public async Task <IActionResult> PostRevoke( [FromForm] RevocationRequest revocationRequest, CancellationToken cancellationToken) { // 1. Fetch the authorization header AuthenticationHeaderValue?authenticationHeaderValue = null; if (Request.Headers.TryGetValue(HeaderNames.Authorization, out var authorizationHeader)) { var authorizationHeaderValue = authorizationHeader.First(); var splittedAuthorizationHeaderValue = authorizationHeaderValue.Split(' '); if (splittedAuthorizationHeaderValue.Length == 2) { authenticationHeaderValue = new AuthenticationHeaderValue( splittedAuthorizationHeaderValue[0], splittedAuthorizationHeaderValue[1]); } } // 2. Revoke the token var issuerName = Request.GetAbsoluteUriWithVirtualPath(); var option = await _tokenActions.RevokeToken( revocationRequest.ToParameter(), authenticationHeaderValue, Request.GetCertificate(), issuerName, cancellationToken) .ConfigureAwait(false); return(option switch { Option.Success => new OkResult(), Option.Error e => BadRequest(e.Details), _ => throw new ArgumentOutOfRangeException() });
public void RejectUpdateResourceOwnerClaims() { Option.Error response = null !; "When updating resource owner password".x( async() => { response = (await _managerClient.UpdateResourceOwnerClaims( new UpdateResourceOwnerClaimsRequest { Claims = new[] { new ClaimData { Type = "something", Value = "else" } }, Subject = "administrator" }, _grantedToken.AccessToken) .ConfigureAwait(false) as Option.Error) !; }); "Then response has error.".x( () => { Assert.Equal(HttpStatusCode.Forbidden, response.Details.Status); }); }
public void RejectDeleteResourceOwner() { Option.Error response = null !; "When deleting resource owner".x( async() => { response = (await _managerClient.DeleteResourceOwner( "administrator", _grantedToken.AccessToken) .ConfigureAwait(false) as Option.Error) !; }); "Then response has error.".x( () => { Assert.Equal(HttpStatusCode.Forbidden, response.Details.Status); }); }
public void RejectUpdateResourceOwnerPassword() { Option.Error response = null !; "When updating resource owner password".x( async() => { response = (await _managerClient.UpdateResourceOwnerPassword( new UpdateResourceOwnerPasswordRequest { Password = "******", Subject = "administrator" }, _grantedToken.AccessToken) .ConfigureAwait(false) as Option.Error) !; }); "Then response has error.".x( () => { Assert.Equal(HttpStatusCode.Forbidden, response.Details.Status); }); }