public async Task failed_resource_validation_should_fail() { var mockResourceValidator = new MockResourceValidator(); var grants = Factory.CreateRefreshTokenStore(); var client = (await _clients.FindEnabledClientByIdAsync("roclient")).ToValidationResult(); var validator = Factory.CreateTokenRequestValidator(refreshTokenStore: grants, resourceValidator: mockResourceValidator); { var refreshToken = new RefreshToken { ClientId = "roclient", Subject = new IdentityServerUser("foo").CreatePrincipal(), Lifetime = 600, CreationTime = DateTime.UtcNow, AuthorizedScopes = new[] { "scope1" } }; var handle = await grants.StoreRefreshTokenAsync(refreshToken); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token"); parameters.Add(OidcConstants.TokenRequest.RefreshToken, handle); parameters.Add("resource", "urn:api1"); mockResourceValidator.Result = new ResourceValidationResult { InvalidScopes = { "foo" } }; var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be("invalid_scope"); } { var refreshToken = new RefreshToken { ClientId = "roclient", Subject = new IdentityServerUser("foo").CreatePrincipal(), Lifetime = 600, CreationTime = DateTime.UtcNow, AuthorizedScopes = new[] { "scope1" } }; var handle = await grants.StoreRefreshTokenAsync(refreshToken); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token"); parameters.Add(OidcConstants.TokenRequest.RefreshToken, handle); parameters.Add("resource", "urn:api1"); mockResourceValidator.Result = new ResourceValidationResult { InvalidResourceIndicators = { "foo" } }; var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be("invalid_target"); } }
public async Task failed_resource_validation_should_fail() { var client = (await _clients.FindEnabledClientByIdAsync("roclient")).ToValidationResult(); var mockResourceValidator = new MockResourceValidator(); var validator = Factory.CreateTokenRequestValidator(resourceValidator: mockResourceValidator); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.Password); parameters.Add(OidcConstants.TokenRequest.Scope, "scope1"); parameters.Add(OidcConstants.TokenRequest.UserName, "bob"); parameters.Add(OidcConstants.TokenRequest.Password, "bob"); parameters.Add("resource", "urn:api1"); { mockResourceValidator.Result = new ResourceValidationResult { InvalidScopes = { "foo" } }; var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be("invalid_scope"); } { mockResourceValidator.Result = new ResourceValidationResult { InvalidResourceIndicators = { "foo" } }; var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be("invalid_target"); } }
public async Task failed_resource_validation_should_fail() { var mockResourceValidator = new MockResourceValidator(); var client = await _clients.FindEnabledClientByIdAsync("codeclient"); var grants = Factory.CreateAuthorizationCodeStore(); { var code = new AuthorizationCode { CreationTime = DateTime.UtcNow, Subject = new IdentityServerUser("123").CreatePrincipal(), ClientId = client.ClientId, Lifetime = client.AuthorizationCodeLifetime, RedirectUri = "https://server/cb", RequestedScopes = new List <string> { "openid", "scope1" }, RequestedResourceIndicators = new[] { "urn:api1", "urn:api2" } }; var handle = await grants.StoreAuthorizationCodeAsync(code); var validator = Factory.CreateTokenRequestValidator(resourceValidator: mockResourceValidator, authorizationCodeStore: grants); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); parameters.Add(OidcConstants.TokenRequest.Resource, "urn:api1"); mockResourceValidator.Result = new ResourceValidationResult { InvalidScopes = { "foo" } }; var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); result.IsError.Should().BeTrue(); result.Error.Should().Be("invalid_scope"); } { var code = new AuthorizationCode { CreationTime = DateTime.UtcNow, Subject = new IdentityServerUser("123").CreatePrincipal(), ClientId = client.ClientId, Lifetime = client.AuthorizationCodeLifetime, RedirectUri = "https://server/cb", RequestedScopes = new List <string> { "openid", "scope1" }, RequestedResourceIndicators = new[] { "urn:api1", "urn:api2" } }; var handle = await grants.StoreAuthorizationCodeAsync(code); var validator = Factory.CreateTokenRequestValidator(resourceValidator: mockResourceValidator, authorizationCodeStore: grants); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); parameters.Add(OidcConstants.TokenRequest.Resource, "urn:api1"); mockResourceValidator.Result = new ResourceValidationResult { InvalidResourceIndicators = { "foo" } }; var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); result.IsError.Should().BeTrue(); result.Error.Should().Be("invalid_target"); } }