public async Task WhenResourceSetDoesNotExistThenReturnsNotAuthorized() { var handler = new JwtSecurityTokenHandler(); var jsonWebKey = await _inMemoryJwksRepository.GetDefaultSigningKey().ConfigureAwait(false); var token = handler.CreateEncodedJwt( "test", "test", new ClaimsIdentity(), null, null, null, jsonWebKey); var ticket = new Ticket { Lines = new[] { new TicketLine { ResourceSetId = "resource_set_id" } } }; _resourceSetRepositoryStub .Setup(r => r.Get(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <CancellationToken>())) .Returns(() => Task.FromResult((ResourceSet)null)); var result = await _authorizationPolicyValidator.IsAuthorized( ticket, new Client { ClientId = "client_id" }, new ClaimTokenParameter { Format = UmaConstants.IdTokenType, Token = token }, CancellationToken.None) .ConfigureAwait(false); Assert.Equal(AuthorizationPolicyResultKind.NotAuthorized, result.Result); }
When_Generating_AuthorizationResponse_With_AccessToken_And_ThereIs_A_GrantedToken_Then_Token_Is_Added_To_The_Parameters() { const string clientId = "clientId"; const string scope = "openid"; var claimsIdentity = new ClaimsIdentity("fake"); var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); var authorizationParameter = new AuthorizationParameter { ResponseType = ResponseTypeNames.Token, ClientId = clientId, Scope = scope }; var handler = new JwtSecurityTokenHandler(); var issuedAt = DateTime.UtcNow; const int expiresIn = 20000; var defaultSigningKey = await _inMemoryJwksRepository.GetDefaultSigningKey().ConfigureAwait(false); var accessToken = handler.CreateEncodedJwt( "test", clientId, claimsIdentity, null, issuedAt.AddSeconds(expiresIn), issuedAt, defaultSigningKey); var grantedToken = new GrantedToken { ClientId = clientId, AccessToken = accessToken, CreateDateTime = issuedAt, ExpiresIn = expiresIn }; _tokenStore.Setup( x => x.GetToken( It.IsAny <string>(), It.IsAny <string>(), It.IsAny <JwtPayload>(), It.IsAny <JwtPayload>(), It.IsAny <CancellationToken>())) .ReturnsAsync(grantedToken); var actionResult = await _generateAuthorizationResponse.Generate( new EndpointResult { RedirectInstruction = new RedirectInstruction() }, authorizationParameter, claimsPrincipal, new Client { ClientId = clientId }, "test", CancellationToken.None) .ConfigureAwait(false); Assert.Equal( grantedToken.AccessToken, actionResult.RedirectInstruction !.Parameters .First(x => x.Name == StandardAuthorizationResponseNames.AccessTokenName) .Value); }
public async Task When_Requesting_An_Existed_Granted_Token_Then_Check_Id_Token_Is_Signed_And_Encrypted() { InitializeFakeObjects(TimeSpan.FromSeconds(3000)); var handler = new JwtSecurityTokenHandler(); var accessToken = handler.CreateEncodedJwt( "test", "test", new ClaimsIdentity(), null, null, DateTime.Now, await _inMemoryJwksRepository.GetDefaultSigningKey().ConfigureAwait(false)); const string identityToken = "identityToken"; const string clientId = "clientId"; var clientSecret = "clientSecret"; var authorizationCodeGrantTypeParameter = new AuthorizationCodeGrantTypeParameter { ClientAssertion = "clientAssertion", ClientAssertionType = "clientAssertionType", ClientSecret = clientSecret, RedirectUri = new Uri("https://redirectUri"), ClientId = clientId }; var client = new Client { AllowedScopes = new[] { "scope" }, RedirectionUrls = new[] { new Uri("https://redirectUri") }, ClientId = clientId, Secrets = new[] { new ClientSecret { Type = ClientSecretTypes.SharedSecret, Value = clientSecret } }, GrantTypes = new[] { GrantTypes.AuthorizationCode }, ResponseTypes = new[] { ResponseTypeNames.Code }, IdTokenSignedResponseAlg = SecurityAlgorithms.RsaSha256, IdTokenEncryptedResponseAlg = SecurityAlgorithms.RsaPKCS1, IdTokenEncryptedResponseEnc = SecurityAlgorithms.Aes128CbcHmacSha256 }; var authorizationCode = new AuthorizationCode { ClientId = clientId, RedirectUri = new Uri("https://redirectUri"), CreateDateTime = DateTimeOffset.UtcNow, Scopes = "scope" }; var grantedToken = new GrantedToken { ClientId = clientId, AccessToken = accessToken, IdToken = identityToken, IdTokenPayLoad = new JwtPayload(), CreateDateTime = DateTimeOffset.UtcNow, ExpiresIn = 100000 }; _clientStore.Setup(x => x.GetById(It.IsAny <string>(), It.IsAny <CancellationToken>())).ReturnsAsync(client); _authorizationCodeStoreFake.Setup(a => a.Get(It.IsAny <string>(), It.IsAny <CancellationToken>())) .ReturnsAsync(authorizationCode); _tokenStoreFake .Setup( x => x.GetToken( It.IsAny <string>(), It.IsAny <string>(), It.IsAny <JwtPayload>(), It.IsAny <JwtPayload>(), It.IsAny <CancellationToken>())) .ReturnsAsync(grantedToken); var authenticationHeader = new AuthenticationHeaderValue( "Basic", $"{clientId}:{clientSecret}".Base64Encode()); var r = await _getTokenByAuthorizationCodeGrantTypeAction.Execute( authorizationCodeGrantTypeParameter, authenticationHeader, null, null, CancellationToken.None) .ConfigureAwait(false); Assert.NotNull(r); }