public async Task Client_can_use_plain_code_challenge_method()
{
await _pipeline.LoginAsync("bob");
var nonce = Guid.NewGuid().ToString();
var code_challenge = code_verifier;
var authorizeResponse = await _pipeline.RequestAuthorizationEndpointAsync(client_id,
response_type,
Constants.StandardScopes.OpenId,
redirect_uri,
nonce : nonce,
codeChallenge : code_challenge,
codeChallengeMethod : OidcConstants.CodeChallengeMethods.Plain);
authorizeResponse.IsError.Should().BeFalse();
var code = authorizeResponse.Code;
var tokenClient = new TokenClient(MockIdSvrUiPipeline.TokenEndpoint, client_id, client_secret, _pipeline.Handler);
var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(code, redirect_uri, code_verifier);
tokenResponse.IsError.Should().BeFalse();
tokenResponse.TokenType.Should().Be("Bearer");
tokenResponse.AccessToken.Should().NotBeNull();
tokenResponse.IdentityToken.Should().NotBeNull();
tokenResponse.ExpiresIn.Should().BeGreaterThan(0);
}
public async Task logout_request_with_params_should_pass_values_in_logout_context()
{
await _mockPipeline.LoginAsync(IdentityServerPrincipal.Create("bob", "Bob Loblaw"));
var authorization = await _mockPipeline.RequestAuthorizationEndpointAsync(
clientId : "client2",
responseType : "id_token",
scope : "openid",
redirectUri : "https://client2/callback",
state : "123_state",
nonce : "123_nonce");
var id_token = authorization.IdentityToken;
var response = await _mockPipeline.BrowserClient.GetAsync(MockIdSvrUiPipeline.EndSessionEndpoint +
"?id_token_hint=" + id_token +
"&post_logout_redirect_uri=https://client2/signout-callback2");
_mockPipeline.LogoutWasCalled.Should().BeTrue();
_mockPipeline.LogoutRequest.Should().NotBeNull();
_mockPipeline.LogoutRequest.ClientId.Should().Be("client2");
_mockPipeline.LogoutRequest.PostLogoutRedirectUri.Should().Be("https://client2/signout-callback2");
var parts = _mockPipeline.LogoutRequest.SignOutIFrameUrl.Split('?');
parts[0].Should().Be(MockIdSvrUiPipeline.EndSessionCallbackEndpoint);
var iframeUrl = QueryHelpers.ParseNullableQuery(parts[1]);
iframeUrl["sid"].FirstOrDefault().Should().NotBeNull();
}
public async Task valid_request_to_federated_signout_endpoint_should_render_page_with_iframe()
{
await _pipeline.LoginAsync(_user);
await _pipeline.RequestAuthorizationEndpointAsync(
clientId : "client1",
responseType : "id_token",
scope : "openid",
redirectUri : "https://client1/callback",
state : "123_state",
nonce : "123_nonce");
var response = await _pipeline.BrowserClient.GetAsync(MockIdSvrUiPipeline.FederatedSignOutUrl + "?sid=123");
response.StatusCode.Should().Be(HttpStatusCode.OK);
response.Content.Headers.ContentType.MediaType.Should().Be("text/html");
var html = await response.Content.ReadAsStringAsync();
html.Should().Contain("https://server/connect/endsession/callback?endSessionId=");
}
async Task <Tokens> GetTokensAsync()
{
await _mockPipeline.LoginAsync("bob");
var authorizationResponse = await _mockPipeline.RequestAuthorizationEndpointAsync(
client_id,
"code",
"api offline_access",
"https://client/callback");
authorizationResponse.IsError.Should().BeFalse();
authorizationResponse.Code.Should().NotBeNull();
var tokenClient = new TokenClient(MockIdSvrUiPipeline.TokenEndpoint, client_id, client_secret, _mockPipeline.Handler);
var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(authorizationResponse.Code, redirect_uri);
tokenResponse.IsError.Should().BeFalse();
tokenResponse.AccessToken.Should().NotBeNull();
tokenResponse.RefreshToken.Should().NotBeNull();
return(new Tokens(tokenResponse));
}
public async Task Client_cannot_use_plain_code_challenge_method()
{
await _pipeline.LoginAsync("bob");
var nonce = Guid.NewGuid().ToString();
var code_challenge = code_verifier;
var authorizeResponse = await _pipeline.RequestAuthorizationEndpointAsync(client_id,
response_type,
IdentityServerConstants.StandardScopes.OpenId,
redirect_uri,
nonce : nonce,
codeChallenge : code_challenge,
codeChallengeMethod : OidcConstants.CodeChallengeMethods.Plain);
_pipeline.ErrorWasCalled.Should().BeTrue();
_pipeline.ErrorMessage.Error.Should().Be(OidcConstants.AuthorizeErrors.InvalidRequest);
}