public async Task When_Adding_Policy_Then_Information_Can_Be_Returned() { const string baseUrl = "http://localhost:5000"; // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); var addResponse = await _resourceSetClient.AddByResolution(new PostResourceSet { Name = "picture", Scopes = new List <string> { "read" } }, baseUrl + "/.well-known/uma2-configuration", "header"); // ACT var response = await _policyClient.AddByResolution(new PostPolicy { Rules = new List <PostPolicyRule> { new PostPolicyRule { IsResourceOwnerConsentNeeded = false, Claims = new List <PostClaim> { new PostClaim { Type = "role", Value = "administrator" } }, Scopes = new List <string> { "read" } } }, ResourceSetIds = new List <string> { addResponse.Id } }, baseUrl + "/.well-known/uma2-configuration", "header"); var information = await _policyClient.GetByResolution(response.PolicyId, baseUrl + "/.well-known/uma2-configuration", "header"); // ASSERT Assert.NotNull(response); Assert.False(string.IsNullOrWhiteSpace(response.PolicyId)); Assert.NotNull(information); Assert.True(information.Rules.Count() == 1); Assert.True(information.ResourceSetIds.Count() == 1 && information.ResourceSetIds.First() == addResponse.Id); var rule = information.Rules.First(); Assert.False(rule.IsResourceOwnerConsentNeeded); Assert.True(rule.Claims.Count() == 1); Assert.True(rule.Scopes.Count() == 1); }
public async Task When_Introspecting_RptToken_Then_Information_Are_Returned() { const string baseUrl = "http://localhost:5000"; // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); // 1. Add resource. var addResource = await _resourceSetClient.AddByResolution(new PostResourceSet { Name = "picture", Scopes = new List<string> { "read" } }, baseUrl + "/.well-known/uma-configuration", "header"); // 2. Add authorization policy. var addPolicy = await _policyClient.AddByResolution(new PostPolicy { Rules = new List<PostPolicyRule> { new PostPolicyRule { IsResourceOwnerConsentNeeded = false, Scopes = new List<string> { "read" }, ClientIdsAllowed = new List<string> { "client" } } }, ResourceSetIds = new List<string> { addResource.Id } }, baseUrl + "/.well-known/uma-configuration", "header"); // 3. Add the permission. var addPermission = await _permissionClient.AddByResolution(new PostPermission { ResourceSetId = addResource.Id, Scopes = new List<string> { "read" } }, baseUrl + "/.well-known/uma-configuration", "header"); // 4. Get RPT token var authResponse = await _authorizationClient.GetByResolution(new PostAuthorization { TicketId = addPermission.TicketId }, baseUrl + "/.well-known/uma-configuration", "header"); // ACT // 5. Introspect the RPT token. var introspectionResult = await _introspectionClient.GetByResolution(authResponse.Rpt, baseUrl + "/.well-known/uma-configuration"); // ASSERT Assert.NotNull(introspectionResult); Assert.True(introspectionResult.IsActive); }
public async Task When_Add_Policy_And_Pass_No_ResourceIds_Then_Error_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); // ACT var response = await _policyClient.AddByResolution(new PostPolicy { ResourceSetIds = null }, baseUrl + "/.well-known/uma2-configuration", "header"); // ASSERT Assert.NotNull(response); Assert.True(response.ContainsError); Assert.Equal("invalid_request", response.Error.Error); Assert.Equal("the parameter resource_set_ids needs to be specified", response.Error.ErrorDescription); }
public async Task When_Using_TicketId_Grant_Type_Then_AccessToken_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); var jwsPayload = new JwsPayload(); jwsPayload.Add("iss", "http://server.example.com"); jwsPayload.Add("sub", "248289761001"); jwsPayload.Add("aud", "s6BhdRkqt3"); jwsPayload.Add("nonce", "n-0S6_WzA2Mj"); jwsPayload.Add("exp", "1311281970"); jwsPayload.Add("iat", "1311280970"); var jwt = _jwsGenerator.Generate(jwsPayload, JwsAlg.RS256, _server.SharedCtx.SignatureKey); // ACT var result = await _clientAuthSelector.UseClientSecretPostAuth("resource_server", "resource_server") // Get PAT. .UseClientCredentials("uma_protection", "uma_authorization") .ResolveAsync(baseUrl + "/.well-known/uma2-configuration"); var resource = await _resourceSetClient.AddByResolution(new PostResourceSet // Add ressource. { Name = "name", Scopes = new List <string> { "read", "write", "execute" } }, baseUrl + "/.well-known/uma2-configuration", result.Content.AccessToken); var addPolicy = await _policyClient.AddByResolution(new PostPolicy // Add an authorization policy. { Rules = new List <PostPolicyRule> { new PostPolicyRule { IsResourceOwnerConsentNeeded = false, Scopes = new List <string> { "read" }, ClientIdsAllowed = new List <string> { "resource_server" }, Claims = new List <PostClaim> { new PostClaim { Type = "sub", Value = "248289761001" } } } }, ResourceSetIds = new List <string> { resource.Content.Id } }, baseUrl + "/.well-known/uma2-configuration", result.Content.AccessToken); var ticket = await _permissionClient.AddByResolution(new PostPermission // Add permission & retrieve a ticket id. { ResourceSetId = resource.Content.Id, Scopes = new List <string> { "read" } }, baseUrl + "/.well-known/uma2-configuration", "header"); var token = await _clientAuthSelector.UseClientSecretPostAuth("resource_server", "resource_server") // Try to get the access token via "ticket_id" grant-type. .UseTicketId(ticket.Content.TicketId, jwt) .ResolveAsync(baseUrl + "/.well-known/uma2-configuration"); // ASSERTS. Assert.NotNull(token); }