public async Task FailsToCreateAuthorizationRequest_IfScopesResolver_DeterminesThereAreInvalidScopes()
{
// Arrange
var parameters =
new Dictionary <string, string[]>
{
[OpenIdConnectParameterNames.State] = new[] { "state" },
[OpenIdConnectParameterNames.ClientId] = new[] { "a" },
[OpenIdConnectParameterNames.RedirectUri] = new[] { "http://www.example.com/callback" },
[OpenIdConnectParameterNames.ResponseType] = new[] { "code" },
[OpenIdConnectParameterNames.ResponseMode] = new[] { "form_post" },
[OpenIdConnectParameterNames.Scope] = new[] { "openid invalid" },
};
var expectedError = new AuthorizationRequestError(ProtocolErrorProvider.InvalidScope("openid"), null, null);
expectedError.Message.State = "state";
var factory = CreateAuthorizationRequestFactory(validClientId: true, validRedirectUri: true, validScopes: false);
// Act
var result = await factory.CreateAuthorizationRequestAsync(parameters);
// Assert
Assert.False(result.IsValid);
Assert.Equal(expectedError, result.Error, IdentityServiceErrorComparer.Instance);
Assert.Equal("http://www.example.com/callback", result.Error.RedirectUri);
Assert.Equal(OpenIdConnectResponseMode.FormPost, result.Error.ResponseMode);
}
public async Task <ScopeResolutionResult> ResolveScopesAsync(string clientId, IEnumerable <string> scopes)
{
var authorizedParty = await _applicationManager.FindByClientIdAsync(clientId);
var authorizedPartyScopes = await _applicationManager.FindScopesAsync(authorizedParty);
var result = new List <ApplicationScope>();
string resourceName = null;
TApplication resourceApplication = null;
IEnumerable <string> resourceApplicationScopes = null;
foreach (var scope in scopes)
{
var(wellFormed, canonical, name, scopeValue) = ParseScope(scope);
if (!wellFormed)
{
return(ScopeResolutionResult.Invalid(_errorProvider.InvalidScope(scope)));
}
if (canonical && authorizedPartyScopes.Any(s => s.Equals(scope, StringComparison.Ordinal)))
{
result.Add(ApplicationScope.CanonicalScopes[scope]);
}
if (canonical)
{
// We purposely ignore canonical scopes not allowed by the client application.
continue;
}
resourceName = resourceName ?? name;
if (resourceName != null && !resourceName.Equals(name, StringComparison.Ordinal))
{
return(ScopeResolutionResult.Invalid(_errorProvider.MultipleResourcesNotSupported(resourceName, name)));
}
if (resourceApplicationScopes == null)
{
resourceApplication = await _applicationManager.FindByNameAsync(resourceName);
if (resourceApplication == null)
{
return(ScopeResolutionResult.Invalid(_errorProvider.InvalidScope(scope)));
}
resourceApplicationScopes = await _applicationManager.FindScopesAsync(resourceApplication);
}
if (!resourceApplicationScopes.Contains(scopeValue, StringComparer.Ordinal))
{
return(ScopeResolutionResult.Invalid(_errorProvider.InvalidScope(scope)));
}
else
{
var resourceClientId = await _applicationManager.GetApplicationClientIdAsync(resourceApplication);
result.Add(new ApplicationScope(resourceClientId, scopeValue));
}
}
return(ScopeResolutionResult.Valid(result));
}
