IdentityServerProxy_GetResourceOwnerTokenAsync_Valid_User_Custom_IdentityServerBuilderOptions_Token_Endpoint_Disabled_Fails()
{
var clientConfiguration = new ClientConfiguration("MyClient", "MySecret");
var client = new Client
{
ClientId = clientConfiguration.Id,
ClientSecrets = new List <Secret>
{
new Secret(clientConfiguration.Secret.Sha256())
},
AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess },
AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword },
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 7200,
AllowOfflineAccess = true
};
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddClients(client)
.AddApiResources(new ApiResource("api1", "api1name"))
.AddApiScopes(new ApiScope("api1"))
.UseResourceOwnerPasswordValidator(typeof(SimpleResourceOwnerPasswordValidator))
.UseIdentityServerOptionsBuilder(options => options.Endpoints.EnableTokenEndpoint = false)
.CreateWebHostBuider();
var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder);
var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration,
new UserLoginConfiguration("user", "password"),
"api1", "offline_access");
Assert.NotNull(tokenResponse);
Assert.True(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription);
}
public async Task IdentityServerProxy_GetResourceOwnerTokenAsync_Invalid_User_Succeeds()
{
var clientConfiguration = new ClientConfiguration("MyClient", "MySecret");
var client = new Client
{
ClientId = clientConfiguration.Id,
ClientSecrets = new List <Secret>
{
new Secret(clientConfiguration.Secret.Sha256())
},
AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess },
AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword },
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 7200,
AllowOfflineAccess = true
};
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddClients(client)
.AddApiResources(new ApiResource("api1", "api1name"))
.AddApiScopes(new ApiScope())
.UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator())
.CreateWebHostBuider();
var identityServerClient = new IdentityServerWebHostProxy(webHostBuilder);
var tokenResponse = await identityServerClient.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration,
new UserLoginConfiguration("user", "password1"),
"api1", "offline_access");
Assert.NotNull(tokenResponse);
Assert.True(tokenResponse.IsError);
}
public async Task IdentityServerProxy_GetUserInfoAsync_Valid_Token_Succeeds()
{
var clientConfiguration = new ClientConfiguration("MyClient", "MySecret");
var client = new Client
{
ClientId = clientConfiguration.Id,
ClientSecrets = new List <Secret>
{
new Secret(clientConfiguration.Secret.Sha256())
},
AllowedScopes = new[]
{
"api1", IdentityServerConstants.StandardScopes.OfflineAccess,
IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile
},
AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword },
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 7200,
AllowOfflineAccess = true
};
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddClients(client)
.AddApiResources(new ApiResource("api1", "api1name"))
.AddApiScopes(new ApiScope("api1"))
.AddIdentityResources(new IdentityResources.OpenId(), new IdentityResources.Profile())
.UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator())
.UseProfileService(new SimpleProfileService())
.CreateWebHostBuider();
var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder);
var scopes = new[] { "api1", "offline_access", "openid", "profile" };
var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration,
new UserLoginConfiguration("user", "password"),
scopes);
// We are breaking the pattern arrange / act / assert here but we need to make sure token requested successfully first
Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription);
var userInfoResponse = await identityServerProxy
.GetUserInfoAsync(tokenResponse.AccessToken);
Assert.NotNull(userInfoResponse);
Assert.False(userInfoResponse.IsError);
Assert.NotNull(userInfoResponse.Claims);
var subjectClaim = userInfoResponse.Claims.First(claim => claim.Type == JwtClaimTypes.Subject);
Assert.NotNull(subjectClaim);
Assert.Equal("user", subjectClaim.Value);
}
public async Task IdentityServerProxy_GetRefreshTokenAsync_WithScope_In_Parameters_Valid_User_Succeeds()
{
var clientConfiguration = new ClientConfiguration("MyClient", "MySecret");
var client = new Client
{
ClientId = clientConfiguration.Id,
ClientSecrets = new List <Secret>
{
new Secret(clientConfiguration.Secret.Sha256())
},
AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess },
AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword },
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 7200,
AllowOfflineAccess = true
};
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddClients(client)
.AddApiResources(new ApiResource("api1", "api1name"))
.AddApiScopes(new ApiScope("api1"))
.UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator())
.CreateWebHostBuider();
var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder);
const string scopes = "api1 offline_access";
var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration,
new UserLoginConfiguration("user", "password"),
new Dictionary <string, string>
{
{ "Scope", scopes }
});
// We are breaking the pattern arrange / act / assert here but we need to make sure token requested successfully first
Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription);
var refreshTokenResponse = await identityServerProxy
.GetRefreshTokenAsync(clientConfiguration, tokenResponse.RefreshToken,
new Dictionary <string, string>
{
{ "Scope", scopes }
});
Assert.NotNull(refreshTokenResponse);
Assert.False(refreshTokenResponse.IsError,
refreshTokenResponse.Error ?? refreshTokenResponse.ErrorDescription);
Assert.NotNull(refreshTokenResponse.AccessToken);
Assert.NotNull(refreshTokenResponse.RefreshToken);
Assert.Equal(7200, refreshTokenResponse.ExpiresIn);
Assert.Equal("Bearer", refreshTokenResponse.TokenType);
}
public async Task IdentityServerProxy_GetResourceOwnerTokenAsync_Custom_WebHost_Succeeds()
{
var host = new IdentityServerTestWebHostBuilder()
.UseWebHostBuilder(Program.CreateWebHostBuilder(new string[] { }))
.CreateWebHostBuider();
var proxy = new IdentityServerWebHostProxy(host);
var scopes = new[] { "api1", "offline_access", "openid", "profile" };
var tokenResponse = await proxy.GetResourceOwnerPasswordAccessTokenAsync(
new ClientConfiguration(Clients.Id, Clients.Secret),
new UserLoginConfiguration("user1", "password1"), scopes);
Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription);
}
IdentityServerProxy_GetResourceOwnerTokenAsync_Valid_User_Custom_IdentityServerBuilder_Succeeds()
{
var clientConfiguration = new ClientConfiguration("MyClient", "MySecret");
var client = new Client
{
ClientId = clientConfiguration.Id,
ClientSecrets = new List <Secret>
{
new Secret(clientConfiguration.Secret.Sha256())
},
AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess },
AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword },
AccessTokenType = AccessTokenType.Jwt,
AccessTokenLifetime = 7200,
AllowOfflineAccess = true
};
var webHostBuilder = new IdentityServerTestWebHostBuilder()
.AddClients(client)
.AddApiResources(new ApiResource("api1", "api1name"))
.AddApiScopes(new ApiScope("api1"))
.UseResourceOwnerPasswordValidator(typeof(SimpleResourceOwnerPasswordValidator))
.UseIdentityServerBuilder(services => services
.AddIdentityServer()
.AddDefaultEndpoints()
.AddDeveloperSigningCredential()
)
.CreateWebHostBuider();
var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder);
var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration,
new UserLoginConfiguration("user", "password"),
"api1", "offline_access");
Assert.NotNull(tokenResponse);
Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription);
Assert.NotNull(tokenResponse.AccessToken);
Assert.NotNull(tokenResponse.RefreshToken);
Assert.Equal(7200, tokenResponse.ExpiresIn);
Assert.Equal("Bearer", tokenResponse.TokenType);
}