public CorsTests()
{
_pipeline.Clients.AddRange(new[] {
new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = true,
AllowedScopes = new List <string> {
"openid", "profile", "api1", "api2"
},
RedirectUris = new List <string> {
"https://client/callback"
},
AllowedCorsOrigins = new List <string> {
"https://client"
}
}
});
_pipeline.Users.Add(new InMemoryUser
{
Subject = "bob",
Username = "******",
Claims = new[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_pipeline.Scopes.AddRange(new[] {
StandardScopes.OpenId,
StandardScopes.Profile,
StandardScopes.Email,
new Scope
{
Name = "api1",
Type = ScopeType.Resource
},
new Scope
{
Name = "api2",
Type = ScopeType.Resource
}
});
_pipeline.Initialize();
}
public async Task issuer_uri_should_be_lowercase()
{
MockIdSvrUiPipeline pipeline = new MockIdSvrUiPipeline();
pipeline.Initialize("/ROOT");
var result = await pipeline.Client.GetAsync("HTTPS://SERVER/ROOT/.WELL-KNOWN/OPENID-CONFIGURATION");
var json = await result.Content.ReadAsStringAsync();
var data = JObject.Parse(json);
var issuer = data["issuer"].ToString();
issuer.Should().Be("https://server/root");
}
public RevocationTests()
{
_mockPipeline.Clients.Add(new Client
{
ClientId = client_id,
ClientSecrets = new List <Secret> {
new Secret(client_secret.Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequireConsent = false,
AllowedScopes = new List <string> {
"api", "offline_access"
},
RedirectUris = new List <string> {
redirect_uri
},
AllowAccessTokensViaBrowser = true,
AccessTokenType = AccessTokenType.Reference,
RefreshTokenUsage = TokenUsage.ReUse
});
_mockPipeline.Users.Add(new InMemoryUser
{
Subject = "bob",
Username = "******",
Claims = new[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_mockPipeline.Scopes.AddRange(new[] {
StandardScopes.OpenId,
StandardScopes.OfflineAccess,
new Scope
{
Name = scope_name,
ScopeSecrets = new List <Secret> {
new Secret(scope_secret.Sha256())
},
Type = ScopeType.Resource
}
});
_mockPipeline.Initialize();
}
public FederatedSignoutMiddlewareTests()
{
_user = IdentityServerPrincipal.Create("bob", "bob", new Claim(JwtClaimTypes.SessionId, "123"));
_pipeline = new MockIdSvrUiPipeline();
_pipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId()
});
_pipeline.Clients.Add(new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client1/callback"
},
FrontChannelLogoutUri = "https://client1/signout",
PostLogoutRedirectUris = new List <string> {
"https://client1/signout-callback"
},
AllowAccessTokensViaBrowser = true
});
_pipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_pipeline.Initialize();
_pipeline.Options.Authentication.FederatedSignOutPaths.Add(MockIdSvrUiPipeline.FederatedSignOutPath);
}
public RedirectUriTests()
{
_mockPipeline.Initialize();
_mockPipeline.Clients.Add(new Client
{
Enabled = true,
ClientId = "code_client",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha512())
},
AllowedGrantTypes = GrantTypes.Code,
AllowAccessToAllScopes = true,
RequireConsent = false,
RedirectUris = new List <string>
{
"https://code_client/callback",
"https://code_client/callback?foo=bar&baz=quux"
}
});
_mockPipeline.IdentityScopes.Add(new IdentityResources.OpenId());
_mockPipeline.Users.Add(new InMemoryUser
{
Subject = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney"),
}
});
}
public SubpathHosting()
{
_mockPipeline.Clients.AddRange(new Client[] {
_client1 = new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid", "profile"
},
RedirectUris = new List <string> {
"https://client1/callback"
},
AllowAccessTokensViaBrowser = true
},
});
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email()
});
_mockPipeline.Initialize("/subpath");
}
public PkceTests()
{
_pipeline.Users.Add(new InMemoryUser
{
Subject = "bob",
Username = "******",
Claims = new[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_pipeline.Scopes.Add(StandardScopes.OpenId);
_pipeline.Clients.Add(client = new Client
{
Enabled = true,
ClientId = client_id,
ClientSecrets = new List <Secret>
{
new Secret(client_secret.Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
AllowAccessToAllScopes = true,
RequireConsent = false,
RedirectUris = new List <string>
{
redirect_uri
}
});
_pipeline.Initialize();
}
public ResponseTypeResponseModeTests()
{
_mockPipeline.Initialize();
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
_mockPipeline.Clients.Add(new Client
{
Enabled = true,
ClientId = "code_client",
ClientSecrets = new List <Secret>
{
new Secret("secret".Sha512())
},
AllowedGrantTypes = GrantTypes.Code,
AllowAccessToAllScopes = true,
RequireConsent = false,
RedirectUris = new List <string>
{
"https://code_client/callback"
}
});
_mockPipeline.Scopes.Add(StandardScopes.OpenId);
_mockPipeline.Users.Add(new InMemoryUser
{
Subject = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney"),
}
});
}
public ConsentTests()
{
_mockPipeline.Clients.AddRange(new Client[] {
new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid", "profile"
},
RedirectUris = new List <string> {
"https://client1/callback"
},
AllowAccessTokensViaBrowser = true
},
new Client
{
ClientId = "client2",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = true,
AllowedScopes = new List <string> {
"openid", "profile", "api1", "api2"
},
RedirectUris = new List <string> {
"https://client2/callback"
},
AllowAccessTokensViaBrowser = true
},
new Client
{
ClientId = "client3",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid", "profile", "api1", "api2"
},
RedirectUris = new List <string> {
"https://client3/callback"
},
AllowAccessTokensViaBrowser = true,
IdentityProviderRestrictions = new List <string> {
"google"
}
}
});
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email()
});
_mockPipeline.ApiScopes.AddRange(new ApiResource[] {
new ApiResource
{
Name = "api",
Scopes =
{
new Scope
{
Name = "api1"
},
new Scope
{
Name = "api2"
}
}
}
});
_mockPipeline.Initialize();
}
public RestrictAccessTokenViaBrowserTests()
{
_mockPipeline.Clients.AddRange(new Client[] {
new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client1/callback"
},
AllowAccessTokensViaBrowser = true
},
new Client
{
ClientId = "client2",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client2/callback"
},
AllowAccessTokensViaBrowser = false
},
new Client
{
ClientId = "client3",
AllowedGrantTypes = GrantTypes.Hybrid,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client3/callback"
},
AllowAccessTokensViaBrowser = true
},
new Client
{
ClientId = "client4",
AllowedGrantTypes = GrantTypes.Hybrid,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client4/callback"
},
AllowAccessTokensViaBrowser = false
},
});
_mockPipeline.Users.Add(new InMemoryUser
{
Subject = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney"),
}
});
_mockPipeline.Scopes.AddRange(new Scope[] {
StandardScopes.OpenId
});
_mockPipeline.Initialize();
}
public RevocationTests()
{
_mockPipeline.Clients.Add(new Client
{
ClientId = client_id,
ClientSecrets = new List <Secret> {
new Secret(client_secret.Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequireConsent = false,
AllowOfflineAccess = true,
AllowedScopes = new List <string> {
"api"
},
RedirectUris = new List <string> {
redirect_uri
},
AllowAccessTokensViaBrowser = true,
AccessTokenType = AccessTokenType.Reference,
RefreshTokenUsage = TokenUsage.ReUse
});
_mockPipeline.Clients.Add(new Client
{
ClientId = "implicit",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"api"
},
RedirectUris = new List <string> {
redirect_uri
},
AllowAccessTokensViaBrowser = true,
AccessTokenType = AccessTokenType.Reference,
});
_mockPipeline.Clients.Add(new Client
{
ClientId = "implicit_and_client_creds",
AllowedGrantTypes = GrantTypes.ImplicitAndClientCredentials,
RequireConsent = false,
AllowedScopes = new List <string> {
"api"
},
RedirectUris = new List <string> {
redirect_uri
},
AllowAccessTokensViaBrowser = true,
AccessTokenType = AccessTokenType.Reference,
});
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney"),
}
});
_mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId(),
});
_mockPipeline.ApiScopes.AddRange(new ApiResource[] {
new ApiResource
{
Name = "api",
ApiSecrets = new List <Secret> {
new Secret(scope_secret.Sha256())
},
Scopes =
{
new Scope
{
Name = scope_name,
}
}
}
});
_mockPipeline.Initialize();
}
public CheckSessionTests()
{
_mockPipeline.Initialize();
}
public AuthorizeTests()
{
_mockPipeline.Clients.AddRange(new Client[] {
new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid", "profile"
},
RedirectUris = new List <string> {
"https://client1/callback"
},
AllowAccessTokensViaBrowser = true
},
new Client
{
ClientId = "client2",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = true,
AllowedScopes = new List <string> {
"openid", "profile", "api1", "api2"
},
RedirectUris = new List <string> {
"https://client2/callback"
},
AllowAccessTokensViaBrowser = true
}
});
_mockPipeline.Users.Add(new InMemoryUser
{
Subject = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney"),
}
});
_mockPipeline.Scopes.AddRange(new Scope[] {
StandardScopes.OpenId,
StandardScopes.Profile,
StandardScopes.Email,
new Scope
{
Name = "api1",
Type = ScopeType.Resource
},
new Scope
{
Name = "api2",
Type = ScopeType.Resource
}
});
_mockPipeline.Initialize();
}
public PkceTests()
{
_pipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_pipeline.IdentityScopes.Add(new IdentityResources.OpenId());
_pipeline.Clients.Add(client = new Client
{
Enabled = true,
ClientId = client_id,
ClientSecrets = new List <Secret>
{
new Secret(client_secret.Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
AllowedScopes = { "openid" },
RequireConsent = false,
RedirectUris = new List <string>
{
redirect_uri
}
});
_pipeline.Clients.Add(client = new Client
{
Enabled = true,
ClientId = client_id_pkce,
ClientSecrets = new List <Secret>
{
new Secret(client_secret.Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
AllowedScopes = { "openid" },
RequireConsent = false,
RedirectUris = new List <string>
{
redirect_uri
}
});
// allow plain text PKCE
_pipeline.Clients.Add(client = new Client
{
Enabled = true,
ClientId = client_id_plain,
ClientSecrets = new List <Secret>
{
new Secret(client_secret.Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
AllowPlainTextPkce = true,
AllowedScopes = { "openid" },
RequireConsent = false,
RedirectUris = new List <string>
{
redirect_uri
}
});
_pipeline.Clients.Add(client = new Client
{
Enabled = true,
ClientId = client_id_pkce_plain,
ClientSecrets = new List <Secret>
{
new Secret(client_secret.Sha256())
},
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
AllowPlainTextPkce = true,
AllowedScopes = { "openid" },
RequireConsent = false,
RedirectUris = new List <string>
{
redirect_uri
}
});
_pipeline.Initialize();
}
public EndSessionTests()
{
_mockPipeline.Clients.Add(new Client
{
ClientId = "client1",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client1/callback"
},
FrontChannelLogoutUri = "https://client1/signout",
PostLogoutRedirectUris = new List <string> {
"https://client1/signout-callback"
},
AllowAccessTokensViaBrowser = true
});
_mockPipeline.Clients.Add(new Client
{
ClientId = "client2",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client2/callback"
},
FrontChannelLogoutUri = "https://client2/signout",
PostLogoutRedirectUris = new List <string> {
"https://client2/signout-callback",
"https://client2/signout-callback2"
},
AllowAccessTokensViaBrowser = true
});
_mockPipeline.Clients.Add(new Client
{
ClientId = "client3",
AllowedGrantTypes = GrantTypes.Implicit,
RequireConsent = false,
AllowedScopes = new List <string> {
"openid"
},
RedirectUris = new List <string> {
"https://client3/callback"
},
BackChannelLogoutUri = "https://client3/signout",
AllowAccessTokensViaBrowser = true
});
_mockPipeline.Users.Add(new TestUser
{
SubjectId = "bob",
Username = "******",
Claims = new Claim[]
{
new Claim("name", "Bob Loblaw"),
new Claim("email", "*****@*****.**"),
new Claim("role", "Attorney")
}
});
_mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {
new IdentityResources.OpenId()
});
_mockPipeline.Initialize();
}