public async Task ImplicitGrant() {
var coordinatorClient = new UserAgentClient(AuthorizationServerDescription);
coordinatorClient.ClientCredentialApplicator = null; // implicit grant clients don't need a secret.
Handle(AuthorizationServerDescription.AuthorizationEndpoint).By(
async (req, ct) => {
var server = new AuthorizationServer(AuthorizationServerMock);
var request = await server.ReadAuthorizationRequestAsync(req, ct);
Assert.That(request, Is.Not.Null);
IAccessTokenRequest accessTokenRequest = (EndUserAuthorizationImplicitRequest)request;
Assert.That(accessTokenRequest.ClientAuthenticated, Is.False);
var response = server.PrepareApproveAuthorizationRequest(request, ResourceOwnerUsername);
return await server.Channel.PrepareResponseAsync(response, ct);
});
{
var client = new UserAgentClient(AuthorizationServerDescription, ClientId, ClientSecret, this.HostFactories);
var authState = new AuthorizationState(TestScopes) { Callback = ClientCallback, };
var request = client.PrepareRequestUserAuthorization(authState, implicitResponseType: true);
Assert.That(request.ResponseType, Is.EqualTo(EndUserAuthorizationResponseType.AccessToken));
var authRequestRedirect = await client.Channel.PrepareResponseAsync(request);
Uri authRequestResponse;
this.HostFactories.AllowAutoRedirects = false;
using (var httpClient = this.HostFactories.CreateHttpClient()) {
using (var httpResponse = await httpClient.GetAsync(authRequestRedirect.Headers.Location)) {
authRequestResponse = httpResponse.Headers.Location;
}
}
var incoming =
await client.Channel.ReadFromRequestAsync(new HttpRequestMessage(HttpMethod.Get, authRequestResponse), CancellationToken.None);
var result = await client.ProcessUserAuthorizationAsync(authState, incoming, CancellationToken.None);
Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty);
Assert.That(result.RefreshToken, Is.Null);
}
}
public async Task<ActionResult> Authorize(string username = null, string password = null)
{
if (username != null)
{
if (password != null)
{
var entities = new AzurenEntities();
User u;
u = username.Contains("@") ? entities.Users.SingleOrDefault(m => m.Email == username) : entities.Users.SingleOrDefault(m => m.Username == username);
if (u == null || StringHelper.CalcPassword(password, u.Salt) != u.Password)
{
return RedirectToAction("Authorize", new { redirect_uri = Request.Params["redirect_uri"], client_id = Request.Params["client_id"], scope = Request.Params["scope"], error = true });
}
FormsAuthentication.SetAuthCookie(u.Username, true);
System.Web.HttpContext.Current.User = new RolePrincipal(new MyIdentity(u.Username, "Forms", true));
}
}
if (!User.Identity.IsAuthenticated)
{
return Content("You must loggin first");
}
var authServer = new AuthorizationServer(new AuthorizationServerHost());
var authRequest = await authServer.ReadAuthorizationRequestAsync(Request);
var grantedResponse = authServer.PrepareApproveAuthorizationRequest(
authRequest, this.User.Identity.Name, authRequest.Scope);
IProtocolMessage responseMessage = grantedResponse;
var response = await authServer.Channel.PrepareResponseAsync(responseMessage);
return response.AsActionResult();
}
public ActionResult Issue()
{
var authorizationServer = new AuthorizationServer(new AuthorizationServerHost());
var response = authorizationServer.HandleTokenRequest(Request).AsActionResult();
return response;
}
public ActionResult Authorise()
{
using (var server = (new OAuth2AuthorizationServer(new X509Certificate2(_absolutePathToPfx, _certificatePassword),
new X509Certificate2(_absolutePathToCertificate))))
{
var authorizationServer = new AuthorizationServer(server);
var pendingRequest = authorizationServer.ReadAuthorizationRequest();
if (pendingRequest == null)
{
throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
}
var requestingClient =
MvcApplication.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier);
// Consider auto-approving if safe to do so.
if (((OAuth2AuthorizationServer)authorizationServer.AuthorizationServerServices).CanBeAutoApproved(pendingRequest))
{
var approval = authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, HttpContext.User.Identity.Name);
return authorizationServer.Channel.PrepareResponse(approval).AsActionResult();
}
var model = new AccountAuthorizeModel
{
ClientApp = requestingClient.Name,
Scope = pendingRequest.Scope,
AuthorizationRequest = pendingRequest,
};
return View(model);
}
}
[HttpHeader("x-frame-options", "SAMEORIGIN")] // mitigates clickjacking
public async Task<ActionResult> Authorize() {
var authServer = new AuthorizationServer(new AuthorizationServerHost());
var authRequest = await authServer.ReadAuthorizationRequestAsync(this.Request);
this.ViewData["scope"] = authRequest.Scope;
this.ViewData["request"] = this.Request.Url;
return View();
}
public async Task ResourceOwnerPasswordCredentialGrant(bool anonymousClient) {
var authHostMock = CreateAuthorizationServerMock();
if (anonymousClient) {
authHostMock.Setup(
m =>
m.IsAuthorizationValid(
It.Is<IAuthorizationDescription>(
d =>
d.ClientIdentifier == null && d.User == ResourceOwnerUsername &&
MessagingUtilities.AreEquivalent(d.Scope, TestScopes)))).Returns(true);
}
Handle(AuthorizationServerDescription.TokenEndpoint).By(async (req, ct) => {
var server = new AuthorizationServer(authHostMock.Object);
return await server.HandleTokenRequestAsync(req, ct);
});
var client = new WebServerClient(AuthorizationServerDescription, ClientId, ClientSecret, this.HostFactories);
if (anonymousClient) {
client.ClientIdentifier = null;
}
var authState = await client.ExchangeUserCredentialForTokenAsync(ResourceOwnerUsername, ResourceOwnerPassword, TestScopes);
Assert.That(authState.AccessToken, Is.Not.Null.And.Not.Empty);
Assert.That(authState.RefreshToken, Is.Not.Null.And.Not.Empty);
}
public OAuth2Controller() {
// In this example, we're just newing up an auth server. A real implementation would use an IOC container
// to resolve the dependencies and inject the auth server into our controller.
var authServerKeys = CryptoKeyPair.LoadCertificate(HostingEnvironment.MapPath("~/bin/Certificates/auth-server.pfx"), "p@ssw0rd");
var dataServerKeys = CryptoKeyPair.LoadCertificate(HostingEnvironment.MapPath("~/bin/Certificates/data-server.pfx"), "p@ssw0rd");
var exampleAuthServer = new ExampleAuthorizationServer(new FakeCryptoKeyStore(),
authServerKeys, dataServerKeys, new FakeOAuth2ClientStore(), new FakeUserStore());
this.authServer = new AuthorizationServer(exampleAuthServer);
}
public OAuthController(AuthorizationServer authorizationServer, string primaryTableName, string emailTableName, string cloudConfigurationName) {
Requires.NotNull(authorizationServer, "authorizationServer");
Requires.NotNullOrEmpty(cloudConfigurationName, "cloudConfigurationName");
this.authorizationServer = authorizationServer;
this.HttpClient = new HttpClient();
var storage = CloudStorageAccount.Parse(ConfigurationManager.ConnectionStrings[cloudConfigurationName].ConnectionString);
var tableClient = storage.CreateCloudTableClient();
this.ClientTable = new AddressBookContext(tableClient, primaryTableName, emailTableName);
}
public ActionResult Token()
{
var configuration = new IssuerConfiguration
{
EncryptionCertificate = new X509Certificate2(Server.MapPath("~/Certs/localhost.cer")),
SigningCertificate = new X509Certificate2(Server.MapPath("~/Certs/localhost.pfx"), "a")
};
var authServer = new AuthorizationServer(new OAuth2Issuer(configuration));
return authServer.HandleTokenRequest(Request).AsActionResult();
}
public async Task ErrorResponseTest() {
Handle(AuthorizationServerDescription.TokenEndpoint).By(
async (req, ct) => {
var server = new AuthorizationServer(AuthorizationServerMock);
return await server.HandleTokenRequestAsync(req, ct);
});
var request = new AccessTokenAuthorizationCodeRequestC(AuthorizationServerDescription) { ClientIdentifier = ClientId, ClientSecret = ClientSecret, AuthorizationCode = "foo" };
var client = new UserAgentClient(AuthorizationServerDescription, hostFactories: this.HostFactories);
var response = await client.Channel.RequestAsync<AccessTokenFailedResponse>(request, CancellationToken.None);
Assert.That(response.Error, Is.Not.Null.And.Not.Empty);
Assert.That(response.Error, Is.EqualTo(Protocol.AccessTokenRequestErrorCodes.InvalidRequest));
}
/// <summary>
/// Initializes the <see cref="authorizationServer"/> field if it has not yet been initialized.
/// </summary>
private static void EnsureInitialized() {
if (authorizationServer == null) {
lock (InitializerLock) {
if (authorizationServerDescription == null) {
authorizationServerDescription = new AuthorizationServerDescription {
AuthorizationEndpoint = new Uri(Utilities.ApplicationRoot, "OAuth.ashx"),
TokenEndpoint = new Uri(Utilities.ApplicationRoot, "OAuth.ashx"),
};
}
if (authorizationServer == null) {
authorizationServer = new AuthorizationServer(new OAuthAuthorizationServer());
}
}
}
}
protected void Application_Start()
{
RouteConfig.RegisterRoutes(RouteTable.Routes);
// DotNetOpenAuth only issues access tokens when the client uses an HTTPS connection. As we will most
// likely run the server on our local development machine with only a self-signed SSL certificate, setting up
// connection to the server will fail as the SSL certificate is considered invalid by the .NET framework.
// To circumvent this, we add the line below that will consider all SSL certificates as valid, including
// self-signed certificaties. Note: this should only be used for testing purposes.
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true;
// Use a default in-memory provider application store. This is a class that is ideal for use in test
// applications as it requires no further setup and can be used as both the crypto key- and nonce store.
// In real-life situations you would of course implement your own crypto key- and nonce store, which will
// most likely use some kind of persistent storage to store keys and nonces. As the nonces are kept in memory
// only, it is not possible to refresh tokens as the issued tokens will have been removed from memory the moment
// the refresh token request is being processed
var standardProviderApplicationStore = new StandardProviderApplicationStore();
var clientRepository = new InMemoryClientRepository();
clientRepository.Save(new Client()
{
Id = "demo-client-auth-code-identifier",
SecretKey = "demo-client-auth-code-secret-key",
CallbackUrl = new Uri("http://localhost/OAuth2WebClient/")
});
clientRepository.Save(new Client()
{
Id = "demo-client-credentials-identifier",
SecretKey = "demo-client-credentials-secret-key"
});
clientRepository.Save(new Client()
{
Id = "demo-client-res-owner-identifier"
});
var userRepository = new InMemoryUserRepository();
userRepository.Save(new User
{
Name = "demo-user-username",
Password = "******"
});
var authorizationServerHost = new AuthorizationServerHost(standardProviderApplicationStore, standardProviderApplicationStore, clientRepository, userRepository);
// Create our authorization server using our own, custom IAuthorizationServerHost implementation
AuthorizationServer = new AuthorizationServer(authorizationServerHost);
}
public async Task<ActionResult> Respond(string request, bool approval) {
var authServer = new AuthorizationServer(new AuthorizationServerHost());
var authRequest = await authServer.ReadAuthorizationRequestAsync(new Uri(request));
IProtocolMessage responseMessage;
if (approval) {
var grantedResponse = authServer.PrepareApproveAuthorizationRequest(
authRequest, this.User.Identity.Name, authRequest.Scope);
responseMessage = grantedResponse;
} else {
var rejectionResponse = authServer.PrepareRejectAuthorizationRequest(authRequest);
rejectionResponse.Error = Protocol.EndUserAuthorizationRequestErrorCodes.AccessDenied;
responseMessage = rejectionResponse;
}
var response = await authServer.Channel.PrepareResponseAsync(responseMessage);
return response.AsActionResult();
}
public async Task DecodeRefreshToken() {
var refreshTokenSource = new TaskCompletionSource<string>();
Handle(AuthorizationServerDescription.AuthorizationEndpoint).By(
async (req, ct) => {
var server = new AuthorizationServer(AuthorizationServerMock);
var request = await server.ReadAuthorizationRequestAsync(req, ct);
Assert.That(request, Is.Not.Null);
var response = server.PrepareApproveAuthorizationRequest(request, ResourceOwnerUsername);
return await server.Channel.PrepareResponseAsync(response);
});
Handle(AuthorizationServerDescription.TokenEndpoint).By(
async (req, ct) => {
var server = new AuthorizationServer(AuthorizationServerMock);
var response = await server.HandleTokenRequestAsync(req, ct);
var authorization = server.DecodeRefreshToken(refreshTokenSource.Task.Result);
Assert.That(authorization, Is.Not.Null);
Assert.That(authorization.User, Is.EqualTo(ResourceOwnerUsername));
return response;
});
var client = new WebServerClient(AuthorizationServerDescription);
try {
var authState = new AuthorizationState(TestScopes) { Callback = ClientCallback, };
var authRedirectResponse = await client.PrepareRequestUserAuthorizationAsync(authState);
this.HostFactories.CookieContainer.SetCookies(authRedirectResponse, ClientCallback);
Uri authCompleteUri;
using (var httpClient = this.HostFactories.CreateHttpClient()) {
using (var response = await httpClient.GetAsync(authRedirectResponse.Headers.Location)) {
response.EnsureSuccessStatusCode();
authCompleteUri = response.Headers.Location;
}
}
var authCompleteRequest = new HttpRequestMessage(HttpMethod.Get, authCompleteUri);
this.HostFactories.CookieContainer.ApplyCookies(authCompleteRequest);
var result = await client.ProcessUserAuthorizationAsync(authCompleteRequest);
Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty);
Assert.That(result.RefreshToken, Is.Not.Null.And.Not.Empty);
refreshTokenSource.SetResult(result.RefreshToken);
} catch {
refreshTokenSource.TrySetCanceled();
}
}
public ActionResult AuthoriseResponse(bool isApproved)
{
using (OAuth2AuthorizationServer server = (new OAuth2AuthorizationServer(new X509Certificate2(ConfigurationManager.AppSettings["AbsolutePathToPfx"], ConfigurationManager.AppSettings["CertificatePassword"]),
new X509Certificate2(ConfigurationManager.AppSettings["AbsolutePathToCertificate"]))))
{
AuthorizationServer authorizationServer = new AuthorizationServer(server);
var pendingRequest = authorizationServer.ReadAuthorizationRequest();
if (pendingRequest == null)
{
throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
}
IDirectedProtocolMessage response;
if (isApproved)
{
// The authorization we file in our database lasts until the user explicitly revokes it.
// You can cause the authorization to expire by setting the ExpirationDateUTC
// property in the below created ClientAuthorization.
var client = MvcApplication.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier);
client.ClientAuthorizations.Add(
new ClientAuthorization
{
Scope = OAuthUtilities.JoinScopes(pendingRequest.Scope),
User = MvcApplication.DataContext.Users.FirstOrDefault(u => u.Username == System.Web.HttpContext.Current.User.Identity.Name),
CreatedOnUtc = DateTime.UtcNow,
});
MvcApplication.DataContext.SaveChanges(); // submit now so that this new row can be retrieved later in this same HTTP request
// In this simple sample, the user either agrees to the entire scope requested by the client or none of it.
// But in a real app, you could grant a reduced scope of access to the client by passing a scope parameter to this method.
response = authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, User.Identity.Name);
}
else
{
response = authorizationServer.PrepareRejectAuthorizationRequest(pendingRequest);
}
return authorizationServer.Channel.PrepareResponse(response).AsActionResult();
}
}
public async Task AuthorizationCodeGrant() {
Handle(AuthorizationServerDescription.AuthorizationEndpoint).By(
async (req, ct) => {
var server = new AuthorizationServer(AuthorizationServerMock);
var request = await server.ReadAuthorizationRequestAsync(req, ct);
Assert.That(request, Is.Not.Null);
var response = server.PrepareApproveAuthorizationRequest(request, ResourceOwnerUsername);
return await server.Channel.PrepareResponseAsync(response, ct);
});
Handle(AuthorizationServerDescription.TokenEndpoint).By(
async (req, ct) => {
var server = new AuthorizationServer(AuthorizationServerMock);
return await server.HandleTokenRequestAsync(req, ct);
});
var client = new WebServerClient(AuthorizationServerDescription, ClientId, ClientSecret, this.HostFactories);
var authState = new AuthorizationState(TestScopes) {
Callback = ClientCallback,
};
var authRequestRedirect = await client.PrepareRequestUserAuthorizationAsync(authState);
this.HostFactories.CookieContainer.SetCookies(authRequestRedirect, ClientCallback);
Uri authRequestResponse;
this.HostFactories.AllowAutoRedirects = false;
using (var httpClient = this.HostFactories.CreateHttpClient()) {
using (var httpResponse = await httpClient.GetAsync(authRequestRedirect.Headers.Location)) {
Assert.That(httpResponse.StatusCode, Is.EqualTo(HttpStatusCode.Redirect));
authRequestResponse = httpResponse.Headers.Location;
}
}
var authorizationResponse = new HttpRequestMessage(HttpMethod.Get, authRequestResponse);
this.HostFactories.CookieContainer.ApplyCookies(authorizationResponse);
var result = await client.ProcessUserAuthorizationAsync(authorizationResponse, CancellationToken.None);
Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty);
Assert.That(result.RefreshToken, Is.Not.Null.And.Not.Empty);
}
public async Task ClientCredentialScopeOverride() {
var clientRequestedScopes = new[] { "scope1", "scope2" };
var serverOverriddenScopes = new[] { "scope1", "differentScope" };
var authServerMock = CreateAuthorizationServerMock();
authServerMock
.Setup(a => a.CheckAuthorizeClientCredentialsGrant(It.IsAny<IAccessTokenRequest>()))
.Returns<IAccessTokenRequest>(req => {
var response = new AutomatedAuthorizationCheckResponse(req, true);
response.ApprovedScope.Clear();
response.ApprovedScope.UnionWith(serverOverriddenScopes);
return response;
});
Handle(AuthorizationServerDescription.TokenEndpoint).By(
async (req, ct) => {
var server = new AuthorizationServer(authServerMock.Object);
return await server.HandleTokenRequestAsync(req, ct);
});
var client = new WebServerClient(AuthorizationServerDescription, ClientId, ClientSecret, this.HostFactories);
var result = await client.GetClientAccessTokenAsync(clientRequestedScopes);
Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty);
Assert.That(result.Scope, Is.EquivalentTo(serverOverriddenScopes));
}
public async Task CreateAccessTokenSeesAuthorizingUserClientCredentialGrant() {
var authServerMock = CreateAuthorizationServerMock();
authServerMock
.Setup(a => a.CheckAuthorizeClientCredentialsGrant(It.IsAny<IAccessTokenRequest>()))
.Returns<IAccessTokenRequest>(req => {
Assert.That(req.UserName, Is.Null);
return new AutomatedAuthorizationCheckResponse(req, true);
});
Handle(AuthorizationServerDescription.TokenEndpoint).By(
async (req, ct) => {
var server = new AuthorizationServer(authServerMock.Object);
return await server.HandleTokenRequestAsync(req, ct);
});
var client = new WebServerClient(AuthorizationServerDescription, ClientId, ClientSecret, this.HostFactories);
var result = await client.GetClientAccessTokenAsync(TestScopes);
Assert.That(result.AccessToken, Is.Not.Null);
}
public async Task CreateAccessTokenSeesAuthorizingUserResourceOwnerGrant() {
var authServerMock = CreateAuthorizationServerMock();
authServerMock
.Setup(a => a.CheckAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>()))
.Returns<string, string, IAccessTokenRequest>((un, pw, req) => {
var response = new AutomatedUserAuthorizationCheckResponse(req, true, ResourceOwnerUsername);
Assert.That(req.UserName, Is.EqualTo(ResourceOwnerUsername));
return response;
});
Handle(AuthorizationServerDescription.TokenEndpoint).By(
async (req, ct) => {
var server = new AuthorizationServer(authServerMock.Object);
return await server.HandleTokenRequestAsync(req, ct);
});
var client = new WebServerClient(AuthorizationServerDescription, hostFactories: this.HostFactories);
var result = await client.ExchangeUserCredentialForTokenAsync(ResourceOwnerUsername, ResourceOwnerPassword, TestScopes);
Assert.That(result.AccessToken, Is.Not.Null);
}
public Task<HttpResponseMessage> Post(HttpRequestMessage request)
{
var authServer = new AuthorizationServer(new AuthorizationServerHost());
return authServer.HandleTokenRequestAsync(request);
}
/// <summary>
/// The OAuth 2.0 token endpoint.
/// </summary>
/// <returns>The response to the Client.</returns>
public ActionResult Token()
{
using (var server = (new OAuth2AuthorizationServer(new X509Certificate2(_absolutePathToPfx, _certificatePassword),
new X509Certificate2(_absolutePathToCertificate))))
{
var authorizationServer = new AuthorizationServer(server);
OutgoingWebResponse response = authorizationServer.HandleTokenRequest(Request);
return response.AsActionResult();
}
}
public async Task<ActionResult> Token()
{
var authServer = new AuthorizationServer(new AuthorizationServerHost());
var t = await authServer.HandleTokenRequestAsync(Request);
return t.AsActionResult();
}
public async Task GetClientAccessTokenReturnsApprovedScope() {
string[] approvedScopes = new[] { "Scope2", "Scope3" };
var authServer = CreateAuthorizationServerMock();
authServer.Setup(
a => a.IsAuthorizationValid(It.Is<IAuthorizationDescription>(d => d.User == null && d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
.Returns(true);
authServer.Setup(
a => a.CheckAuthorizeClientCredentialsGrant(It.Is<IAccessTokenRequest>(d => d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
.Returns<IAccessTokenRequest>(req => {
var response = new AutomatedAuthorizationCheckResponse(req, true);
response.ApprovedScope.ResetContents(approvedScopes);
return response;
});
Handle(AuthorizationServerDescription.TokenEndpoint).By(
async (req, ct) => {
var server = new AuthorizationServer(authServer.Object);
return await server.HandleTokenRequestAsync(req, ct);
});
var client = new WebServerClient(AuthorizationServerDescription, ClientId, ClientSecret, this.HostFactories);
var authState = await client.GetClientAccessTokenAsync(TestScopes);
Assert.That(authState.Scope, Is.EquivalentTo(approvedScopes));
}
public async Task ClientCredentialGrant() {
var authServer = CreateAuthorizationServerMock();
authServer.Setup(
a => a.IsAuthorizationValid(It.Is<IAuthorizationDescription>(d => d.User == null && d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
.Returns(true);
authServer.Setup(
a => a.CheckAuthorizeClientCredentialsGrant(It.Is<IAccessTokenRequest>(d => d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
.Returns<IAccessTokenRequest>(req => new AutomatedAuthorizationCheckResponse(req, true));
Handle(AuthorizationServerDescription.TokenEndpoint).By(
async (req, ct) => {
var server = new AuthorizationServer(authServer.Object);
return await server.HandleTokenRequestAsync(req, ct);
});
var client = new WebServerClient(AuthorizationServerDescription, ClientId, ClientSecret, this.HostFactories);
var authState = await client.GetClientAccessTokenAsync(TestScopes);
Assert.That(authState.AccessToken, Is.Not.Null.And.Not.Empty);
Assert.That(authState.RefreshToken, Is.Null);
}
public async Task ResourceOwnerScopeOverride() {
var clientRequestedScopes = new[] { "scope1", "scope2" };
var serverOverriddenScopes = new[] { "scope1", "differentScope" };
var authServerMock = CreateAuthorizationServerMock();
authServerMock
.Setup(a => a.CheckAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>()))
.Returns<string, string, IAccessTokenRequest>((un, pw, req) => {
var response = new AutomatedUserAuthorizationCheckResponse(req, true, ResourceOwnerUsername);
response.ApprovedScope.Clear();
response.ApprovedScope.UnionWith(serverOverriddenScopes);
return response;
});
Handle(AuthorizationServerDescription.TokenEndpoint).By(
async (req, ct) => {
var server = new AuthorizationServer(authServerMock.Object);
return await server.HandleTokenRequestAsync(req, ct);
});
var client = new WebServerClient(AuthorizationServerDescription, hostFactories: this.HostFactories);
var result = await client.ExchangeUserCredentialForTokenAsync(ResourceOwnerUsername, ResourceOwnerPassword, clientRequestedScopes);
Assert.That(result.Scope, Is.EquivalentTo(serverOverriddenScopes));
}
/// <summary>
/// The OAuth 2.0 token endpoint.
/// </summary>
/// <returns>The response to the Client.</returns>
public ActionResult Token()
{
using (OAuth2AuthorizationServer server = (new OAuth2AuthorizationServer(new X509Certificate2(ConfigurationManager.AppSettings["AbsolutePathToPfx"], ConfigurationManager.AppSettings["CertificatePassword"]),
new X509Certificate2(ConfigurationManager.AppSettings["AbsolutePathToCertificate"]))))
{
AuthorizationServer authorizationServer = new AuthorizationServer(server);
OutgoingWebResponse response = authorizationServer.HandleTokenRequest(this.Request);
return response.AsActionResult();
}
}
