public void Should_Nonce_Be_Present_In_Self_Issued() { rpid = "rp-nonce-unless_code_flow"; WebRequest.RegisterPrefix("openid", new OIDCWebRequestCreate()); // given OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage(); requestMessage.ClientId = clientInformation.RedirectUris[0]; requestMessage.Scope = new List <MessageScope>() { MessageScope.Openid, MessageScope.Profile, MessageScope.Email, MessageScope.Address, MessageScope.Phone }; requestMessage.State = WebOperations.RandomString(); requestMessage.Nonce = WebOperations.RandomString(); requestMessage.ResponseType = new List <ResponseType>() { ResponseType.IdToken }; requestMessage.RedirectUri = clientInformation.RedirectUris[0]; requestMessage.Validate(); X509Certificate2 certificate = new X509Certificate2("server.pfx", "", X509KeyStorageFlags.Exportable); OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when OIDCAuthImplicitResponseMessage response = rp.Authenticate("openid://", requestMessage, certificate); OIDCIdToken idToken = response.GetIdToken(); // then response.Validate(); }
public void Should_Request_And_Use_Claims_Id_Token() { rpid = "rp-response_type-id_token+token"; signalg = "RS256"; GetProviderMetadata(); // given string Nonce = WebOperations.RandomString(); OIDClaims requestClaims = new OIDClaims(); requestClaims.IdToken = new Dictionary <string, OIDClaimData>(); requestClaims.IdToken.Add("name", new OIDClaimData()); // when OIDCAuthImplicitResponseMessage response = (OIDCAuthImplicitResponseMessage)GetAuthResponse(ResponseType.IdToken, Nonce, true, requestClaims); // then response.Validate(); Assert.NotNull(response.AccessToken); OpenIdRelyingParty rp = new OpenIdRelyingParty(); OIDCIdToken idToken = response.GetIdToken(providerMetadata.Keys, clientInformation.ClientSecret); rp.ValidateIdToken(idToken, clientInformation, providerMetadata.Issuer, Nonce); Assert.IsNotNullOrEmpty(idToken.Name); }
public void Should_Authenticate_With_IdToken_Response_Type() { rpid = "rp-response_type-id_token"; // given OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage(); requestMessage.ClientId = clientInformation.ClientId; requestMessage.Scope = new List <MessageScope>() { MessageScope.Openid }; requestMessage.ResponseType = new List <ResponseType>() { ResponseType.IdToken }; requestMessage.RedirectUri = clientInformation.RedirectUris[1]; requestMessage.Nonce = WebOperations.RandomString(); requestMessage.State = WebOperations.RandomString(); requestMessage.Validate(); OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when rp.Authenticate(GetBaseUrl("/authorization"), requestMessage); semaphore.WaitOne(); OIDCAuthImplicitResponseMessage response = rp.ParseAuthImplicitResponse(result, requestMessage.Scope, requestMessage.State); // then response.Validate(); }
public void Should_Authenticate_With_Claims_In_Scope_Self_Issued() { rpid = "rp-scope-userinfo_claims"; WebRequest.RegisterPrefix("openid", new OIDCWebRequestCreate()); // given OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage(); requestMessage.ClientId = clientInformation.RedirectUris[0]; requestMessage.Scope = new List <MessageScope>() { MessageScope.Openid, MessageScope.Profile, MessageScope.Email, MessageScope.Address, MessageScope.Phone }; requestMessage.State = WebOperations.RandomString(); requestMessage.Nonce = WebOperations.RandomString(); requestMessage.ResponseType = new List <ResponseType>() { ResponseType.IdToken }; requestMessage.RedirectUri = clientInformation.RedirectUris[0]; requestMessage.Validate(); X509Certificate2 certificate = new X509Certificate2("server.pfx", "", X509KeyStorageFlags.Exportable); OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when OIDCAuthImplicitResponseMessage response = rp.Authenticate("openid://", requestMessage, certificate); OIDCIdToken idToken = response.GetIdToken(); // then response.Validate(); rp.ValidateIdToken(idToken, clientInformation, idToken.Iss, requestMessage.Nonce); Assert.IsNotNullOrEmpty(idToken.Name); Assert.IsNotNullOrEmpty(idToken.GivenName); Assert.IsNotNullOrEmpty(idToken.FamilyName); Assert.IsNotNullOrEmpty(idToken.Email); Assert.IsNotNull(idToken.Address); Assert.IsNotNullOrEmpty(idToken.Address.StreetAddress); Assert.IsNotNullOrEmpty(idToken.Address.PostalCode); Assert.IsNotNullOrEmpty(idToken.Address.Locality); Assert.IsNotNullOrEmpty(idToken.Address.Country); Assert.IsNotNullOrEmpty(idToken.PhoneNumber); }