public void SetAuthenticationModeToPassiveWhenLoginModeIsSelfHosted()
{
var oktaMvcOptions = new OktaMvcOptions()
{
PostLogoutRedirectUri = "http://postlogout.com",
OktaDomain = "http://myoktadomain.com",
ClientId = "foo",
ClientSecret = "bar",
RedirectUri = "/redirectUri",
Scope = new List <string> {
"openid", "profile", "email"
},
LoginMode = LoginMode.SelfHosted,
};
var notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = null,
};
var oidcOptions = OpenIdConnectAuthenticationOptionsBuilder.BuildOpenIdConnectAuthenticationOptions(
oktaMvcOptions,
notifications);
oidcOptions.AuthenticationMode.Should().Be(AuthenticationMode.Passive);
}
public void CallUserInformationProviderWhenGetClaimsFromUserInfoEndpointIsTrue()
{
var oktaMvcOptions = new OktaMvcOptions()
{
PostLogoutRedirectUri = "http://postlogout.com",
OktaDomain = "http://myoktadomain.com",
ClientId = "foo",
ClientSecret = "bar",
RedirectUri = "/redirectUri",
Scope = new List <string> {
"openid", "profile", "email"
},
GetClaimsFromUserInfoEndpoint = true,
};
List <Claim> claims = new List <Claim>();
claims.Add(new Claim("testClaimType", "testClaimValue"));
var oidcOptions = new OpenIdConnectAuthenticationOptionsBuilder(oktaMvcOptions, new MockUserInformationProvider(claims)).BuildOpenIdConnectAuthenticationOptions();
oidcOptions.ClientId.Should().Be(oktaMvcOptions.ClientId);
oidcOptions.ClientSecret.Should().Be(oktaMvcOptions.ClientSecret);
oidcOptions.PostLogoutRedirectUri.Should().Be(oktaMvcOptions.PostLogoutRedirectUri);
oidcOptions.AuthenticationMode.Should().Be(AuthenticationMode.Active);
var issuer = UrlHelper.CreateIssuerUrl(oktaMvcOptions.OktaDomain, oktaMvcOptions.AuthorizationServerId);
oidcOptions.Authority.Should().Be(issuer);
oidcOptions.RedirectUri.Should().Be(oktaMvcOptions.RedirectUri);
oidcOptions.Scope.Should().Be(string.Join(" ", oktaMvcOptions.Scope));
SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context = new SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(null, null);
context.AuthenticationTicket = new AuthenticationTicket(new ClaimsIdentity(), null);
context.ProtocolMessage = new OpenIdConnectMessage()
{
AccessToken = "foo", IdToken = "bar"
};
// This event should call UserInformationProvider.EnrichIdentityViaUserInfoAsync
oidcOptions.Notifications.SecurityTokenValidated(context);
context.AuthenticationTicket.Identity.Claims.Where(x => x.Type == "testClaimType").Count().Should().Be(1);
}
public void BuildOpenIdConnectAuthenticationOptionsCorrectly()
{
var mockTokenEvent = Substitute.For <Func <SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> >();
var oktaMvcOptions = new OktaMvcOptions()
{
PostLogoutRedirectUri = "http://postlogout.com",
OktaDomain = "http://myoktadomain.com",
ClientId = "foo",
ClientSecret = "bar",
RedirectUri = "/redirectUri",
Scope = new List <string> {
"openid", "profile", "email"
},
SecurityTokenValidated = mockTokenEvent,
GetClaimsFromUserInfoEndpoint = false,
};
var oidcOptions = new OpenIdConnectAuthenticationOptionsBuilder(oktaMvcOptions).BuildOpenIdConnectAuthenticationOptions();
oidcOptions.ClientId.Should().Be(oktaMvcOptions.ClientId);
oidcOptions.ClientSecret.Should().Be(oktaMvcOptions.ClientSecret);
oidcOptions.PostLogoutRedirectUri.Should().Be(oktaMvcOptions.PostLogoutRedirectUri);
oidcOptions.AuthenticationMode.Should().Be(AuthenticationMode.Active);
var issuer = UrlHelper.CreateIssuerUrl(oktaMvcOptions.OktaDomain, oktaMvcOptions.AuthorizationServerId);
oidcOptions.Authority.Should().Be(issuer);
oidcOptions.RedirectUri.Should().Be(oktaMvcOptions.RedirectUri);
oidcOptions.Scope.Should().Be(string.Join(" ", oktaMvcOptions.Scope));
SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context = new SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(null, null);
context.AuthenticationTicket = new AuthenticationTicket(new ClaimsIdentity(), null);
context.ProtocolMessage = new OpenIdConnectMessage()
{
AccessToken = "foo", IdToken = "bar"
};
// Check the event was call once with the corresponding context
oidcOptions.Notifications.SecurityTokenValidated(context);
mockTokenEvent.Received(1).Invoke(context);
}
public void BuildOpenIdConnectAuthenticationOptionsCorrectly()
{
var mockTokenEvent = Substitute.For <Func <SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> >();
var oktaMvcOptions = new OktaMvcOptions()
{
PostLogoutRedirectUri = "http://postlogout.com",
OktaDomain = "http://myoktadomain.com",
ClientId = "foo",
ClientSecret = "bar",
RedirectUri = "/redirectUri",
Scope = new List <string> {
"openid", "profile", "email"
},
SecurityTokenValidated = mockTokenEvent,
};
var notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = null,
};
var oidcOptions = OpenIdConnectAuthenticationOptionsBuilder.BuildOpenIdConnectAuthenticationOptions(
oktaMvcOptions,
notifications);
oidcOptions.ClientId.Should().Be(oktaMvcOptions.ClientId);
oidcOptions.ClientSecret.Should().Be(oktaMvcOptions.ClientSecret);
oidcOptions.PostLogoutRedirectUri.Should().Be(oktaMvcOptions.PostLogoutRedirectUri);
oidcOptions.AuthenticationMode.Should().Be(AuthenticationMode.Active);
var issuer = UrlHelper.CreateIssuerUrl(oktaMvcOptions.OktaDomain, oktaMvcOptions.AuthorizationServerId);
oidcOptions.Authority.Should().Be(issuer);
oidcOptions.RedirectUri.Should().Be(oktaMvcOptions.RedirectUri);
oidcOptions.Scope.Should().Be(string.Join(" ", oktaMvcOptions.Scope));
// Check the event was call once with a null parameter
oidcOptions.Notifications.SecurityTokenValidated(null);
mockTokenEvent.Received(1).Invoke(null);
}
