private async Task <Tokens> GetTokensAsync()
{
await _mockPipeline.LoginAsync("bob");
var authorizationResponse = await _mockPipeline.RequestAuthorizationEndpointAsync(
client_id,
"code",
"api offline_access",
"https://client/callback");
authorizationResponse.IsError.Should().BeFalse();
authorizationResponse.Code.Should().NotBeNull();
var tokenResponse = await _mockPipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
Address = IdentityServerPipeline.TokenEndpoint,
ClientId = client_id,
ClientSecret = client_secret,
Code = authorizationResponse.Code,
RedirectUri = redirect_uri
});
tokenResponse.IsError.Should().BeFalse();
tokenResponse.AccessToken.Should().NotBeNull();
tokenResponse.RefreshToken.Should().NotBeNull();
return(new Tokens(tokenResponse));
}
public async Task logout_request_with_params_should_pass_values_in_logout_context()
{
await _mockPipeline.LoginAsync("bob");
var authorization = await _mockPipeline.RequestAuthorizationEndpointAsync(
clientId : "client2",
responseType : "id_token",
scope : "openid",
redirectUri : "https://client2/callback",
state : "123_state",
nonce : "123_nonce");
var id_token = authorization.IdentityToken;
var response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint +
"?id_token_hint=" + id_token +
"&post_logout_redirect_uri=https://client2/signout-callback2");
_mockPipeline.LogoutWasCalled.Should().BeTrue();
_mockPipeline.LogoutRequest.Should().NotBeNull();
_mockPipeline.LogoutRequest.ClientId.Should().Be("client2");
_mockPipeline.LogoutRequest.PostLogoutRedirectUri.Should().Be("https://client2/signout-callback2");
var parts = _mockPipeline.LogoutRequest.SignOutIFrameUrl.Split('?');
parts[0].Should().Be(IdentityServerPipeline.EndSessionCallbackEndpoint);
var iframeUrl = QueryHelpers.ParseNullableQuery(parts[1]);
iframeUrl["endSessionId"].FirstOrDefault().Should().NotBeNull();
}
public async Task valid_request_to_federated_signout_endpoint_should_render_page_with_iframe()
{
await _pipeline.LoginAsync(_user);
await _pipeline.RequestAuthorizationEndpointAsync(
clientId : "client1",
responseType : "id_token",
scope : "openid",
redirectUri : "https://client1/callback",
state : "123_state",
nonce : "123_nonce");
var response = await _pipeline.BrowserClient.GetAsync(IdentityServerPipeline.FederatedSignOutUrl + "?sid=123");
response.StatusCode.Should().Be(HttpStatusCode.OK);
response.Content.Headers.ContentType.MediaType.Should().Be("text/html");
var html = await response.Content.ReadAsStringAsync();
html.Should().Contain("https://server/connect/endsession/callback?endSessionId=");
}
private async Task <Tokens> GetTokensAsync()
{
await _mockPipeline.LoginAsync("bob");
var authorizationResponse = await _mockPipeline.RequestAuthorizationEndpointAsync(
client_id,
"code",
"api offline_access",
"https://client/callback");
authorizationResponse.IsError.Should().BeFalse();
authorizationResponse.Code.Should().NotBeNull();
var tokenClient = new TokenClient(IdentityServerPipeline.TokenEndpoint, client_id, client_secret, _mockPipeline.Handler);
var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(authorizationResponse.Code, redirect_uri);
tokenResponse.IsError.Should().BeFalse();
tokenResponse.AccessToken.Should().NotBeNull();
tokenResponse.RefreshToken.Should().NotBeNull();
return(new Tokens(tokenResponse));
}
public async Task Client_cannot_use_plain_code_challenge_method(string clientId)
{
await _pipeline.LoginAsync("bob");
var nonce = Guid.NewGuid().ToString();
var code_challenge = code_verifier;
var authorizeResponse = await _pipeline.RequestAuthorizationEndpointAsync(clientId,
response_type,
IdentityServerConstants.StandardScopes.OpenId,
redirect_uri,
nonce : nonce,
codeChallenge : code_challenge,
codeChallengeMethod : OidcConstants.CodeChallengeMethods.Plain);
_pipeline.ErrorWasCalled.Should().BeTrue();
_pipeline.ErrorMessage.Error.Should().Be(OidcConstants.AuthorizeErrors.InvalidRequest);
}
public async Task remove_sessions_should_delete_refresh_tokens()
{
await _pipeline.LoginAsync("alice");
var authzResponse = await _pipeline.RequestAuthorizationEndpointAsync("client", "code", "openid api offline_access", "https://client/callback");
var tokenResponse = await _pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
Address = IdentityServerPipeline.TokenEndpoint,
ClientId = "client",
Code = authzResponse.Code,
RedirectUri = "https://client/callback"
});
(await _grantStore.GetAllAsync(new PersistedGrantFilter {
SubjectId = "alice"
})).Should().NotBeEmpty();
await _sessionMgmt.RemoveSessionsAsync(new RemoveSessionsContext
{
SubjectId = "alice",
RemoveServerSideSession = false,
RevokeConsents = false,
RevokeTokens = true,
SendBackchannelLogoutNotification = false
});
(await _grantStore.GetAllAsync(new PersistedGrantFilter {
SubjectId = "alice"
})).Should().BeEmpty();
}
