public async Task GiveMeAName()
{
// Arrange
const string WebHostUrl = "http://localhost:3501";
const string ClientId = "ClientId";
const string ClientSecret = "secret";
const string Scope = "Resource";
var env = Environment.Setup(e =>
{
e.GenericHost(h =>
{
h.IdSvr4();
});
});
await env.StartAsync();
await using (var configId = await env.ConfigureAsync(c =>
{
c.IdSvr4(i =>
{
i.Client(cl =>
{
cl.ClientId = ClientId;
cl.AllowedGrantTypes = IdentityServer4.Models.GrantTypes.ClientCredentials;
cl.Secret(ClientSecret.Sha256());
cl.AccessTokenType = AccessTokenType.Jwt;
cl.Scope(Scope);
});
i.ApiResource(new ApiResource(Scope, Scope));
});
}))
{
var verifier = await env.VerifyAsync(c =>
c.Expect(
c.IdSvr4().EventOccurred <ClientAuthenticationSuccessEvent>(e => e.ClientId == ClientId),
e => e.MustOccurWithin(TimeSpan.FromMilliseconds(500))));
var idSvr4Client = env.IdSvr4Client();
await idSvr4Client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
ClientId = ClientId,
ClientSecret = ClientSecret,
Scope = Scope
});
var verificationResult = await verifier.VerifyAsync();
Assert.That(verificationResult.ExpectationsMet, Is.True);
}
await env.StopAsync();
}
public IEnumerable <ApiResource> GetApiResources()
{
return(new List <ApiResource>
{
new ApiResource(ApiResource, ApiResource)
{
ApiSecrets = new List <Secret>
{
new Secret(ClientSecret.Sha256())
},
Scopes =
{
new Scope("openid"),
},
UserClaims = new string[] { ClaimTypes.NameIdentifier, ClaimTypes.Email }
}
});
}
private Client WebClient()
{
return(new Client
{
ClientId = $"web{ShortName}",
ClientName = FriendlyName,
AllowedGrantTypes = GrantTypes.CodeAndClientCredentials,
ClientSecrets = new[] { new Secret(ClientSecret.Sha256()) },
AlwaysIncludeUserClaimsInIdToken = true,
RequireConsent = false,
RequirePkce = true,
RequireClientSecret = true,
RedirectUris = AddLoopback(ExpandUriExtensions(RedirectExtenstions)),
FrontChannelLogoutUri = ExpandUriExtension(FrontChannelLogoutExtension),
PostLogoutRedirectUris = ExpandUriExtensions(PostLogoutRedirectExtensions),
AllowedScopes = BuildScopes(),
AllowOfflineAccess = true
});
}
public IEnumerable <Client> GetClients()
{
return(new List <Client>()
{
//客户端模式
new Client {
ClientId = $"{nameof(GrantTypes.ClientCredentials)}_{ClientId}",
ClientSecrets = { new Secret(ClientSecret.Sha256()) },
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = { AllowedScopes }
},
//密码模式
new Client {
ClientId = $"{nameof(GrantTypes.ResourceOwnerPassword)}_{ClientId}",
ClientSecrets = { new Secret(ClientSecret.Sha256()) },
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AllowedScopes = { AllowedScopes }
},
//简单模式
new Client
{
ClientId = $"{nameof(GrantTypes.Implicit)}_{ClientId}",
AllowedGrantTypes = GrantTypes.Implicit,
AllowedScopes = { AllowedScopes },
RedirectUris = { RedirectUris },
AllowAccessTokensViaBrowser = true
},
//授权码模式
new Client
{
ClientId = $"{nameof(GrantTypes.Code)}_{ClientId}",
ClientSecrets = { new Secret(ClientSecret.Sha256()) },
AllowedGrantTypes = GrantTypes.Code,
AllowedScopes = { AllowedScopes },
RedirectUris = { RedirectUris }
}
});
}
// clients want to access resources (aka scopes)
public IEnumerable <Client> GetClients()
{
// client credentials client
return(new List <Client>
{
new Client
{
ClientId = ClientId,
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
AlwaysIncludeUserClaimsInIdToken = true,
AlwaysSendClientClaims = true,
ClientSecrets =
{
new Secret(ClientSecret.Sha256())
},
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile
}
},
});
}
public async Task Given_IdSvr_When_ConfigureAndRemoveConfiguration_Then_ClientAuthsAndFailsAuth()
{
// Arrange
const string WebHostUrl = "http://localhost:3501";
const string TokenEndpointUrl = WebHostUrl + "/connect/token";
const string ClientId = "ClientId";
const string ClientSecret = "secret";
const string Scope = "Resource";
var tokenRequest = new ClientCredentialsTokenRequest
{
ClientId = ClientId,
ClientSecret = ClientSecret,
Scope = Scope
};
var env = Environment.Setup(e =>
{
e.GenericHost(h =>
{
h.IdSvr4();
});
});
var client = new HttpClient();
client.BaseAddress = new Uri(TokenEndpointUrl);
await env.StartAsync();
try
{
// Assume the client does not already exist
var assumptionResponse = await client.RequestClientCredentialsTokenAsync(tokenRequest);
Assume.That(assumptionResponse.IsError);
Assume.That(assumptionResponse.HttpStatusCode == HttpStatusCode.BadRequest);
Assume.That(assumptionResponse.Error.ToLower() == "invalid_client");
// Act
await using (var configHandle = await env.ConfigureAsync(c =>
{
c.IdSvr4("IdSvr4", i =>
{
i.Client(cl =>
{
cl.ClientId = ClientId;
cl.AllowedGrantTypes = IdentityServer4.Models.GrantTypes.ClientCredentials;
cl.Secret(ClientSecret.Sha256());
cl.AccessTokenType = AccessTokenType.Jwt;
cl.Scope(Scope);
});
i.ApiResource(new ApiResource(Scope, Scope));
});
}))
{
// Assert
var configuredResponse = await client.RequestClientCredentialsTokenAsync(tokenRequest);
Assert.That(configuredResponse.IsError, Is.False);
Assert.That(configuredResponse.HttpStatusCode, Is.EqualTo(HttpStatusCode.OK));
Assert.That(!string.IsNullOrWhiteSpace(configuredResponse.AccessToken));
}
// Assert
var unconfiguredResponse = await client.RequestClientCredentialsTokenAsync(tokenRequest);
Assert.That(unconfiguredResponse.IsError, Is.True);
Assert.That(unconfiguredResponse.HttpStatusCode, Is.EqualTo(HttpStatusCode.BadRequest));
Assert.That(unconfiguredResponse.Error.ToLower(), Is.EqualTo("invalid_client"));
}
finally
{
await env.StopAsync();
}
}
