public async Task When_Using_RefreshToken_GrantType_Then_New_One_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); // ACT var result = await _clientAuthSelector.UseClientSecretPostAuth("client", "client") .UsePassword("administrator", "password", "scim") .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); var refreshToken = await _clientAuthSelector.UseNoAuthentication() .UseRefreshToken(result.RefreshToken) .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); // ASSERTS Assert.NotNull(result); Assert.NotEmpty(result.AccessToken); }
public async Task When_Using_TicketId_Grant_Type_And_Client_Is_Not_Correct_Then_Error_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); var jwsPayload = new JwsPayload(); jwsPayload.Add("iss", "http://server.example.com"); jwsPayload.Add("sub", "248289761001"); jwsPayload.Add("aud", "s6BhdRkqt3"); jwsPayload.Add("nonce", "n-0S6_WzA2Mj"); jwsPayload.Add("exp", "1311281970"); jwsPayload.Add("iat", "1311280970"); var jwt = _jwsGenerator.Generate(jwsPayload, JwsAlg.RS256, _server.SharedCtx.SignatureKey); // ACT var result = await _clientAuthSelector.UseClientSecretPostAuth("resource_server", "resource_server") // Get PAT. .UseClientCredentials("uma_protection", "uma_authorization") .ResolveAsync(baseUrl + "/.well-known/uma2-configuration"); // UserStore.Instance().ClientId = "resource_server"; var resource = await _resourceSetClient.AddByResolution(new PostResourceSet // Add ressource. { Name = "name", Scopes = new List <string> { "read", "write", "execute" } }, baseUrl + "/.well-known/uma2-configuration", result.Content.AccessToken); var addPolicy = await _policyClient.AddByResolution(new PostPolicy // Add an authorization policy. { IsResourceOwnerConsentNeeded = false, Scopes = new List <string> { "read" }, ClientIdsAllowed = new List <string> { "resource_server" }, Claims = new List <PostClaim> { new PostClaim { Type = "sub", Value = "248289761001" } }, ResourceSetIds = new List <string> { resource.Content.Id } }, baseUrl + "/.well-known/uma2-configuration", result.Content.AccessToken); UserStore.Instance().ClientId = "invalid_client"; var ticket = await _permissionClient.AddByResolution(new PostPermission // Add permission & retrieve a ticket id. { ResourceSetId = resource.Content.Id, Scopes = new List <string> { "read" } }, baseUrl + "/.well-known/uma2-configuration", "header"); UserStore.Instance().ClientId = "resource_server"; var token = await _clientAuthSelector.UseNoAuthentication() // Try to get the access token via "ticket_id" grant-type. .UseTicketId(ticket.Content.TicketId, jwt) .ResolveAsync(baseUrl + "/.well-known/uma2-configuration"); // ASSERTS. Assert.True(token.ContainsError); Assert.Equal("not_authorized", token.Error.Error); }