public async Task When_Registering_A_Client_Then_No_Exception_Is_Thrown()
        {
            var tokenClient = new TokenClient(
                TokenCredentials.FromClientCredentials("stateless_client", "stateless_client"),
                _server.Client,
                new Uri($"{BaseUrl}/.well-known/openid-configuration"));
            var grantedToken =
                await tokenClient.GetToken(TokenRequest.FromScopes("manager")).ConfigureAwait(false) as
                Option <GrantedTokenResponse> .Result;

            var registrationClient = await ManagementClient.Create(
                _server.Client,
                new Uri($"{BaseUrl}/.well-known/openid-configuration"))
                                     .ConfigureAwait(false);

            var client = await registrationClient.Register(
                new Client
            {
                JsonWebKeys     = TestKeys.SecretKey.CreateSignatureJwk().ToSet(),
                AllowedScopes   = new[] { "openid" },
                ClientName      = "Test",
                ClientId        = "id",
                RedirectionUrls = new[] { new Uri("https://localhost"), },
                RequestUris     = new[] { new Uri("https://localhost") },
            },
                grantedToken.Item.AccessToken)
                         .ConfigureAwait(false) as Option <Client> .Result;

            Assert.NotNull(client);
        }
        public async Task When_Empty_Json_Request_Is_Passed_To_Registration_Api_Then_Error_Is_Returned()
        {
            var tokenClient = new TokenClient(
                TokenCredentials.FromClientCredentials("stateless_client", "stateless_client"),
                _server.Client,
                new Uri($"{BaseUrl}/.well-known/openid-configuration"));
            var grantedToken = await tokenClient.GetToken(TokenRequest.FromScopes("register_client"))
                               .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;

            var obj      = new { fake = "fake" };
            var fakeJson = JsonConvert.SerializeObject(
                obj,
                new JsonSerializerSettings {
                NullValueHandling = NullValueHandling.Ignore
            });
            var httpRequest = new HttpRequestMessage
            {
                Method     = HttpMethod.Post,
                RequestUri = new Uri($"{BaseUrl}/clients"),
                Content    = new StringContent(fakeJson)
            };

            httpRequest.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
            httpRequest.Headers.Authorization       = new AuthenticationHeaderValue("Bearer", grantedToken.Item.AccessToken);

            var httpResult = await _server.Client().SendAsync(httpRequest).ConfigureAwait(false);

            Assert.Equal(HttpStatusCode.BadRequest, httpResult.StatusCode);
        }
        public void SuccessfulMultiplePermissionsCreation()
        {
            GrantedTokenResponse grantedToken = null !;
            UmaClient            client       = null !;
            string resourceId = null !;
            string ticketId   = null !;

            "and a valid UMA token".x(
                async() =>
            {
                var tokenClient = new TokenClient(
                    TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"),
                    Fixture.Client,
                    new Uri(WellKnownUmaConfiguration));
                var token = await tokenClient.GetToken(TokenRequest.FromScopes("uma_protection"))
                            .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
                grantedToken = token !.Item;

                Assert.NotNull(grantedToken);
            });

            "and a properly configured uma client".x(
                () => client = new UmaClient(Fixture.Client, new Uri(WellKnownUmaConfiguration)));

            "when registering resource".x(
                async() =>
            {
                var resource = await client.AddResource(
                    new ResourceSet {
                    Name = "picture", Scopes = new[] { "read", "write" }
                },
                    grantedToken.AccessToken)
                               .ConfigureAwait(false) as Option <AddResourceSetResponse> .Result;
                resourceId = resource !.Item.Id;

                Assert.NotNull(resourceId);
            });

            "and adding permission".x(
                async() =>
            {
                var response = await client.RequestPermission(
                    grantedToken.AccessToken,
                    CancellationToken.None,
                    new PermissionRequest {
                    ResourceSetId = resourceId, Scopes = new[] { "write" }
                },
                    new PermissionRequest {
                    ResourceSetId = resourceId, Scopes = new[] { "read" }
                })
                               .ConfigureAwait(false) as Option <TicketResponse> .Result;

                ticketId = response !.Item.TicketId;

                Assert.NotNull(ticketId);
            });

            "then returns ticket id".x(() => { Assert.NotNull(ticketId); });
        }
        public void SuccessfulPermissionCreation()
        {
            GrantedTokenResponse grantedToken = null !;
            UmaClient            client       = null !;
            JsonWebKeySet        jwks         = null !;
            string resourceId = null !;
            string ticketId   = null !;

            "and the server's signing key".x(
                async() =>
            {
                var json = await _fixture.Client().GetStringAsync(BaseUrl + "/jwks").ConfigureAwait(false);
                jwks     = new JsonWebKeySet(json);

                Assert.NotEmpty(jwks.Keys);
            });

            "and a valid UMA token".x(
                async() =>
            {
                var tokenClient = new TokenClient(
                    TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"),
                    _fixture.Client,
                    new Uri(WellKnownUmaConfiguration));
                var token = await tokenClient.GetToken(TokenRequest.FromScopes("uma_protection"))
                            .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
                grantedToken = token !.Item;
            });

            "and a properly configured uma client".x(
                () => client = new UmaClient(_fixture.Client, new Uri(WellKnownUmaConfiguration)));

            "when registering resource".x(
                async() =>
            {
                var resource = await client.AddResource(
                    new ResourceSet {
                    Name = "picture", Scopes = new[] { "read" }
                },
                    grantedToken.AccessToken)
                               .ConfigureAwait(false) as Option <AddResourceSetResponse> .Result;
                resourceId = resource.Item.Id;
            });

            "and adding permission".x(
                async() =>
            {
                var response = await client.RequestPermission(
                    grantedToken.AccessToken,
                    requests: new PermissionRequest {
                    ResourceSetId = resourceId, Scopes = new[] { "read" }
                })
                               .ConfigureAwait(false) as Option <TicketResponse> .Result;

                ticketId = response !.Item.TicketId;
            });

            "then returns ticket id".x(() => { Assert.NotNull(ticketId); });
        }
 /// <summary>
 /// 获取一个Token
 /// </summary>
 /// <returns></returns>
 private byte[] GetToken(bool checkExpire = true)
 {
     if (checkExpire && _tokenUtil.IsTokenExipre())
     {
         CloseToken();
         InitToken();
     }
     return(Serializer.Serialize(_tokenUtil.GetToken()));
 }
Exemple #6
0
        public async Task When_Using_ClientCredentials_Grant_Type_Then_AccessToken_Is_Returned()
        {
            var tokenClient = new TokenClient(
                TokenCredentials.FromClientCredentials("resource_server", "resource_server"),
                _server.Client,
                new Uri(BaseUrl + WellKnownUma2Configuration));
            var result = await tokenClient.GetToken(TokenRequest.FromScopes("uma_protection", "uma_authorization"))
                         .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;

            Assert.NotEmpty(result.Item.AccessToken);
        }
Exemple #7
0
        public async Task WhenPassingClientAccessTokenToUserInfoThenClientClaimsAreReturned()
        {
            var tokenClient = new TokenClient(
                TokenCredentials.FromClientCredentials("stateless_client", "stateless_client"),
                _server.Client,
                new Uri(BaseUrl + WellKnownOpenidConfiguration));
            var result = await tokenClient.GetToken(TokenRequest.FromScopes("openid")).ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;

            var getUserInfoResult = await _userInfoClient.GetUserInfo(result.Item.AccessToken).ConfigureAwait(false);

            Assert.IsType <Option <JwtPayload> .Result>(getUserInfoResult);
        }
Exemple #8
0
        public async Task When_Pass_Access_Token_Then_Jwe_Is_Returned()
        {
            var tokenClient = new TokenClient(
                TokenCredentials.FromClientCredentials("client_userinfo_enc_rsa15", "client_userinfo_enc_rsa15"),
                _server.Client,
                new Uri(BaseUrl + WellKnownOpenidConfiguration));
            var result = await tokenClient
                         .GetToken(TokenRequest.FromPassword("administrator", "password", new[] { "scim" }))
                         .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;

            var getUserInfoResult = await _userInfoClient.GetUserInfo(result.Item.AccessToken).ConfigureAwait(false);

            Assert.IsType <Option <JwtPayload> .Result>(getUserInfoResult);
        }
Exemple #9
0
        public async Task When_Ticket_Id_Does_Not_Exist_Then_Error_Is_Returned()
        {
            var tokenClient = new TokenClient(
                TokenCredentials.FromClientCredentials("resource_server", "resource_server"),
                _server.Client,
                new Uri(BaseUrl + WellKnownUma2Configuration));
            // Try to get the access token via "ticket_id" grant-type.
            var token =
                await tokenClient.GetToken(TokenRequest.FromTicketId("ticket_id", "")).ConfigureAwait(false) as
                Option <GrantedTokenResponse> .Error;

            Assert.Equal(ErrorCodes.InvalidGrant, token.Details.Title);
            Assert.Equal(string.Format(Strings.TheTicketDoesntExist, "ticket_id"), token.Details.Detail);
        }
        public async Task When_Pass_Redirect_Uri_With_Fragment_Then_Error_Is_Returned()
        {
            var tokenClient = new TokenClient(
                TokenCredentials.FromClientCredentials("stateless_client", "stateless_client"),
                _server.Client,
                new Uri($"{BaseUrl}/.well-known/openid-configuration"));
            var grantedToken = await tokenClient.GetToken(TokenRequest.FromScopes("register_client"))
                               .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;

            var obj = new
            {
                JsonWebKeys     = TestKeys.SecretKey.CreateSignatureJwk().ToSet(),
                AllowedScopes   = new[] { "openid" },
                RequestUris     = new[] { new Uri("https://localhost") },
                RedirectionUrls = new[] { new Uri("http://localhost#fragment") },
                //LogoUri = "http://google.com",
                ClientUri = new Uri("https://valid")
            };
            var fakeJson = JsonConvert.SerializeObject(
                obj,
                new JsonSerializerSettings {
                NullValueHandling = NullValueHandling.Ignore
            });
            var httpRequest = new HttpRequestMessage
            {
                Method     = HttpMethod.Post,
                RequestUri = new Uri($"{BaseUrl}/registration"),
                Content    = new StringContent(fakeJson)
            };

            httpRequest.Content.Headers.ContentType = new MediaTypeHeaderValue(ApplicationJson);
            httpRequest.Headers.Authorization       = new AuthenticationHeaderValue(
                grantedToken.Item.TokenType,
                grantedToken.Item.AccessToken);

            var httpResult = await _server.SharedCtx.Client().SendAsync(httpRequest).ConfigureAwait(false);

            //Assert.Equal(HttpStatusCode.OK, httpResult.StatusCode);

            var json = await httpResult.Content.ReadAsStringAsync().ConfigureAwait(false);

            var error = JsonConvert.DeserializeObject <ErrorDetails>(json);

            Assert.Equal("invalid_redirect_uri", error !.Title);
            Assert.Equal(
                string.Format(Strings.TheRedirectUrlCannotContainsFragment, "http://localhost/#fragment"),
                error.Detail);
        }
Exemple #11
0
        public void SuccessfulTokenValidationFromMetadata()
        {
            GrantedTokenResponse tokenResponse = null !;
            JsonWebKeySet        jwks          = null !;

            "And a valid token".x(
                async() =>
            {
                var tokenClient = new TokenClient(
                    TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"),
                    Fixture.Client,
                    new Uri(WellKnownOpenidConfiguration));
                var response =
                    await tokenClient.GetToken(TokenRequest.FromScopes("api1")).ConfigureAwait(false) as
                    Option <GrantedTokenResponse> .Result;

                Assert.NotNull(response);

                tokenResponse = response.Item;
            });

            "then can download json web key set".x(
                async() =>
            {
                var jwksJson = await Fixture.Client().GetStringAsync(BaseUrl + "/jwks").ConfigureAwait(false);

                Assert.NotNull(jwksJson);

                jwks = JsonWebKeySet.Create(jwksJson);
            });

            "Then can create token validation parameters from service metadata".x(
                () =>
            {
                var validationParameters = new TokenValidationParameters
                {
                    IssuerSigningKeys = jwks.Keys,
                    ValidIssuer       = "https://localhost",
                    ValidAudience     = "clientCredentials"
                };

                var handler = new JwtSecurityTokenHandler();

                handler.ValidateToken(tokenResponse.AccessToken, validationParameters, out var securityToken);

                Assert.NotNull(securityToken);
            });
        }
Exemple #12
0
        public async Task CanGetToken()
        {
            var client = new TokenClient(
                TokenCredentials.FromClientCredentials("client", "secret"),
                () => new HttpClient(),
                new Uri("http://localhost:8080/.well-known/openid-configuration"));
            await _fixture.GetUser().ConfigureAwait(false);

            for (var i = 0; i < 100; i++)
            {
                var token = await client.GetToken(TokenRequest.FromPassword("user", "password", new[] { "read" }))
                            .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;

                Assert.NotNull(token.Item);
            }
        }
Exemple #13
0
        public async Task When_Introspecting_AccessToken_Then_Information_Are_Returned()
        {
            var tokenClient = new TokenClient(
                TokenCredentials.FromClientCredentials("client", "client"),
                _server.Client,
                new Uri(BaseUrl + WellKnownOpenidConfiguration));
            var result =
                await tokenClient.GetToken(TokenRequest.FromPassword("administrator", "password", new[] { "scim" }))
                .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;

            var introspection = await tokenClient.Introspect(
                IntrospectionRequest.Create(result.Item.AccessToken, TokenTypes.AccessToken, "pat"))
                                .ConfigureAwait(false) as Option <OauthIntrospectionResponse> .Result;

            Assert.Single(introspection.Item.Scope);
            Assert.Equal("scim", introspection.Item.Scope.First());
        }
        public async Task WhenPassInvalidRedirectUrisThenErrorIsReturned()
        {
            var tokenClient = new TokenClient(
                TokenCredentials.FromClientCredentials("stateless_client", "stateless_client"),
                _server.Client,
                new Uri($"{BaseUrl}/.well-known/openid-configuration"));
            var grantedToken =
                await tokenClient.GetToken(TokenRequest.FromScopes("manager")).ConfigureAwait(false) as
                Option <GrantedTokenResponse> .Result;

            var obj = new
            {
                allowed_scopes = new[] { "openid" },
                request_uris   = new[] { new Uri("https://localhost") },
                redirect_uris  = new[] { "localhost" },
                client_uri     = new Uri("http://google.com"),
                tos_uri        = new Uri("http://google.com"),
                jwks           = TestKeys.SecretKey.CreateSignatureJwk().ToSet()
            };
            var fakeJson = JsonConvert.SerializeObject(
                obj,
                new JsonSerializerSettings {
                NullValueHandling = NullValueHandling.Ignore
            });
            var httpRequest = new HttpRequestMessage
            {
                Method     = HttpMethod.Post,
                RequestUri = new Uri($"{BaseUrl}/clients"),
                Content    = new StringContent(fakeJson)
            };

            httpRequest.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
            httpRequest.Headers.Authorization       = new AuthenticationHeaderValue("Bearer", grantedToken.Item.AccessToken);

            var httpResult = await _server.Client().SendAsync(httpRequest).ConfigureAwait(false);

            Assert.Equal(HttpStatusCode.BadRequest, httpResult.StatusCode);
            var json = await httpResult.Content.ReadAsStringAsync().ConfigureAwait(false);

            var error = JsonConvert.DeserializeObject <ErrorDetails>(json);

            Assert.Equal(ErrorCodes.InvalidRedirectUri, error !.Title);
        }
        public async Task When_Pass_Invalid_Tos_Uri_Then_Error_Is_Returned()
        {
            var tokenClient = new TokenClient(
                TokenCredentials.FromClientCredentials("stateless_client", "stateless_client"),
                _server.Client,
                new Uri($"{BaseUrl}/.well-known/openid-configuration"));
            var grantedToken = await tokenClient.GetToken(TokenRequest.FromScopes("register_client"))
                               .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;

            var obj = new
            {
                AllowedScopes   = new[] { "openid" },
                RequestUris     = new[] { new Uri("https://localhost") },
                RedirectionUrls = new[] { new Uri("http://localhost") },
                LogoUri         = new Uri("http://google.com"),
                ClientUri       = new Uri("https://valid_client_uri"),
                TosUri          = "invalid"
            };
            var fakeJson = JsonConvert.SerializeObject(
                obj,
                new JsonSerializerSettings {
                NullValueHandling = NullValueHandling.Ignore
            });
            var httpRequest = new HttpRequestMessage
            {
                Method     = HttpMethod.Post,
                RequestUri = new Uri($"{BaseUrl}/registration"),
                Content    = new StringContent(fakeJson)
            };

            httpRequest.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
            httpRequest.Headers.Authorization       = new AuthenticationHeaderValue("Bearer", grantedToken.Item.AccessToken);

            var httpResult = await _server.Client().SendAsync(httpRequest).ConfigureAwait(false);

            var json = await httpResult.Content.ReadAsStringAsync().ConfigureAwait(false);

            var error = JsonConvert.DeserializeObject <ErrorDetails>(json);

            Assert.Equal("invalid_client_metadata", error !.Title);
            Assert.Equal("the parameter tos_uri is not correct", error.Detail);
        }
        public async Task When_Revoke_Token_And_Client_Is_Different_Then_Error_Is_Returned()
        {
            var tokenClient = new TokenClient(
                TokenCredentials.FromClientCredentials("client_userinfo_enc_rsa15", "client_userinfo_enc_rsa15"),
                _server.Client,
                new Uri(BaseUrl + WellKnownOpenidConfiguration));
            var result = await tokenClient
                         .GetToken(TokenRequest.FromPassword("administrator", "password", new[] { "scim" }))
                         .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;

            var revokeClient = new TokenClient(
                TokenCredentials.FromClientCredentials("client", "client"),
                _server.Client,
                new Uri(BaseUrl + WellKnownOpenidConfiguration));
            var ex = await revokeClient
                     .RevokeToken(RevokeTokenRequest.Create(result.Item.AccessToken, TokenTypes.AccessToken))
                     .ConfigureAwait(false) as Option.Error;

            Assert.Equal("invalid_token", ex.Details.Title);
            Assert.Equal("The token has not been issued for the given client id 'client'", ex.Details.Detail);
        }
        public async Task When_Revoking_RefreshToken_Then_True_Is_Returned()
        {
            var tokenClient = new TokenClient(
                TokenCredentials.FromClientCredentials("client", "client"),
                _server.Client,
                new Uri(BaseUrl + WellKnownOpenidConfiguration));
            var result = await tokenClient
                         .GetToken(TokenRequest.FromPassword("administrator", "password", new[] { "scim", "offline" }))
                         .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;

            var revoke = await tokenClient
                         .RevokeToken(RevokeTokenRequest.Create(result.Item.RefreshToken, TokenTypes.RefreshToken))
                         .ConfigureAwait(false);

            var introspectClient = new UmaClient(_server.Client, new Uri(BaseUrl + WellKnownOpenidConfiguration));
            var ex = await introspectClient.Introspect(
                IntrospectionRequest.Create(result.Item.RefreshToken, TokenTypes.RefreshToken, "pat"))
                     .ConfigureAwait(false);

            Assert.IsType <Option.Success>(revoke);
            Assert.IsType <Option <UmaIntrospectionResponse> .Error>(ex);
        }
Exemple #18
0
        public async Task When_Using_TicketId_Grant_Type_Then_AccessToken_Is_Returned()
        {
            var handler = new JwtSecurityTokenHandler();
            var set     = new JsonWebKeySet();

            set.Keys.Add(_server.SharedUmaCtx.SignatureKey);

            var securityToken = new JwtSecurityToken(
                "http://server.example.com",
                "s6BhdRkqt3",
                new[] { new Claim("sub", "248289761001") },
                null,
                DateTime.UtcNow.AddYears(1),
                new SigningCredentials(set.GetSignKeys().First(), SecurityAlgorithms.HmacSha256));
            var jwt = handler.WriteToken(securityToken);

            var tc = new TokenClient(
                TokenCredentials.FromClientCredentials("resource_server", "resource_server"),
                _server.Client,
                new Uri(BaseUrl + WellKnownUma2Configuration));
            // Get PAT.
            var result = await tc.GetToken(TokenRequest.FromScopes("uma_protection", "uma_authorization"))
                         .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;

            var resourceSet = new ResourceSet
            {
                Name   = "name",
                Scopes = new[] { "read", "write", "execute" },
                AuthorizationPolicies = new[]
                {
                    new PolicyRule
                    {
                        ClientIdsAllowed = new[] { "resource_server" },
                        Scopes           = new[] { "read", "write", "execute" }
                    }
                }
            };
            var resource =
                await _umaClient.AddResource(resourceSet, result.Item.AccessToken).ConfigureAwait(false) as
                Option <AddResourceSetResponse> .Result;

            resourceSet = resourceSet with {
                Id = resource.Item.Id
            };
            await _umaClient.UpdateResource(resourceSet, result.Item.AccessToken).ConfigureAwait(false);

            var ticket = await _umaClient.RequestPermission(
                "header",
                requests : new PermissionRequest    // Add permission & retrieve a ticket id.
            {
                ResourceSetId = resource.Item.Id, Scopes = new[] { "read" }
            })
                         .ConfigureAwait(false) as Option <TicketResponse> .Result;

            Assert.NotNull(ticket.Item);

            var tokenClient = new TokenClient(
                TokenCredentials.FromClientCredentials("resource_server", "resource_server"),
                _server.Client,
                new Uri(BaseUrl + WellKnownUma2Configuration));
            var token = await tokenClient.GetToken(TokenRequest.FromTicketId(ticket.Item.TicketId, jwt))
                        .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;

            var jwtToken = handler.ReadJwtToken(token.Item.AccessToken);

            Assert.NotNull(jwtToken.Claims);
        }
        public void ExecuteDeviceAuthorizationFlowWithUserApproval()
        {
            const string clientId    = "device";
            ITokenClient tokenClient = null !;
            DeviceAuthorizationResponse           response    = null !;
            GrantedTokenResponse                  token       = null !;
            Task <Option <GrantedTokenResponse> > pollingTask = null !;

            "Given a token client".x(
                () =>
            {
                tokenClient = new TokenClient(
                    TokenCredentials.AsDevice(),
                    _fixture.Client,
                    new Uri(WellKnownOpenidConfiguration));

                Assert.NotNull(tokenClient);
            });

            "and an access token".x(
                async() =>
            {
                var authClient = new TokenClient(
                    TokenCredentials.FromClientCredentials(clientId, "client"),
                    _fixture.Client,
                    new Uri(WellKnownOpenidConfiguration));
                var tokenResponse = await authClient.GetToken(
                    TokenRequest.FromPassword("user", "password", new[] { "openid" }))
                                    .ConfigureAwait(false);

                Assert.IsType <Option <GrantedTokenResponse> .Result>(tokenResponse);

                token = (tokenResponse as Option <GrantedTokenResponse> .Result).Item;
            });

            "When a device requests authorization".x(
                async() =>
            {
                var genericResponse = await tokenClient.GetAuthorization(new DeviceAuthorizationRequest(clientId))
                                      .ConfigureAwait(false);

                Assert.IsType <Option <DeviceAuthorizationResponse> .Result>(genericResponse);

                response = (genericResponse as Option <DeviceAuthorizationResponse> .Result).Item;
            });

            "and the device polls the token server".x(
                async() =>
            {
                pollingTask = tokenClient.GetToken(
                    TokenRequest.FromDeviceCode(clientId, response.DeviceCode, response.Interval));

                Assert.False(pollingTask.IsCompleted);
            });

            "and user successfully posts user code".x(
                async() =>
            {
                var client = _fixture.Client();
                var msg    = new HttpRequestMessage
                {
                    Method     = HttpMethod.Post,
                    RequestUri = new Uri(response.VerificationUri),
                    Content    = new FormUrlEncodedContent(
                        new[] { new KeyValuePair <string, string>("code", response.UserCode) })
                };
                msg.Headers.Authorization = new AuthenticationHeaderValue(token.TokenType, token.AccessToken);

                var approval = await client.SendAsync(msg).ConfigureAwait(false);

                Assert.Equal(HttpStatusCode.OK, approval.StatusCode);
            });

            "then token is returned from polling".x(
                async() =>
            {
                var tokenResponse = await pollingTask.ConfigureAwait(false);

                Assert.IsType <Option <GrantedTokenResponse> .Result>(tokenResponse);
            });
        }
 /// <summary>
 /// Creates the token.
 /// </summary>
 /// <returns>Task.</returns>
 public async Task CreateToken()
 {
     await tokenClient.GetToken(new TokenRequest(Username, Password));
 }
 public async Task <string> Typed([FromServices] TokenClient tokenClient)
 {
     return(await tokenClient.GetToken());
 }
        public void SuccessfulPermissionCreation()
        {
            TestServerFixture    fixture      = null !;
            GrantedTokenResponse grantedToken = null !;
            UmaClient            client       = null !;
            string resourceId = null !;
            string ticketId   = null !;

            "Given a running auth server".x(() => fixture = new TestServerFixture(_outputHelper, BaseUrl))
            .Teardown(() => fixture.Dispose());

            "and the server's signing key".x(
                async() =>
            {
                var json = await fixture.Client().GetStringAsync(BaseUrl + "/jwks").ConfigureAwait(false);
                var jwks = new JsonWebKeySet(json);

                Assert.NotEmpty(jwks.Keys);
            });

            "and a valid UMA token".x(
                async() =>
            {
                var tokenClient = new TokenClient(
                    TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"),
                    fixture.Client,
                    new Uri(WellKnownUmaConfiguration));
                var token = await tokenClient.GetToken(TokenRequest.FromScopes("uma_protection"))
                            .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
                var handler   = new JwtSecurityTokenHandler();
                var principal = handler.ReadJwtToken(token.Item.AccessToken);
                Assert.NotNull(principal.Issuer);
                grantedToken = token.Item;
            });

            "and a properly configured uma client".x(
                () => client = new UmaClient(fixture.Client, new Uri(WellKnownUmaConfiguration)));

            "when registering resource".x(
                async() =>
            {
                var resource = await client.AddResource(
                    new ResourceSet {
                    Name = "picture", Scopes = new[] { "read" }
                },
                    grantedToken.AccessToken)
                               .ConfigureAwait(false) as Option <AddResourceSetResponse> .Result;
                resourceId = resource.Item.Id;
            });

            "and adding permission".x(
                async() =>
            {
                var response = await client.RequestPermission(
                    grantedToken.AccessToken,
                    requests: new PermissionRequest {
                    IdToken = grantedToken.IdToken, ResourceSetId = resourceId, Scopes = new[] { "read" }
                })
                               .ConfigureAwait(false) as Option <TicketResponse> .Result;

                Assert.NotNull(response);

                ticketId = response.Item.TicketId;
            });

            "then returns ticket id".x(() => { Assert.NotNull(ticketId); });
        }