public async Task Expired_RefreshToken()
{
var refreshToken = new RefreshToken
{
AccessToken = new Token("access_token") { Client = new Client() { ClientId = "roclient" } },
LifeTime = 10,
CreationTime = DateTimeOffset.UtcNow.AddSeconds(-15)
};
var handle = Guid.NewGuid().ToString();
var store = new InMemoryRefreshTokenStore();
await store.StoreAsync(handle, refreshToken);
var client = await _clients.FindClientByIdAsync("roclient");
var validator = Factory.CreateTokenRequestValidator(
refreshTokens: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, "refresh_token");
parameters.Add(Constants.TokenRequest.RefreshToken, handle);
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.TokenErrors.InvalidGrant);
}
public async Task Valid_RefreshToken_Request_using_Restricted_Client()
{
var mock = new Mock<IUserService>();
var subjectClaim = new Claim(Constants.ClaimTypes.Subject, "foo");
var refreshToken = new RefreshToken
{
AccessToken = new Token("access_token")
{
Claims = new List<Claim> { subjectClaim },
Client = new Client { ClientId = "roclient_restricted_refresh"}
},
LifeTime = 600,
CreationTime = DateTimeOffset.UtcNow
};
var handle = Guid.NewGuid().ToString();
var store = new InMemoryRefreshTokenStore();
await store.StoreAsync(handle, refreshToken);
var client = await _clients.FindClientByIdAsync("roclient_restricted_refresh");
var validator = Factory.CreateTokenRequestValidator(
refreshTokens: store,
userService: mock.Object);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, "refresh_token");
parameters.Add(Constants.TokenRequest.RefreshToken, handle);
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeFalse();
}
public async Task RefreshToken_Request_with_disabled_User()
{
var mock = new Mock<IUserService>();
mock.Setup(u => u.IsActiveAsync(It.IsAny<IsActiveContext>())).Callback<IsActiveContext>(ctx =>
{
ctx.IsActive = false;
}).Returns(Task.FromResult(0));
var subjectClaim = new Claim(Constants.ClaimTypes.Subject, "foo");
var refreshToken = new RefreshToken
{
AccessToken = new Token("access_token")
{
Claims = new List<Claim> { subjectClaim },
Client = new Client() { ClientId = "roclient" }
},
LifeTime = 600,
CreationTime = DateTimeOffset.UtcNow
};
var handle = Guid.NewGuid().ToString();
var store = new InMemoryRefreshTokenStore();
await store.StoreAsync(handle, refreshToken);
var client = await _clients.FindClientByIdAsync("roclient");
var validator = Factory.CreateTokenRequestValidator(
refreshTokens: store,
userService: mock.Object);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, "refresh_token");
parameters.Add(Constants.TokenRequest.RefreshToken, handle);
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
}
public async Task Client_has_no_Resource_Scope_anymore_at_RefreshToken_Request()
{
var subjectClaim = new Claim(Constants.ClaimTypes.Subject, "foo");
var resourceScope = new Claim("scope", "resource");
var offlineAccessScope = new Claim("scope", "offline_access");
var refreshToken = new RefreshToken
{
AccessToken = new Token("access_token")
{
Claims = new List<Claim> { subjectClaim, resourceScope, offlineAccessScope },
Client = new Client
{
ClientId = "roclient_offline_only",
},
},
LifeTime = 600,
CreationTime = DateTimeOffset.UtcNow
};
var handle = Guid.NewGuid().ToString();
var store = new InMemoryRefreshTokenStore();
await store.StoreAsync(handle, refreshToken);
var client = await _clients.FindClientByIdAsync("roclient_offline_only");
var validator = Factory.CreateTokenRequestValidator(
refreshTokens: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, "refresh_token");
parameters.Add(Constants.TokenRequest.RefreshToken, handle);
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.TokenErrors.InvalidGrant);
}
