public async Task valid_request_should_return_valid_result()
{
// ciba request
var bindingMessage = Guid.NewGuid().ToString("n");
var cibaBody = new Dictionary <string, string>
{
{ "client_id", "client1" },
{ "client_secret", "secret" },
{ "scope", "openid profile scope1 offline_access" },
{ "login_hint", "this means bob" },
{ "binding_message", bindingMessage },
};
SetValidatedUser();
var cibaResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.BackchannelAuthenticationEndpoint,
new FormUrlEncodedContent(cibaBody));
cibaResponse.StatusCode.Should().Be(HttpStatusCode.OK);
// user auth/consent
var cibaService = _mockPipeline.Resolve <IBackchannelAuthenticationInteractionService>();
var request = await cibaService.GetLoginRequestByInternalIdAsync(_mockCibaUserNotificationService.LoginRequest.InternalId);
await cibaService.CompleteLoginRequestAsync(new CompleteBackchannelLoginRequest(_mockCibaUserNotificationService.LoginRequest.InternalId)
{
ScopesValuesConsented = request.ValidatedResources.RawScopeValues,
Subject = new IdentityServerUser(_user.SubjectId)
{
AuthenticationTime = DateTime.UtcNow,
IdentityProvider = IdentityServerConstants.LocalIdentityProvider,
}
.CreatePrincipal()
});
// token request
var values = JsonSerializer.Deserialize <Dictionary <string, object> >(await cibaResponse.Content.ReadAsStringAsync());
var requestId = values["auth_req_id"].ToString();
var tokenBody = new Dictionary <string, string>
{
{ "client_id", "client1" },
{ "client_secret", "secret" },
{ "grant_type", "urn:openid:params:grant-type:ciba" },
{ "auth_req_id", requestId },
};
var tokenResponse = await _mockPipeline.BackChannelClient.PostAsync(
IdentityServerPipeline.TokenEndpoint,
new FormUrlEncodedContent(tokenBody));
tokenResponse.StatusCode.Should().Be(HttpStatusCode.OK);
}
public ServerSideSessionTests()
{
_urls.Origin = IdentityServerPipeline.BaseUrl;
_urls.BasePath = "/";
_pipeline.OnPostConfigureServices += s =>
{
s.AddSingleton <IServerUrls>(_urls);
s.AddIdentityServerBuilder().AddServerSideSessions();
};
_pipeline.OnPostConfigure += app =>
{
_pipeline.Options.ServerSideSessions.RemoveExpiredSessionsFrequency = TimeSpan.FromMilliseconds(100);
app.Map("/user", ep => {
ep.Run(ctx =>
{
if (ctx.User.Identity.IsAuthenticated)
{
ctx.Response.StatusCode = 200;
}
else
{
ctx.Response.StatusCode = 401;
}
return(Task.CompletedTask);
});
});
};
_pipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
});
_pipeline.Users.Add(new TestUser
{
SubjectId = "alice",
Username = "******",
});
_pipeline.Clients.Add(new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.Code,
RequireClientSecret = false,
RequireConsent = false,
RequirePkce = false,
AllowedScopes = { "openid", "api" },
AllowOfflineAccess = true,
CoordinateLifetimeWithUserSession = true,
RefreshTokenUsage = TokenUsage.ReUse,
RedirectUris = { "https://client/callback" },
BackChannelLogoutUri = "https://client/bc-logout"
});
_pipeline.IdentityScopes.Add(new IdentityResources.OpenId());
_pipeline.ApiScopes.Add(new ApiScope("api"));
_pipeline.Initialize();
_sessionStore = _pipeline.Resolve <IServerSideSessionStore>();
_ticketService = _pipeline.Resolve <IServerSideTicketService>();
_sessionMgmt = _pipeline.Resolve <ISessionManagementService>();
_grantStore = _pipeline.Resolve <IPersistedGrantStore>();
_refreshTokenStore = _pipeline.Resolve <IRefreshTokenStore>();
}