public async Task failed_resource_validation_should_fail()
{
var mockResourceValidator = new MockResourceValidator();
var grants = Factory.CreateRefreshTokenStore();
var client = (await _clients.FindEnabledClientByIdAsync("roclient")).ToValidationResult();
var validator = Factory.CreateTokenRequestValidator(refreshTokenStore: grants, resourceValidator: mockResourceValidator);
{
var refreshToken = new RefreshToken
{
ClientId = "roclient",
Subject = new IdentityServerUser("foo").CreatePrincipal(),
Lifetime = 600,
CreationTime = DateTime.UtcNow,
AuthorizedScopes = new[] { "scope1" }
};
var handle = await grants.StoreRefreshTokenAsync(refreshToken);
var parameters = new NameValueCollection();
parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token");
parameters.Add(OidcConstants.TokenRequest.RefreshToken, handle);
parameters.Add("resource", "urn:api1");
mockResourceValidator.Result = new ResourceValidationResult
{
InvalidScopes = { "foo" }
};
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be("invalid_scope");
}
{
var refreshToken = new RefreshToken
{
ClientId = "roclient",
Subject = new IdentityServerUser("foo").CreatePrincipal(),
Lifetime = 600,
CreationTime = DateTime.UtcNow,
AuthorizedScopes = new[] { "scope1" }
};
var handle = await grants.StoreRefreshTokenAsync(refreshToken);
var parameters = new NameValueCollection();
parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token");
parameters.Add(OidcConstants.TokenRequest.RefreshToken, handle);
parameters.Add("resource", "urn:api1");
mockResourceValidator.Result = new ResourceValidationResult
{
InvalidResourceIndicators = { "foo" }
};
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be("invalid_target");
}
}
public async Task failed_resource_validation_should_fail()
{
var client = (await _clients.FindEnabledClientByIdAsync("roclient")).ToValidationResult();
var mockResourceValidator = new MockResourceValidator();
var validator = Factory.CreateTokenRequestValidator(resourceValidator: mockResourceValidator);
var parameters = new NameValueCollection();
parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.Password);
parameters.Add(OidcConstants.TokenRequest.Scope, "scope1");
parameters.Add(OidcConstants.TokenRequest.UserName, "bob");
parameters.Add(OidcConstants.TokenRequest.Password, "bob");
parameters.Add("resource", "urn:api1");
{
mockResourceValidator.Result = new ResourceValidationResult
{
InvalidScopes = { "foo" }
};
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be("invalid_scope");
}
{
mockResourceValidator.Result = new ResourceValidationResult
{
InvalidResourceIndicators = { "foo" }
};
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be("invalid_target");
}
}
public async Task failed_resource_validation_should_fail()
{
var mockResourceValidator = new MockResourceValidator();
var client = await _clients.FindEnabledClientByIdAsync("codeclient");
var grants = Factory.CreateAuthorizationCodeStore();
{
var code = new AuthorizationCode
{
CreationTime = DateTime.UtcNow,
Subject = new IdentityServerUser("123").CreatePrincipal(),
ClientId = client.ClientId,
Lifetime = client.AuthorizationCodeLifetime,
RedirectUri = "https://server/cb",
RequestedScopes = new List <string>
{
"openid", "scope1"
},
RequestedResourceIndicators = new[] { "urn:api1", "urn:api2" }
};
var handle = await grants.StoreAuthorizationCodeAsync(code);
var validator = Factory.CreateTokenRequestValidator(resourceValidator: mockResourceValidator, authorizationCodeStore: grants);
var parameters = new NameValueCollection();
parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode);
parameters.Add(OidcConstants.TokenRequest.Code, handle);
parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb");
parameters.Add(OidcConstants.TokenRequest.Resource, "urn:api1");
mockResourceValidator.Result = new ResourceValidationResult
{
InvalidScopes = { "foo" }
};
var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult());
result.IsError.Should().BeTrue();
result.Error.Should().Be("invalid_scope");
}
{
var code = new AuthorizationCode
{
CreationTime = DateTime.UtcNow,
Subject = new IdentityServerUser("123").CreatePrincipal(),
ClientId = client.ClientId,
Lifetime = client.AuthorizationCodeLifetime,
RedirectUri = "https://server/cb",
RequestedScopes = new List <string>
{
"openid", "scope1"
},
RequestedResourceIndicators = new[] { "urn:api1", "urn:api2" }
};
var handle = await grants.StoreAuthorizationCodeAsync(code);
var validator = Factory.CreateTokenRequestValidator(resourceValidator: mockResourceValidator, authorizationCodeStore: grants);
var parameters = new NameValueCollection();
parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode);
parameters.Add(OidcConstants.TokenRequest.Code, handle);
parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb");
parameters.Add(OidcConstants.TokenRequest.Resource, "urn:api1");
mockResourceValidator.Result = new ResourceValidationResult
{
InvalidResourceIndicators = { "foo" }
};
var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult());
result.IsError.Should().BeTrue();
result.Error.Should().Be("invalid_target");
}
}
