public async Task session_id_should_be_reissued_if_session_cookie_absent()
{
await _mockPipeline.LoginAsync("bob");
var sid1 = _mockPipeline.GetSessionCookie().Value;
sid1.Should().NotBeNull();
_mockPipeline.RemoveSessionCookie();
await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.DiscoveryEndpoint);
var sid2 = _mockPipeline.GetSessionCookie().Value;
sid2.Should().Be(sid1);
}
public async Task valid_signout_callback_should_render_iframes_for_all_clients()
{
await _mockPipeline.LoginAsync("bob");
var sid = _mockPipeline.GetSessionCookie().Value;
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var url = _mockPipeline.CreateAuthorizeUrl(
clientId: "client1",
responseType: "id_token",
scope: "openid",
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var url2 = _mockPipeline.CreateAuthorizeUrl(
clientId: "client2",
responseType: "id_token",
scope: "openid",
redirectUri: "https://client2/callback",
state: "123_state",
nonce: "123_nonce");
var response2 = await _mockPipeline.BrowserClient.GetAsync(url2);
_mockPipeline.BrowserClient.AllowAutoRedirect = true;
response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint);
var signoutFrameUrl = _mockPipeline.LogoutRequest.SignOutIFrameUrl;
response = await _mockPipeline.BrowserClient.GetAsync(signoutFrameUrl);
var html = await response.Content.ReadAsStringAsync();
html.Should().Contain("https://client1/signout?sid=" + sid + "&iss=" + UrlEncoder.Default.Encode("https://server"));
html.Should().Contain("https://client2/signout?sid=" + sid + "&iss=" + UrlEncoder.Default.Encode("https://server"));
}