public async Task FailsToCreateAuthorizationRequest_IfScopesResolver_DeterminesThereAreInvalidScopes() { // Arrange var parameters = new Dictionary <string, string[]> { [OpenIdConnectParameterNames.State] = new[] { "state" }, [OpenIdConnectParameterNames.ClientId] = new[] { "a" }, [OpenIdConnectParameterNames.RedirectUri] = new[] { "http://www.example.com/callback" }, [OpenIdConnectParameterNames.ResponseType] = new[] { "code" }, [OpenIdConnectParameterNames.ResponseMode] = new[] { "form_post" }, [OpenIdConnectParameterNames.Scope] = new[] { "openid invalid" }, }; var expectedError = new AuthorizationRequestError(ProtocolErrorProvider.InvalidScope("openid"), null, null); expectedError.Message.State = "state"; var factory = CreateAuthorizationRequestFactory(validClientId: true, validRedirectUri: true, validScopes: false); // Act var result = await factory.CreateAuthorizationRequestAsync(parameters); // Assert Assert.False(result.IsValid); Assert.Equal(expectedError, result.Error, IdentityServiceErrorComparer.Instance); Assert.Equal("http://www.example.com/callback", result.Error.RedirectUri); Assert.Equal(OpenIdConnectResponseMode.FormPost, result.Error.ResponseMode); }
public async Task <ScopeResolutionResult> ResolveScopesAsync(string clientId, IEnumerable <string> scopes) { var authorizedParty = await _applicationManager.FindByClientIdAsync(clientId); var authorizedPartyScopes = await _applicationManager.FindScopesAsync(authorizedParty); var result = new List <ApplicationScope>(); string resourceName = null; TApplication resourceApplication = null; IEnumerable <string> resourceApplicationScopes = null; foreach (var scope in scopes) { var(wellFormed, canonical, name, scopeValue) = ParseScope(scope); if (!wellFormed) { return(ScopeResolutionResult.Invalid(_errorProvider.InvalidScope(scope))); } if (canonical && authorizedPartyScopes.Any(s => s.Equals(scope, StringComparison.Ordinal))) { result.Add(ApplicationScope.CanonicalScopes[scope]); } if (canonical) { // We purposely ignore canonical scopes not allowed by the client application. continue; } resourceName = resourceName ?? name; if (resourceName != null && !resourceName.Equals(name, StringComparison.Ordinal)) { return(ScopeResolutionResult.Invalid(_errorProvider.MultipleResourcesNotSupported(resourceName, name))); } if (resourceApplicationScopes == null) { resourceApplication = await _applicationManager.FindByNameAsync(resourceName); if (resourceApplication == null) { return(ScopeResolutionResult.Invalid(_errorProvider.InvalidScope(scope))); } resourceApplicationScopes = await _applicationManager.FindScopesAsync(resourceApplication); } if (!resourceApplicationScopes.Contains(scopeValue, StringComparer.Ordinal)) { return(ScopeResolutionResult.Invalid(_errorProvider.InvalidScope(scope))); } else { var resourceClientId = await _applicationManager.GetApplicationClientIdAsync(resourceApplication); result.Add(new ApplicationScope(resourceClientId, scopeValue)); } } return(ScopeResolutionResult.Valid(result)); }