public async Task IdentityServerProxy_GetClientCredentialsAsync_Succeeds()
{
var clientConfiguration = new ClientConfiguration("MyClient", "MySecret");
var client = new Client
{
ClientId = clientConfiguration.Id,
ClientSecrets = new List <Secret>
{
new Secret(clientConfiguration.Secret.Sha256())
},
AllowedScopes = new[] { "api1" },
AllowedGrantTypes = new[] { GrantType.ClientCredentials },
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 7200
};
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddClients(client)
.AddApiResources(new ApiResource("api1", "api1name"))
.AddApiScopes(new ApiScope("api1"))
.CreateWebHostBuider();
var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder);
var tokenResponse = await identityServerProxy.GetClientAccessTokenAsync(clientConfiguration, "api1");
Assert.NotNull(tokenResponse);
Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription);
Assert.NotNull(tokenResponse.AccessToken);
Assert.Equal(7200, tokenResponse.ExpiresIn);
Assert.Equal("Bearer", tokenResponse.TokenType);
}
public async Task IdentityServerProxy_GetResourceOwnerTokenAsync_Invalid_User_Succeeds()
{
var clientConfiguration = new ClientConfiguration("MyClient", "MySecret");
var client = new Client
{
ClientId = clientConfiguration.Id,
ClientSecrets = new List <Secret>
{
new Secret(clientConfiguration.Secret.Sha256())
},
AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess },
AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword },
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 7200,
AllowOfflineAccess = true
};
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddClients(client)
.AddApiResources(new ApiResource("api1", "api1name"))
.AddApiScopes(new ApiScope())
.UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator())
.CreateWebHostBuider();
var identityServerClient = new IdentityServerWebHostProxy(webHostBuilder);
var tokenResponse = await identityServerClient.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration,
new UserLoginConfiguration("user", "password1"),
"api1", "offline_access");
Assert.NotNull(tokenResponse);
Assert.True(tokenResponse.IsError);
}
IdentityServerProxy_GetResourceOwnerTokenAsync_Valid_User_Custom_IdentityServerBuilderOptions_Token_Endpoint_Disabled_Fails()
{
var clientConfiguration = new ClientConfiguration("MyClient", "MySecret");
var client = new Client
{
ClientId = clientConfiguration.Id,
ClientSecrets = new List <Secret>
{
new Secret(clientConfiguration.Secret.Sha256())
},
AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess },
AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword },
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 7200,
AllowOfflineAccess = true
};
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddClients(client)
.AddApiResources(new ApiResource("api1", "api1name"))
.AddApiScopes(new ApiScope("api1"))
.UseResourceOwnerPasswordValidator(typeof(SimpleResourceOwnerPasswordValidator))
.UseIdentityServerOptionsBuilder(options => options.Endpoints.EnableTokenEndpoint = false)
.CreateWebHostBuider();
var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder);
var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration,
new UserLoginConfiguration("user", "password"),
"api1", "offline_access");
Assert.NotNull(tokenResponse);
Assert.True(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription);
}
public async Task IdentityServerProxy_GetUserInfoAsync_Valid_Token_Succeeds()
{
var clientConfiguration = new ClientConfiguration("MyClient", "MySecret");
var client = new Client
{
ClientId = clientConfiguration.Id,
ClientSecrets = new List <Secret>
{
new Secret(clientConfiguration.Secret.Sha256())
},
AllowedScopes = new[]
{
"api1", IdentityServerConstants.StandardScopes.OfflineAccess,
IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile
},
AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword },
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 7200,
AllowOfflineAccess = true
};
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddClients(client)
.AddApiResources(new ApiResource("api1", "api1name"))
.AddApiScopes(new ApiScope("api1"))
.AddIdentityResources(new IdentityResources.OpenId(), new IdentityResources.Profile())
.UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator())
.UseProfileService(new SimpleProfileService())
.CreateWebHostBuider();
var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder);
var scopes = new[] { "api1", "offline_access", "openid", "profile" };
var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration,
new UserLoginConfiguration("user", "password"),
scopes);
// We are breaking the pattern arrange / act / assert here but we need to make sure token requested successfully first
Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription);
var userInfoResponse = await identityServerProxy
.GetUserInfoAsync(tokenResponse.AccessToken);
Assert.NotNull(userInfoResponse);
Assert.False(userInfoResponse.IsError);
Assert.NotNull(userInfoResponse.Claims);
var subjectClaim = userInfoResponse.Claims.First(claim => claim.Type == JwtClaimTypes.Subject);
Assert.NotNull(subjectClaim);
Assert.Equal("user", subjectClaim.Value);
}
public async Task IdentityServerProxy_GetRefreshTokenAsync_WithScope_In_Parameters_Valid_User_Succeeds()
{
var clientConfiguration = new ClientConfiguration("MyClient", "MySecret");
var client = new Client
{
ClientId = clientConfiguration.Id,
ClientSecrets = new List <Secret>
{
new Secret(clientConfiguration.Secret.Sha256())
},
AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess },
AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword },
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 7200,
AllowOfflineAccess = true
};
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddClients(client)
.AddApiResources(new ApiResource("api1", "api1name"))
.AddApiScopes(new ApiScope("api1"))
.UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator())
.CreateWebHostBuider();
var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder);
const string scopes = "api1 offline_access";
var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration,
new UserLoginConfiguration("user", "password"),
new Dictionary <string, string>
{
{ "Scope", scopes }
});
// We are breaking the pattern arrange / act / assert here but we need to make sure token requested successfully first
Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription);
var refreshTokenResponse = await identityServerProxy
.GetRefreshTokenAsync(clientConfiguration, tokenResponse.RefreshToken,
new Dictionary <string, string>
{
{ "Scope", scopes }
});
Assert.NotNull(refreshTokenResponse);
Assert.False(refreshTokenResponse.IsError,
refreshTokenResponse.Error ?? refreshTokenResponse.ErrorDescription);
Assert.NotNull(refreshTokenResponse.AccessToken);
Assert.NotNull(refreshTokenResponse.RefreshToken);
Assert.Equal(7200, refreshTokenResponse.ExpiresIn);
Assert.Equal("Bearer", refreshTokenResponse.TokenType);
}
public IntegrationTestBase()
{
_clientConf = new ClientConfiguration("client_id", "client_key");
var random = new Random();
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddIdentityResources(new IdentityResource[]
{
new IdentityResources.OpenId()
})
.AddClients(new Client[]
{
new Client
{
ClientId = _clientConf.Id,
AccessTokenType = AccessTokenType.Jwt,
AllowedGrantTypes = new[] { GrantType.ClientCredentials },
ClientSecrets = { new Secret(_clientConf.Secret.Sha256()) },
AllowedScopes = { "BookApi" }
}
})
.AddApiResources(new ApiResource[]
{
new ApiResource
{
Name = "BookApi",
DisplayName = "BookAPI Service",
Scopes = new List <string> {
"BookApi"
},
ApiSecrets = { new Secret("book_secret_key".Sha256()) }
}
})
.AddApiScopes(new ApiScope[]
{
new ApiScope
{
Name = "BookApi"
}
})
.UseIdentityServerBuilder(services => services
.AddIdentityServer()
.AddDefaultEndpoints()
// we use this trick to allow multiple parallels test in the same time
.AddDeveloperSigningCredential(true, "tempkey_" + random.Next())
)
.CreateWebHostBuider();
_identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder);
}
public async Task IdentityServerProxy_GetTokenAsync_Extension_Grant_Valid_User_Succeeds()
{
var clientConfiguration = new ClientConfiguration("MyClient", "MySecret");
var client = new Client
{
ClientId = clientConfiguration.Id,
ClientSecrets = new List <Secret>
{
new Secret(clientConfiguration.Secret.Sha256())
},
AllowedScopes = new[]
{
"api1", IdentityServerConstants.StandardScopes.OfflineAccess,
IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile
},
AllowedGrantTypes = new[] { "Custom" },
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 7200,
AllowOfflineAccess = true
};
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddClients(client)
.AddApiResources(new ApiResource("api1", "api1name"))
.AddApiScopes(new ApiScope("api1"))
.AddIdentityResources(new IdentityResources.OpenId(), new IdentityResources.Profile())
.UseServices((context, collection) =>
collection.AddScoped <IExtensionGrantValidator, ExtensionsGrantValidator>())
.CreateWebHostBuider();
var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder);
var scopes = new[] { "api1", "offline_access", "openid", "profile" };
var tokenResponse = await identityServerProxy.GetTokenAsync(clientConfiguration, "Custom",
new Dictionary <string, string>
{
{ "scope", string.Join(" ", scopes) },
{ "username", "user" },
{ "password", "password" }
});
Assert.NotNull(tokenResponse);
Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription);
Assert.Equal(7200, tokenResponse.ExpiresIn);
Assert.NotNull(tokenResponse.AccessToken);
Assert.NotNull(tokenResponse.RefreshToken);
}
public async Task IdentityServerProxy_GetResourceOwnerTokenAsync_Custom_WebHost_Succeeds()
{
var host = new IdentityServerTestWebHostBuilder()
.UseWebHostBuilder(Program.CreateWebHostBuilder(new string[] { }))
.CreateWebHostBuider();
var proxy = new IdentityServerWebHostProxy(host);
var scopes = new[] { "api1", "offline_access", "openid", "profile" };
var tokenResponse = await proxy.GetResourceOwnerPasswordAccessTokenAsync(
new ClientConfiguration(Clients.Id, Clients.Secret),
new UserLoginConfiguration("user1", "password1"), scopes);
Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription);
}
IdentityServerProxy_GetResourceOwnerTokenAsync_Valid_User_Custom_IdentityServerBuilder_Succeeds()
{
var clientConfiguration = new ClientConfiguration("MyClient", "MySecret");
var client = new Client
{
ClientId = clientConfiguration.Id,
ClientSecrets = new List <Secret>
{
new Secret(clientConfiguration.Secret.Sha256())
},
AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess },
AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword },
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 7200,
AllowOfflineAccess = true
};
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddClients(client)
.AddApiResources(new ApiResource("api1", "api1name"))
.AddApiScopes(new ApiScope("api1"))
.UseResourceOwnerPasswordValidator(typeof(SimpleResourceOwnerPasswordValidator))
.UseIdentityServerBuilder(services => services
.AddIdentityServer()
.AddDefaultEndpoints()
.AddDeveloperSigningCredential()
)
.CreateWebHostBuider();
var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder);
var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration,
new UserLoginConfiguration("user", "password"),
"api1", "offline_access");
Assert.NotNull(tokenResponse);
Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription);
Assert.NotNull(tokenResponse.AccessToken);
Assert.NotNull(tokenResponse.RefreshToken);
Assert.Equal(7200, tokenResponse.ExpiresIn);
Assert.Equal("Bearer", tokenResponse.TokenType);
}
public async Task IdentityServerProxy_GetClientCredentialsAsync_Authorize_Api_Succeeds()
{
var clientConfiguration = new ClientConfiguration("MyClient", "MySecret");
var client = new Client
{
ClientId = clientConfiguration.Id,
ClientSecrets = new List <Secret>
{
new Secret(clientConfiguration.Secret.Sha256())
},
AllowedScopes = new[] { "api1" },
AllowedGrantTypes = new[] { GrantType.ClientCredentials },
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 7200
};
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddClients(client)
.AddApiResources(new ApiResource("api1", "api1name"))
.AddApiScopes(new ApiScope("api1"))
.CreateWebHostBuider();
var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder);
var tokenResponse = await identityServerProxy.GetClientAccessTokenAsync(clientConfiguration, "api1");
var apiWebHostBuilder = WebHost.CreateDefaultBuilder()
.ConfigureServices(services =>
services.AddSingleton(identityServerProxy.IdentityServer.CreateHandler()))
.UseStartup <Startup>();
var apiServer = new TestServer(apiWebHostBuilder);
var apiClient = apiServer.CreateClient();
apiClient.SetBearerToken(tokenResponse.AccessToken);
var apiResponse = await apiClient.GetAsync("api/auth");
Assert.True(apiResponse.IsSuccessStatusCode, "should have been authenticated!");
}
public async Task IdentityServerProxy_GetDiscoverDocumentAsync_Succeeds()
{
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddClients(new Client
{
ClientId = "MyClient",
ClientSecrets = new List <Secret>
{
new Secret("MySecret".Sha256())
}
})
.AddApiResources(new ApiResource())
.AddApiScopes(new ApiScope())
.CreateWebHostBuider();
var identityServerClient = new IdentityServerWebHostProxy(webHostBuilder);
var discoveryResponse = await identityServerClient.GetDiscoverResponseAsync();
Assert.NotNull(discoveryResponse);
Assert.False(discoveryResponse.IsError, discoveryResponse.Error);
}
public IntegrationTestBase()
{
_clientConf = new ClientConfiguration("client_id", "client_key");
var random = new Random();
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddIdentityResources(new IdentityResource[]
{
new IdentityResource()
{
Name = JwtClaimTypes.Role,
UserClaims = new List <string> {
JwtClaimTypes.Role
}
}
})
.AddClients(new Client[]
{
new Client
{
ClientId = _clientConf.Id,
AccessTokenType = AccessTokenType.Jwt,
AllowedGrantTypes = new[] { GRANT_TYPE_ADMIN },
ClientSecrets = { new Secret(_clientConf.Secret.Sha256()) },
AllowedScopes = { "BookApi" }
}
})
.AddApiResources(new ApiResource[]
{
new ApiResource
{
Name = "BookApi",
DisplayName = "BookAPI Service",
Scopes = new List <string> {
"BookApi"
},
ApiSecrets = { new Secret("book_secret_key".Sha256()) },
UserClaims = new List <string> {
JwtClaimTypes.Role
}
}
})
.AddApiScopes(new ApiScope[]
{
new ApiScope
{
Name = "BookApi",
UserClaims = new List <string> {
JwtClaimTypes.Role
}
}
})
// used to add custom Role to accessToken
.UseServices((context, collection) =>
{
collection.AddScoped <IExtensionGrantValidator, FakeGrantValidator>();
})
.UseIdentityServerBuilder(services => services
.AddIdentityServer()
.AddDefaultEndpoints()
// we use this trick to allow multiple parallels test in the same time
.AddDeveloperSigningCredential(true, "tempkey_" + random.Next())
)
.CreateWebHostBuider();
_identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder);
}
