public async Task Valid_User_IdentityScopes()
        {
            var client = new TokenClient(
                TokenEndpoint,
                "roclient",
                "secret",
                innerHttpMessageHandler: _handler);

            var response = await client.RequestResourceOwnerPasswordAsync("bob", "bob", "openid email api1");

            response.IsError.Should().Be(false);
            response.ExpiresIn.Should().Be(3600);
            response.TokenType.Should().Be("Bearer");
            response.IdentityToken.Should().BeNull();
            response.RefreshToken.Should().BeNull();

            var payload = GetPayload(response);

            payload.Count().Should().Be(10);
            payload.Should().Contain("iss", "https://idsrv3");
            payload.Should().Contain("aud", "https://idsrv3/resources");
            payload.Should().Contain("client_id", "roclient");
            payload.Should().Contain("sub", "88421113");
            payload.Should().Contain("idp", "idsrv");

            var amr = payload["amr"] as JArray;
            amr.Count().Should().Be(1);
            amr.First().ToString().Should().Be("password");

            var scopes = payload["scope"] as JArray;
            scopes.Count().Should().Be(3);
            scopes.First().ToString().Should().Be("api1");
            scopes.Skip(1).First().ToString().Should().Be("email");
            scopes.Skip(2).First().ToString().Should().Be("openid");
        }
Esempio n. 2
0
 static TokenResponse GetToken(string tokenUrl, string clientId, string secret, string scope, string username = null, string password = null)
 {
     var client = new TokenClient(tokenUrl, clientId, secret);
    if (string.IsNullOrWhiteSpace(username)||string.IsNullOrWhiteSpace(password))
         return client.RequestClientCredentialsAsync(scope).Result;
     else
         return client.RequestResourceOwnerPasswordAsync(username, password, scope).Result;
 }
Esempio n. 3
0
        public static TokenResponse GetClientToken()
        {
            var client = new TokenClient("https://localhost:44333/connect/token", "carbon",
                "21B5F798-BE55-42BC-8AA8-0025B903DC3B");

            //return client.RequestClientCredentialsAsync("LeagueComparer").Result;
            return client.RequestResourceOwnerPasswordAsync("bob", "secret", "LeagueComparer").Result;
        }
Esempio n. 4
0
        static TokenResponse RequestToken()
        {
            var client = new TokenClient(
                Constants.TokenEndpoint,
                "roclient.reference",
                "secret");

            return client.RequestResourceOwnerPasswordAsync("bob", "bob", "api1").Result;
        }
Esempio n. 5
0
        static TokenResponse GetToken()
        {
            var client = new TokenClient(
                "http://localhost:44333/connect/token",
                "ConsoleApplication",
                "F621F470-9731-4A25-80EF-67A6F7C5F4B8");

            return client.RequestResourceOwnerPasswordAsync("bob", "secret", "WebApi1").Result;
        }
Esempio n. 6
0
        /// <summary>
        /// Request an access token on behalf of a user
        /// </summary>
        static TokenResponse GetUserToken()
        {
            var client = new TokenClient("https://localhost:44333/connect/token",
                                          "freightshare2",
                                          "IIPiBTywUcK5Qv0kvmVXbSiax5wBStDMGTAIA0T/RSM=");

            //return client.RequestResourceOwnerPasswordAsync("bob", "secret", "api1").Result;
            return client.RequestResourceOwnerPasswordAsync("alice", "secret", "api1").Result;
        }
Esempio n. 7
0
        static TokenResponse GetUserToken()
        {
            var client = new TokenClient(
                "https://localhost:44333/connect/token",
                "carbon",
                "21B5F798-BE55-42BC-8AA8-0025B903DC3B");

            return client.RequestResourceOwnerPasswordAsync("bob", "secret", "api1").Result;
        }
Esempio n. 8
0
        static TokenResponse RequestToken()
        {
            var client = new TokenClient(
                Constants.TokenEndpoint,
                "ro.client",
                "secret");

            return client.RequestResourceOwnerPasswordAsync("bob", "bob", "openid email").Result;
        }
Esempio n. 9
0
        static TokenResponse RequestToken()
        {
            var client = new TokenClient(
                Constants.TokenEndpoint,
                "roclient",
                "secret");

            //return client.RequestResourceOwnerPasswordAsync("wooboo","kop","read write").Result;
            return client.RequestResourceOwnerPasswordAsync("bubu","bubu","read write").Result;
        }
        public async Task<IHttpActionResult> Authenticate(AuthenticateRequest authenticateRequest)
        {
            var tokenClient = new TokenClient("https://localhost:44302/connect/token", "AngularClient", "secret");

            var result = await tokenClient.RequestResourceOwnerPasswordAsync(authenticateRequest.Username,authenticateRequest.Password, "Api"); //offline_access scope enables refresh token
            return Ok(new
            {
                result.AccessToken,
                result.RefreshToken
            });
        }
        public Task<TokenResponse> Login([FromBody]CredentialsModel credentials)
        {
            var clientId = (string)ConfigurationManager.AppSettings["oauth2.clientid"];

            var client = new TokenClient(
                (string)ConfigurationManager.AppSettings["openid.endpoints.token"],
                clientId,
                (string)ConfigurationManager.AppSettings["oauth2.client-secret"]
            );

            return client.RequestResourceOwnerPasswordAsync(credentials.Username, credentials.Password, clientId);
        }
Esempio n. 12
0
        static string GetJwt()
        {
            var oauth2Client = new TokenClient(
                Constants.TokenEndpoint,
                "ro.client",
                "secret");

            var tokenResponse =
                oauth2Client.RequestResourceOwnerPasswordAsync("bob", "bob", "write").Result;

            return tokenResponse.AccessToken;
        }
Esempio n. 13
0
        static TokenResponse RequestToken()
        {
            var client = new TokenClient(
                Constants.TokenEndpoint,
                "roclient",
                "secret");

            // idsrv supports additional non-standard parameters 
            // that get passed through to the user service
            var optional = new
            {
                acr_values = "tenant:custom_account_store1 foo bar quux"
            };

            return client.RequestResourceOwnerPasswordAsync("dabs", "dabs", "read write", optional).Result;
        }
        private static void Main(string[] args)
        {
            var tokenClient = new TokenClient(Constants.TokenEndpoint, "roclient", "secret");
            var response = tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "read write offline_access").Result;

            var refresh_token = response.RefreshToken;
            while (true)
            {
                response = RefreshToken(refresh_token, tokenClient);
                Console.ReadLine();
                //CallService(response.AccessToken);

                if (response.RefreshToken != refresh_token)
                {
                    refresh_token = response.RefreshToken;
                }
            }
        }
Esempio n. 15
0
        private static void Main()
        {
            Console.Write($"Please enter the Authority URL, press enter to use dev default or QUIT to exit{Environment.NewLine}>> ");
            var authorityUrl = Console.ReadLine();

            while (!authorityUrl.ToLower().Equals("quit"))
            {
                Console.Write($"Please enter the space separated API Scope(s){Environment.NewLine}>> ");
                var apiScope = Console.ReadLine();

                var discoveryResponse = DiscoveryClient.GetAsync(string.IsNullOrWhiteSpace(authorityUrl) ? "http://*****:*****@zupa.co.uk" : username,
                    string.IsNullOrWhiteSpace(password) ? "Password0-" : password,
                    apiScope).Result;

                Console.WriteLine(tokenResponseWithClaim.IsError
                    ? $"ERROR: {tokenResponseWithClaim.Error}"
                    : $"{Environment.NewLine}{tokenResponseWithClaim.Json}{Environment.NewLine}");

                Console.Write($"Please enter the Authority URL or QUIT to exit{Environment.NewLine}>> ");
                authorityUrl = Console.ReadLine();
            }
        }
Esempio n. 16
0
        public async Task No_Identity_Scope()
        {
            var tokenClient = new TokenClient(
                TokenEndpoint,
                "roclient",
                "secret",
                innerHttpMessageHandler: _handler);

            var response = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "api1");
            response.IsError.Should().BeFalse();

            var userInfoclient = new UserInfoClient(
                new Uri(UserInfoEndpoint),
                response.AccessToken,
                _handler);

            var userInfo = await userInfoclient.GetAsync();

            userInfo.IsError.Should().BeTrue();
            userInfo.HttpErrorStatusCode.Should().Be(HttpStatusCode.Forbidden);
        }
        public virtual async Task<IResponse> RequestTokenAsync(string userName, string password) {
            var disco = await DiscoveryClient.GetAsync(_options.Authority);

            string clientId = _httpContext.Request.Headers[ClientId];
            if (string.IsNullOrWhiteSpace(clientId)) {
                clientId = _options.DefaultClientId;
            }
            string clientSecret = _httpContext.Request.Headers[ClientSecret];
            if (string.IsNullOrWhiteSpace(clientSecret)) {
                clientSecret = _options.DefaultClientSecret;
            }
            string scope = _httpContext.Request.Headers[Scope];
            if (string.IsNullOrWhiteSpace(scope)) {
                scope = _options.DefaultScope;
            }

            var client = new TokenClient(disco.TokenEndpoint, clientId, clientSecret);
            var response = await client.RequestResourceOwnerPasswordAsync(userName, password, scope);

            return ApiResponse.FromTokenResponse(response);
        }
        public async Task introspecting_same_access_token_twice_should_have_same_exp()
        {
            var tokenClient = new TokenClient(TokenEndpoint, clientId, clientSecret, _handler);
            var tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "api1 offline_access");

            var introspectionClient = new IntrospectionClient(IntrospectionEndpoint, scope, scopeSecret, _handler);
            var introspectionResponse1 = await introspectionClient.SendAsync(new IntrospectionRequest
            {
                Token = tokenResponse.AccessToken
            });

            var introspectionResponse2 = await introspectionClient.SendAsync(new IntrospectionRequest
            {
                Token = tokenResponse.AccessToken
            });

            var exp1 = Int32.Parse(introspectionResponse1.Claims.Single(x => x.Item1 == "exp").Item2);
            var exp2 = Int32.Parse(introspectionResponse2.Claims.Single(x => x.Item1 == "exp").Item2);

            exp1.Should().Be(exp2);
        }
        public async Task Address_Scope()
        {
            var tokenClient = new TokenClient(
                TokenEndpoint,
                "roclient",
                "secret",
                innerHttpMessageHandler: _handler);

            var response = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "openid address");
            response.IsError.Should().BeFalse();

            var userInfoclient = new UserInfoClient(
                new Uri(UserInfoEndpoint),
                response.AccessToken,
                _handler);

            var userInfo = await userInfoclient.GetAsync();

            userInfo.IsError.Should().BeFalse();
            userInfo.Raw.Should().Be("{\"sub\":\"88421113\",\"address\":{\"street_address\":\"One Hacker Way\",\"locality\":\"Heidelberg\",\"postal_code\":69118,\"country\":\"Germany\"}}");
        }
        public async Task when_refreshing_new_exp_should_be_prior_to_old_exp()
        {
            var tokenClient = new TokenClient(TokenEndpoint, clientId, clientSecret, _handler);
            var tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "api1 offline_access");

            var introspectionClient = new IntrospectionClient(IntrospectionEndpoint, scope, scopeSecret, _handler);
            var introspectionResponse1 = await introspectionClient.SendAsync(new IntrospectionRequest
            {
                Token = tokenResponse.AccessToken
            });
            var exp1 = Int32.Parse(introspectionResponse1.Claims.Single(x => x.Item1 == "exp").Item2);

            await Task.Delay(1000);

            var refreshResponse = await tokenClient.RequestRefreshTokenAsync(tokenResponse.RefreshToken);
            var introspectionResponse2 = await introspectionClient.SendAsync(new IntrospectionRequest
            {
                Token = refreshResponse.AccessToken
            });

            var exp2 = Int32.Parse(introspectionResponse2.Claims.Single(x => x.Item1 == "exp").Item2);

            exp1.Should().BeLessThan(exp2);
        }
        public async Task Valid_Client()
        {
            var tokenClient = new TokenClient(
                TokenEndpoint,
                "roclient",
                "secret",
                innerHttpMessageHandler: _handler);

            var response = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "openid email api1");
            response.IsError.Should().BeFalse();

            var userInfoclient = new UserInfoClient(
                new Uri(UserInfoEndpoint),
                response.AccessToken,
                _handler);

            var userInfo = await userInfoclient.GetAsync();

            userInfo.IsError.Should().BeFalse();
            userInfo.Claims.Count().Should().Be(3);
            userInfo.Claims.Should().Contain(Tuple.Create("sub", "88421113"));
            userInfo.Claims.Should().Contain(Tuple.Create("email", "*****@*****.**"));
            userInfo.Claims.Should().Contain(Tuple.Create("email_verified", "True"));
        }
        public async Task Invalid_Password()
        {
            var client = new TokenClient(
                TokenEndpoint,
                "roclient",
                "secret",
                innerHttpMessageHandler: _handler);

            var response = await client.RequestResourceOwnerPasswordAsync("bob", "invalid", "api1");

            response.IsError.Should().Be(true);
            response.Error.Should().Be("invalid_grant");
        }