public async Task OAuth2Client_GetDeviceCodeAsync()
{
const string expectedUserCode = "254583";
const string expectedDeviceCode = "6d1e34151aff4f41b9f186e177a0b15d";
var baseUri = new Uri("https://example.com");
OAuth2ServerEndpoints endpoints = CreateEndpoints(baseUri);
var httpHandler = new TestHttpMessageHandler {
ThrowOnUnexpectedRequest = true
};
string[] expectedScopes = { "read", "write", "delete" };
OAuth2Application app = CreateTestApplication();
var server = new TestOAuth2Server(endpoints);
server.RegisterApplication(app);
server.Bind(httpHandler);
server.TokenGenerator.UserCodes.Add(expectedUserCode);
server.TokenGenerator.DeviceCodes.Add(expectedDeviceCode);
OAuth2Client client = CreateClient(httpHandler, endpoints);
OAuth2DeviceCodeResult result = await client.GetDeviceCodeAsync(expectedScopes, CancellationToken.None);
Assert.Equal(expectedUserCode, result.UserCode);
Assert.Equal(expectedDeviceCode, result.DeviceCode);
}
public async Task <OAuth2TokenResult> GetOAuthTokenViaDeviceCodeAsync(Uri targetUri, IEnumerable <string> scopes)
{
ThrowIfUserInteractionDisabled();
var oauthClient = new GitHubOAuth2Client(HttpClient, Context.Settings, targetUri);
OAuth2DeviceCodeResult dcr = await oauthClient.GetDeviceCodeAsync(scopes, CancellationToken.None);
// If we have a desktop session show the device code in a dialog
if (Context.Settings.IsGuiPromptsEnabled && Context.SessionManager.IsDesktopSession &&
TryFindHelperExecutablePath(out string helperPath))
{
var args = new StringBuilder("device");
args.AppendFormat(" --code {0} ", QuoteCmdArg(dcr.UserCode));
args.AppendFormat(" --url {0}", QuoteCmdArg(dcr.VerificationUri.ToString()));
var promptCts = new CancellationTokenSource();
var tokenCts = new CancellationTokenSource();
// Show the dialog with the device code but don't await its closure
Task promptTask = InvokeHelperAsync(helperPath, args.ToString(), null, promptCts.Token);
// Start the request for an OAuth token but don't wait
Task <OAuth2TokenResult> tokenTask = oauthClient.GetTokenByDeviceCodeAsync(dcr, tokenCts.Token);
Task t = await Task.WhenAny(promptTask, tokenTask);
// If the dialog was closed the user wishes to cancel the request
if (t == promptTask)
{
tokenCts.Cancel();
}
OAuth2TokenResult tokenResult;
try
{
tokenResult = await tokenTask;
}
catch (OperationCanceledException)
{
throw new Exception("User canceled device code authentication");
}
// Close the dialog
promptCts.Cancel();
return(tokenResult);
}
else
{
ThrowIfTerminalPromptsDisabled();
string deviceMessage = $"To complete authentication please visit {dcr.VerificationUri} and enter the following code:" +
Environment.NewLine +
dcr.UserCode;
Context.Terminal.WriteLine(deviceMessage);
return(await oauthClient.GetTokenByDeviceCodeAsync(dcr, CancellationToken.None));
}
}
public async Task OAuth2Client_E2E_DeviceFlowAndRefresh()
{
const string expectedUserCode = "736998";
const string expectedDeviceCode = "db6558b2a1d649758394ac3c2d9e00b1";
const string expectedAccessToken1 = "LET_ME_IN-1";
const string expectedAccessToken2 = "LET_ME_IN-2";
const string expectedRefreshToken1 = "REFRESH_ME-1";
const string expectedRefreshToken2 = "REFRESH_ME-2";
var baseUri = new Uri("https://example.com");
OAuth2ServerEndpoints endpoints = CreateEndpoints(baseUri);
var httpHandler = new TestHttpMessageHandler {
ThrowOnUnexpectedRequest = true
};
string[] expectedScopes = { "read", "write", "delete" };
OAuth2Application app = CreateTestApplication();
var server = new TestOAuth2Server(endpoints);
server.RegisterApplication(app);
server.Bind(httpHandler);
server.TokenGenerator.UserCodes.Add(expectedUserCode);
server.TokenGenerator.DeviceCodes.Add(expectedDeviceCode);
server.TokenGenerator.AccessTokens.Add(expectedAccessToken1);
server.TokenGenerator.RefreshTokens.Add(expectedRefreshToken1);
OAuth2Client client = CreateClient(httpHandler, endpoints);
OAuth2DeviceCodeResult deviceResult = await client.GetDeviceCodeAsync(expectedScopes, CancellationToken.None);
// Simulate the user taking some time to sign in with the user code
Thread.Sleep(1000);
server.SignInDeviceWithUserCode(deviceResult.UserCode);
OAuth2TokenResult result1 = await client.GetTokenByDeviceCodeAsync(deviceResult, CancellationToken.None);
Assert.NotNull(result1);
Assert.Equal(expectedScopes, result1.Scopes);
Assert.Equal(expectedAccessToken1, result1.AccessToken);
Assert.Equal(expectedRefreshToken1, result1.RefreshToken);
server.TokenGenerator.AccessTokens.Add(expectedAccessToken2);
server.TokenGenerator.RefreshTokens.Add(expectedRefreshToken2);
OAuth2TokenResult result2 = await client.GetTokenByRefreshTokenAsync(result1.RefreshToken, CancellationToken.None);
Assert.NotNull(result2);
Assert.Equal(expectedScopes, result2.Scopes);
Assert.Equal(expectedAccessToken2, result2.AccessToken);
Assert.Equal(expectedRefreshToken2, result2.RefreshToken);
}
public async Task OAuth2Client_GetTokenByDeviceCodeAsync()
{
const string expectedUserCode = "342728";
const string expectedDeviceCode = "ad6498533bf54f4db53e49612a4acfb0";
const string expectedAccessToken = "LET_ME_IN";
const string expectedRefreshToken = "REFRESH_ME";
var baseUri = new Uri("https://example.com");
OAuth2ServerEndpoints endpoints = CreateEndpoints(baseUri);
var httpHandler = new TestHttpMessageHandler {
ThrowOnUnexpectedRequest = true
};
string[] expectedScopes = { "read", "write", "delete" };
var grant = new OAuth2Application.DeviceCodeGrant(expectedUserCode, expectedDeviceCode, expectedScopes);
OAuth2Application app = CreateTestApplication();
app.DeviceGrants.Add(grant);
var server = new TestOAuth2Server(endpoints);
server.RegisterApplication(app);
server.Bind(httpHandler);
server.TokenGenerator.UserCodes.Add(expectedUserCode);
server.TokenGenerator.DeviceCodes.Add(expectedDeviceCode);
server.TokenGenerator.AccessTokens.Add(expectedAccessToken);
server.TokenGenerator.RefreshTokens.Add(expectedRefreshToken);
OAuth2Client client = CreateClient(httpHandler, endpoints);
var deviceCodeResult = new OAuth2DeviceCodeResult(expectedDeviceCode, expectedUserCode, null, null);
Task <OAuth2TokenResult> resultTask = client.GetTokenByDeviceCodeAsync(deviceCodeResult, CancellationToken.None);
// Simulate the user taking some time to sign in with the user code
Thread.Sleep(1000);
server.SignInDeviceWithUserCode(expectedUserCode);
OAuth2TokenResult result = await resultTask;
Assert.NotNull(result);
Assert.Equal(expectedScopes, result.Scopes);
Assert.Equal(expectedAccessToken, result.AccessToken);
Assert.Equal(expectedRefreshToken, result.RefreshToken);
}
public async Task <OAuth2TokenResult> GetOAuthTokenAsync(Uri targetUri, IEnumerable <string> scopes)
{
ThrowIfUserInteractionDisabled();
var oauthClient = new GitHubOAuth2Client(HttpClient, Context.Settings, targetUri);
// If we have a desktop session try authentication using the user's default web browser
if (Context.SessionManager.IsDesktopSession)
{
var browserOptions = new OAuth2WebBrowserOptions
{
SuccessResponseHtml = GitHubResources.AuthenticationResponseSuccessHtml,
FailureResponseHtmlFormat = GitHubResources.AuthenticationResponseFailureHtmlFormat
};
var browser = new OAuth2SystemWebBrowser(browserOptions);
// Write message to the terminal (if any is attached) for some feedback that we're waiting for a web response
Context.Terminal.WriteLine("info: please complete authentication in your browser...");
OAuth2AuthorizationCodeResult authCodeResult = await oauthClient.GetAuthorizationCodeAsync(scopes, browser, CancellationToken.None);
return(await oauthClient.GetTokenByAuthorizationCodeAsync(authCodeResult, CancellationToken.None));
}
else
{
ThrowIfTerminalPromptsDisabled();
if (GitHubConstants.IsOAuthDeviceAuthSupported)
{
OAuth2DeviceCodeResult deviceCodeResult = await oauthClient.GetDeviceCodeAsync(scopes, CancellationToken.None);
string deviceMessage = $"To complete authentication please visit {deviceCodeResult.VerificationUri} and enter the following code:" +
Environment.NewLine +
deviceCodeResult.UserCode;
Context.Terminal.WriteLine(deviceMessage);
return(await oauthClient.GetTokenByDeviceCodeAsync(deviceCodeResult, CancellationToken.None));
}
// We'd like to try using an OAuth2 flow that does not require a web browser on this device
// such as the device code flow (RFC 8628) but GitHub's auth stack does not support this.
throw new NotSupportedException("GitHub OAuth authentication is not supported without an interactive desktop session.");
}
}
