public async Task IdentityServerProxy_GetResourceOwnerTokenAsync_Invalid_User_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerTestWebHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .AddApiScopes(new ApiScope()) .UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator()) .CreateWebHostBuider(); var identityServerClient = new IdentityServerWebHostProxy(webHostBuilder); var tokenResponse = await identityServerClient.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password1"), "api1", "offline_access"); Assert.NotNull(tokenResponse); Assert.True(tokenResponse.IsError); }
IdentityServerProxy_GetResourceOwnerTokenAsync_Valid_User_Custom_IdentityServerBuilderOptions_Token_Endpoint_Disabled_Fails() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerTestWebHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .AddApiScopes(new ApiScope("api1")) .UseResourceOwnerPasswordValidator(typeof(SimpleResourceOwnerPasswordValidator)) .UseIdentityServerOptionsBuilder(options => options.Endpoints.EnableTokenEndpoint = false) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder); var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), "api1", "offline_access"); Assert.NotNull(tokenResponse); Assert.True(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); }
public async Task IdentityServerProxy_GetClientCredentialsAsync_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1" }, AllowedGrantTypes = new[] { GrantType.ClientCredentials }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200 }; var webHostBuilder = new IdentityServerTestWebHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .AddApiScopes(new ApiScope("api1")) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder); var tokenResponse = await identityServerProxy.GetClientAccessTokenAsync(clientConfiguration, "api1"); Assert.NotNull(tokenResponse); Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); Assert.NotNull(tokenResponse.AccessToken); Assert.Equal(7200, tokenResponse.ExpiresIn); Assert.Equal("Bearer", tokenResponse.TokenType); }
public void IdentityServerWebHostBuilder_UseProfileService_Typed_Resolveable() { var webHost = new IdentityServerTestWebHostBuilder() .UseProfileService(typeof(SimpleProfileService)) .CreateWebHostBuider() .Build(); webHost.Services.GetRequiredService <IProfileService>(); }
public void IdentityServerWebHostBuilder_UseResourceOwnerPasswordValidator_Typed_Resolveable() { var webHost = new IdentityServerTestWebHostBuilder() .UseResourceOwnerPasswordValidator(typeof(SimpleResourceOwnerPasswordValidator)) .CreateWebHostBuider() .Build(); webHost.Services.GetRequiredService <IResourceOwnerPasswordValidator>(); }
public async Task IdentityServerProxy_GetUserInfoAsync_Valid_Token_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess, IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerTestWebHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .AddApiScopes(new ApiScope("api1")) .AddIdentityResources(new IdentityResources.OpenId(), new IdentityResources.Profile()) .UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator()) .UseProfileService(new SimpleProfileService()) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder); var scopes = new[] { "api1", "offline_access", "openid", "profile" }; var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), scopes); // We are breaking the pattern arrange / act / assert here but we need to make sure token requested successfully first Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); var userInfoResponse = await identityServerProxy .GetUserInfoAsync(tokenResponse.AccessToken); Assert.NotNull(userInfoResponse); Assert.False(userInfoResponse.IsError); Assert.NotNull(userInfoResponse.Claims); var subjectClaim = userInfoResponse.Claims.First(claim => claim.Type == JwtClaimTypes.Subject); Assert.NotNull(subjectClaim); Assert.Equal("user", subjectClaim.Value); }
public async Task IdentityServerProxy_GetRefreshTokenAsync_WithScope_In_Parameters_Valid_User_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerTestWebHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .AddApiScopes(new ApiScope("api1")) .UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator()) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder); const string scopes = "api1 offline_access"; var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), new Dictionary <string, string> { { "Scope", scopes } }); // We are breaking the pattern arrange / act / assert here but we need to make sure token requested successfully first Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); var refreshTokenResponse = await identityServerProxy .GetRefreshTokenAsync(clientConfiguration, tokenResponse.RefreshToken, new Dictionary <string, string> { { "Scope", scopes } }); Assert.NotNull(refreshTokenResponse); Assert.False(refreshTokenResponse.IsError, refreshTokenResponse.Error ?? refreshTokenResponse.ErrorDescription); Assert.NotNull(refreshTokenResponse.AccessToken); Assert.NotNull(refreshTokenResponse.RefreshToken); Assert.Equal(7200, refreshTokenResponse.ExpiresIn); Assert.Equal("Bearer", refreshTokenResponse.TokenType); }
public void IdentityServerWebHostBuilder_UseResourceOwnerPasswordValidator_With_Dependencies_Resolveable() { InitializeSerilog(); var webHost = new IdentityServerTestWebHostBuilder() .UseLoggingBuilder((context, builder) => builder.AddSerilog()) .UseResourceOwnerPasswordValidator(typeof(ResourceOwnerValidatorWithDependencies)) .CreateWebHostBuider() .Build(); webHost.Services.GetRequiredService <IResourceOwnerPasswordValidator>(); }
public IntegrationTestBase() { _clientConf = new ClientConfiguration("client_id", "client_key"); var random = new Random(); var webHostBuilder = new IdentityServerTestWebHostBuilder() .AddIdentityResources(new IdentityResource[] { new IdentityResources.OpenId() }) .AddClients(new Client[] { new Client { ClientId = _clientConf.Id, AccessTokenType = AccessTokenType.Jwt, AllowedGrantTypes = new[] { GrantType.ClientCredentials }, ClientSecrets = { new Secret(_clientConf.Secret.Sha256()) }, AllowedScopes = { "BookApi" } } }) .AddApiResources(new ApiResource[] { new ApiResource { Name = "BookApi", DisplayName = "BookAPI Service", Scopes = new List <string> { "BookApi" }, ApiSecrets = { new Secret("book_secret_key".Sha256()) } } }) .AddApiScopes(new ApiScope[] { new ApiScope { Name = "BookApi" } }) .UseIdentityServerBuilder(services => services .AddIdentityServer() .AddDefaultEndpoints() // we use this trick to allow multiple parallels test in the same time .AddDeveloperSigningCredential(true, "tempkey_" + random.Next()) ) .CreateWebHostBuider(); _identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder); }
public async Task IdentityServerProxy_GetTokenAsync_Extension_Grant_Valid_User_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess, IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile }, AllowedGrantTypes = new[] { "Custom" }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerTestWebHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .AddApiScopes(new ApiScope("api1")) .AddIdentityResources(new IdentityResources.OpenId(), new IdentityResources.Profile()) .UseServices((context, collection) => collection.AddScoped <IExtensionGrantValidator, ExtensionsGrantValidator>()) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder); var scopes = new[] { "api1", "offline_access", "openid", "profile" }; var tokenResponse = await identityServerProxy.GetTokenAsync(clientConfiguration, "Custom", new Dictionary <string, string> { { "scope", string.Join(" ", scopes) }, { "username", "user" }, { "password", "password" } }); Assert.NotNull(tokenResponse); Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); Assert.Equal(7200, tokenResponse.ExpiresIn); Assert.NotNull(tokenResponse.AccessToken); Assert.NotNull(tokenResponse.RefreshToken); }
public async Task IdentityServerProxy_GetResourceOwnerTokenAsync_Custom_WebHost_Succeeds() { var host = new IdentityServerTestWebHostBuilder() .UseWebHostBuilder(Program.CreateWebHostBuilder(new string[] { })) .CreateWebHostBuider(); var proxy = new IdentityServerWebHostProxy(host); var scopes = new[] { "api1", "offline_access", "openid", "profile" }; var tokenResponse = await proxy.GetResourceOwnerPasswordAccessTokenAsync( new ClientConfiguration(Clients.Id, Clients.Secret), new UserLoginConfiguration("user1", "password1"), scopes); Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); }
public void IdentityServerWebHostBuilder_UseConfigurationBuilder_HasSettings() { var webHost = new IdentityServerTestWebHostBuilder() .UseConfigurationBuilder((context, builder) => { context.HostingEnvironment.WebRootPath = AppContext.BaseDirectory; builder.AddJsonFile(Path.Combine(AppContext.BaseDirectory, "testappsettings.json"), false); }) .CreateWebHostBuider() .Build(); var configuration = webHost.Services.GetRequiredService <IConfiguration>(); var hostingEnvironment = webHost.Services.GetRequiredService <IWebHostEnvironment>(); Assert.Equal("PropValue", configuration["Prop"]); Assert.Equal(AppContext.BaseDirectory, hostingEnvironment.ContentRootPath); }
public void IdentityServerWebHostBuilder_UseLoggingBuilder_Serilog_Expect_Logger_And_Provider() { InitializeSerilog(); var webHost = new IdentityServerTestWebHostBuilder() .UseLoggingBuilder((context, builder) => builder.AddSerilog()) .CreateWebHostBuider() .UseContentRoot(AppContext.BaseDirectory) .Build(); var logger = webHost .Services .GetRequiredService <ILogger <IdentityServerWebHostBuilderTests> >(); var path = Path.Combine(AppContext.BaseDirectory, "Logs", $"{Assembly.GetExecutingAssembly().GetName().Name}-{DateTime.UtcNow:yyyyMMdd}.log"); logger.LogError($"Logging to path {path} works!"); }
IdentityServerProxy_GetResourceOwnerTokenAsync_Valid_User_Custom_IdentityServerBuilder_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerTestWebHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .AddApiScopes(new ApiScope("api1")) .UseResourceOwnerPasswordValidator(typeof(SimpleResourceOwnerPasswordValidator)) .UseIdentityServerBuilder(services => services .AddIdentityServer() .AddDefaultEndpoints() .AddDeveloperSigningCredential() ) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder); var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), "api1", "offline_access"); Assert.NotNull(tokenResponse); Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); Assert.NotNull(tokenResponse.AccessToken); Assert.NotNull(tokenResponse.RefreshToken); Assert.Equal(7200, tokenResponse.ExpiresIn); Assert.Equal("Bearer", tokenResponse.TokenType); }
public async Task IdentityServerProxy_GetClientCredentialsAsync_Authorize_Api_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1" }, AllowedGrantTypes = new[] { GrantType.ClientCredentials }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200 }; var webHostBuilder = new IdentityServerTestWebHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .AddApiScopes(new ApiScope("api1")) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder); var tokenResponse = await identityServerProxy.GetClientAccessTokenAsync(clientConfiguration, "api1"); var apiWebHostBuilder = WebHost.CreateDefaultBuilder() .ConfigureServices(services => services.AddSingleton(identityServerProxy.IdentityServer.CreateHandler())) .UseStartup <Startup>(); var apiServer = new TestServer(apiWebHostBuilder); var apiClient = apiServer.CreateClient(); apiClient.SetBearerToken(tokenResponse.AccessToken); var apiResponse = await apiClient.GetAsync("api/auth"); Assert.True(apiResponse.IsSuccessStatusCode, "should have been authenticated!"); }
public async Task IdentityServerProxy_GetDiscoverDocumentAsync_Succeeds() { var webHostBuilder = new IdentityServerTestWebHostBuilder() .AddClients(new Client { ClientId = "MyClient", ClientSecrets = new List <Secret> { new Secret("MySecret".Sha256()) } }) .AddApiResources(new ApiResource()) .AddApiScopes(new ApiScope()) .CreateWebHostBuider(); var identityServerClient = new IdentityServerWebHostProxy(webHostBuilder); var discoveryResponse = await identityServerClient.GetDiscoverResponseAsync(); Assert.NotNull(discoveryResponse); Assert.False(discoveryResponse.IsError, discoveryResponse.Error); }
public IntegrationTestBase() { _clientConf = new ClientConfiguration("client_id", "client_key"); var random = new Random(); var webHostBuilder = new IdentityServerTestWebHostBuilder() .AddIdentityResources(new IdentityResource[] { new IdentityResource() { Name = JwtClaimTypes.Role, UserClaims = new List <string> { JwtClaimTypes.Role } } }) .AddClients(new Client[] { new Client { ClientId = _clientConf.Id, AccessTokenType = AccessTokenType.Jwt, AllowedGrantTypes = new[] { GRANT_TYPE_ADMIN }, ClientSecrets = { new Secret(_clientConf.Secret.Sha256()) }, AllowedScopes = { "BookApi" } } }) .AddApiResources(new ApiResource[] { new ApiResource { Name = "BookApi", DisplayName = "BookAPI Service", Scopes = new List <string> { "BookApi" }, ApiSecrets = { new Secret("book_secret_key".Sha256()) }, UserClaims = new List <string> { JwtClaimTypes.Role } } }) .AddApiScopes(new ApiScope[] { new ApiScope { Name = "BookApi", UserClaims = new List <string> { JwtClaimTypes.Role } } }) // used to add custom Role to accessToken .UseServices((context, collection) => { collection.AddScoped <IExtensionGrantValidator, FakeGrantValidator>(); }) .UseIdentityServerBuilder(services => services .AddIdentityServer() .AddDefaultEndpoints() // we use this trick to allow multiple parallels test in the same time .AddDeveloperSigningCredential(true, "tempkey_" + random.Next()) ) .CreateWebHostBuider(); _identityServerProxy = new IdentityServerWebHostProxy(webHostBuilder); }