be("Bearer");
tokenResult.AccessToken.Should().NotBeNull();
tokenResult.ExpiresIn.Should().BeGreaterThan(0);
tokenResult.IdentityToken.Should().NotBeNull();
wrapper.Response.Headers.CacheControl.NoCache.Should().BeTrue();
wrapper.Response.Headers.CacheControl.NoStore.Should().BeTrue();
}