public async Task When_Using_RefreshToken_GrantType_Then_New_One_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
_httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
// ACT
var result = await _clientAuthSelector.UseClientSecretPostAuth("client", "client")
.UsePassword("administrator", "password", "scim")
.ResolveAsync(baseUrl + "/.well-known/openid-configuration");
var refreshToken = await _clientAuthSelector.UseNoAuthentication()
.UseRefreshToken(result.RefreshToken)
.ResolveAsync(baseUrl + "/.well-known/openid-configuration");
// ASSERTS
Assert.NotNull(result);
Assert.NotEmpty(result.AccessToken);
}
public async Task When_Using_TicketId_Grant_Type_And_Client_Is_Not_Correct_Then_Error_Is_Returned()
{
// ARRANGE
InitializeFakeObjects();
_httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
var jwsPayload = new JwsPayload();
jwsPayload.Add("iss", "http://server.example.com");
jwsPayload.Add("sub", "248289761001");
jwsPayload.Add("aud", "s6BhdRkqt3");
jwsPayload.Add("nonce", "n-0S6_WzA2Mj");
jwsPayload.Add("exp", "1311281970");
jwsPayload.Add("iat", "1311280970");
var jwt = _jwsGenerator.Generate(jwsPayload, JwsAlg.RS256, _server.SharedCtx.SignatureKey);
// ACT
var result = await _clientAuthSelector.UseClientSecretPostAuth("resource_server", "resource_server") // Get PAT.
.UseClientCredentials("uma_protection", "uma_authorization")
.ResolveAsync(baseUrl + "/.well-known/uma2-configuration");
// UserStore.Instance().ClientId = "resource_server";
var resource = await _resourceSetClient.AddByResolution(new PostResourceSet // Add ressource.
{
Name = "name",
Scopes = new List <string>
{
"read",
"write",
"execute"
}
},
baseUrl + "/.well-known/uma2-configuration", result.Content.AccessToken);
var addPolicy = await _policyClient.AddByResolution(new PostPolicy // Add an authorization policy.
{
IsResourceOwnerConsentNeeded = false,
Scopes = new List <string>
{
"read"
},
ClientIdsAllowed = new List <string>
{
"resource_server"
},
Claims = new List <PostClaim>
{
new PostClaim {
Type = "sub", Value = "248289761001"
}
},
ResourceSetIds = new List <string>
{
resource.Content.Id
}
}, baseUrl + "/.well-known/uma2-configuration", result.Content.AccessToken);
UserStore.Instance().ClientId = "invalid_client";
var ticket = await _permissionClient.AddByResolution(new PostPermission // Add permission & retrieve a ticket id.
{
ResourceSetId = resource.Content.Id,
Scopes = new List <string>
{
"read"
}
}, baseUrl + "/.well-known/uma2-configuration", "header");
UserStore.Instance().ClientId = "resource_server";
var token = await _clientAuthSelector.UseNoAuthentication() // Try to get the access token via "ticket_id" grant-type.
.UseTicketId(ticket.Content.TicketId, jwt)
.ResolveAsync(baseUrl + "/.well-known/uma2-configuration");
// ASSERTS.
Assert.True(token.ContainsError);
Assert.Equal("not_authorized", token.Error.Error);
}
