public async Task Valid_User_IdentityScopes() { var client = new TokenClient( TokenEndpoint, "roclient", "secret", innerHttpMessageHandler: _handler); var response = await client.RequestResourceOwnerPasswordAsync("bob", "bob", "openid email api1"); response.IsError.Should().Be(false); response.ExpiresIn.Should().Be(3600); response.TokenType.Should().Be("Bearer"); response.IdentityToken.Should().BeNull(); response.RefreshToken.Should().BeNull(); var payload = GetPayload(response); payload.Count().Should().Be(10); payload.Should().Contain("iss", "https://idsrv3"); payload.Should().Contain("aud", "https://idsrv3/resources"); payload.Should().Contain("client_id", "roclient"); payload.Should().Contain("sub", "88421113"); payload.Should().Contain("idp", "idsrv"); var amr = payload["amr"] as JArray; amr.Count().Should().Be(1); amr.First().ToString().Should().Be("password"); var scopes = payload["scope"] as JArray; scopes.Count().Should().Be(3); scopes.First().ToString().Should().Be("api1"); scopes.Skip(1).First().ToString().Should().Be("email"); scopes.Skip(2).First().ToString().Should().Be("openid"); }
static TokenResponse GetToken(string tokenUrl, string clientId, string secret, string scope, string username = null, string password = null) { var client = new TokenClient(tokenUrl, clientId, secret); if (string.IsNullOrWhiteSpace(username)||string.IsNullOrWhiteSpace(password)) return client.RequestClientCredentialsAsync(scope).Result; else return client.RequestResourceOwnerPasswordAsync(username, password, scope).Result; }
public static TokenResponse GetClientToken() { var client = new TokenClient("https://localhost:44333/connect/token", "carbon", "21B5F798-BE55-42BC-8AA8-0025B903DC3B"); //return client.RequestClientCredentialsAsync("LeagueComparer").Result; return client.RequestResourceOwnerPasswordAsync("bob", "secret", "LeagueComparer").Result; }
static TokenResponse RequestToken() { var client = new TokenClient( Constants.TokenEndpoint, "roclient.reference", "secret"); return client.RequestResourceOwnerPasswordAsync("bob", "bob", "api1").Result; }
static TokenResponse GetToken() { var client = new TokenClient( "http://localhost:44333/connect/token", "ConsoleApplication", "F621F470-9731-4A25-80EF-67A6F7C5F4B8"); return client.RequestResourceOwnerPasswordAsync("bob", "secret", "WebApi1").Result; }
/// <summary> /// Request an access token on behalf of a user /// </summary> static TokenResponse GetUserToken() { var client = new TokenClient("https://localhost:44333/connect/token", "freightshare2", "IIPiBTywUcK5Qv0kvmVXbSiax5wBStDMGTAIA0T/RSM="); //return client.RequestResourceOwnerPasswordAsync("bob", "secret", "api1").Result; return client.RequestResourceOwnerPasswordAsync("alice", "secret", "api1").Result; }
static TokenResponse GetUserToken() { var client = new TokenClient( "https://localhost:44333/connect/token", "carbon", "21B5F798-BE55-42BC-8AA8-0025B903DC3B"); return client.RequestResourceOwnerPasswordAsync("bob", "secret", "api1").Result; }
static TokenResponse RequestToken() { var client = new TokenClient( Constants.TokenEndpoint, "ro.client", "secret"); return client.RequestResourceOwnerPasswordAsync("bob", "bob", "openid email").Result; }
static TokenResponse RequestToken() { var client = new TokenClient( Constants.TokenEndpoint, "roclient", "secret"); //return client.RequestResourceOwnerPasswordAsync("wooboo","kop","read write").Result; return client.RequestResourceOwnerPasswordAsync("bubu","bubu","read write").Result; }
public async Task<IHttpActionResult> Authenticate(AuthenticateRequest authenticateRequest) { var tokenClient = new TokenClient("https://localhost:44302/connect/token", "AngularClient", "secret"); var result = await tokenClient.RequestResourceOwnerPasswordAsync(authenticateRequest.Username,authenticateRequest.Password, "Api"); //offline_access scope enables refresh token return Ok(new { result.AccessToken, result.RefreshToken }); }
public Task<TokenResponse> Login([FromBody]CredentialsModel credentials) { var clientId = (string)ConfigurationManager.AppSettings["oauth2.clientid"]; var client = new TokenClient( (string)ConfigurationManager.AppSettings["openid.endpoints.token"], clientId, (string)ConfigurationManager.AppSettings["oauth2.client-secret"] ); return client.RequestResourceOwnerPasswordAsync(credentials.Username, credentials.Password, clientId); }
static string GetJwt() { var oauth2Client = new TokenClient( Constants.TokenEndpoint, "ro.client", "secret"); var tokenResponse = oauth2Client.RequestResourceOwnerPasswordAsync("bob", "bob", "write").Result; return tokenResponse.AccessToken; }
static TokenResponse RequestToken() { var client = new TokenClient( Constants.TokenEndpoint, "roclient", "secret"); // idsrv supports additional non-standard parameters // that get passed through to the user service var optional = new { acr_values = "tenant:custom_account_store1 foo bar quux" }; return client.RequestResourceOwnerPasswordAsync("dabs", "dabs", "read write", optional).Result; }
private static void Main(string[] args) { var tokenClient = new TokenClient(Constants.TokenEndpoint, "roclient", "secret"); var response = tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "read write offline_access").Result; var refresh_token = response.RefreshToken; while (true) { response = RefreshToken(refresh_token, tokenClient); Console.ReadLine(); //CallService(response.AccessToken); if (response.RefreshToken != refresh_token) { refresh_token = response.RefreshToken; } } }
private static void Main() { Console.Write($"Please enter the Authority URL, press enter to use dev default or QUIT to exit{Environment.NewLine}>> "); var authorityUrl = Console.ReadLine(); while (!authorityUrl.ToLower().Equals("quit")) { Console.Write($"Please enter the space separated API Scope(s){Environment.NewLine}>> "); var apiScope = Console.ReadLine(); var discoveryResponse = DiscoveryClient.GetAsync(string.IsNullOrWhiteSpace(authorityUrl) ? "http://*****:*****@zupa.co.uk" : username, string.IsNullOrWhiteSpace(password) ? "Password0-" : password, apiScope).Result; Console.WriteLine(tokenResponseWithClaim.IsError ? $"ERROR: {tokenResponseWithClaim.Error}" : $"{Environment.NewLine}{tokenResponseWithClaim.Json}{Environment.NewLine}"); Console.Write($"Please enter the Authority URL or QUIT to exit{Environment.NewLine}>> "); authorityUrl = Console.ReadLine(); } }
public async Task No_Identity_Scope() { var tokenClient = new TokenClient( TokenEndpoint, "roclient", "secret", innerHttpMessageHandler: _handler); var response = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "api1"); response.IsError.Should().BeFalse(); var userInfoclient = new UserInfoClient( new Uri(UserInfoEndpoint), response.AccessToken, _handler); var userInfo = await userInfoclient.GetAsync(); userInfo.IsError.Should().BeTrue(); userInfo.HttpErrorStatusCode.Should().Be(HttpStatusCode.Forbidden); }
public virtual async Task<IResponse> RequestTokenAsync(string userName, string password) { var disco = await DiscoveryClient.GetAsync(_options.Authority); string clientId = _httpContext.Request.Headers[ClientId]; if (string.IsNullOrWhiteSpace(clientId)) { clientId = _options.DefaultClientId; } string clientSecret = _httpContext.Request.Headers[ClientSecret]; if (string.IsNullOrWhiteSpace(clientSecret)) { clientSecret = _options.DefaultClientSecret; } string scope = _httpContext.Request.Headers[Scope]; if (string.IsNullOrWhiteSpace(scope)) { scope = _options.DefaultScope; } var client = new TokenClient(disco.TokenEndpoint, clientId, clientSecret); var response = await client.RequestResourceOwnerPasswordAsync(userName, password, scope); return ApiResponse.FromTokenResponse(response); }
public async Task introspecting_same_access_token_twice_should_have_same_exp() { var tokenClient = new TokenClient(TokenEndpoint, clientId, clientSecret, _handler); var tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "api1 offline_access"); var introspectionClient = new IntrospectionClient(IntrospectionEndpoint, scope, scopeSecret, _handler); var introspectionResponse1 = await introspectionClient.SendAsync(new IntrospectionRequest { Token = tokenResponse.AccessToken }); var introspectionResponse2 = await introspectionClient.SendAsync(new IntrospectionRequest { Token = tokenResponse.AccessToken }); var exp1 = Int32.Parse(introspectionResponse1.Claims.Single(x => x.Item1 == "exp").Item2); var exp2 = Int32.Parse(introspectionResponse2.Claims.Single(x => x.Item1 == "exp").Item2); exp1.Should().Be(exp2); }
public async Task Address_Scope() { var tokenClient = new TokenClient( TokenEndpoint, "roclient", "secret", innerHttpMessageHandler: _handler); var response = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "openid address"); response.IsError.Should().BeFalse(); var userInfoclient = new UserInfoClient( new Uri(UserInfoEndpoint), response.AccessToken, _handler); var userInfo = await userInfoclient.GetAsync(); userInfo.IsError.Should().BeFalse(); userInfo.Raw.Should().Be("{\"sub\":\"88421113\",\"address\":{\"street_address\":\"One Hacker Way\",\"locality\":\"Heidelberg\",\"postal_code\":69118,\"country\":\"Germany\"}}"); }
public async Task when_refreshing_new_exp_should_be_prior_to_old_exp() { var tokenClient = new TokenClient(TokenEndpoint, clientId, clientSecret, _handler); var tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "api1 offline_access"); var introspectionClient = new IntrospectionClient(IntrospectionEndpoint, scope, scopeSecret, _handler); var introspectionResponse1 = await introspectionClient.SendAsync(new IntrospectionRequest { Token = tokenResponse.AccessToken }); var exp1 = Int32.Parse(introspectionResponse1.Claims.Single(x => x.Item1 == "exp").Item2); await Task.Delay(1000); var refreshResponse = await tokenClient.RequestRefreshTokenAsync(tokenResponse.RefreshToken); var introspectionResponse2 = await introspectionClient.SendAsync(new IntrospectionRequest { Token = refreshResponse.AccessToken }); var exp2 = Int32.Parse(introspectionResponse2.Claims.Single(x => x.Item1 == "exp").Item2); exp1.Should().BeLessThan(exp2); }
public async Task Valid_Client() { var tokenClient = new TokenClient( TokenEndpoint, "roclient", "secret", innerHttpMessageHandler: _handler); var response = await tokenClient.RequestResourceOwnerPasswordAsync("bob", "bob", "openid email api1"); response.IsError.Should().BeFalse(); var userInfoclient = new UserInfoClient( new Uri(UserInfoEndpoint), response.AccessToken, _handler); var userInfo = await userInfoclient.GetAsync(); userInfo.IsError.Should().BeFalse(); userInfo.Claims.Count().Should().Be(3); userInfo.Claims.Should().Contain(Tuple.Create("sub", "88421113")); userInfo.Claims.Should().Contain(Tuple.Create("email", "*****@*****.**")); userInfo.Claims.Should().Contain(Tuple.Create("email_verified", "True")); }
public async Task Invalid_Password() { var client = new TokenClient( TokenEndpoint, "roclient", "secret", innerHttpMessageHandler: _handler); var response = await client.RequestResourceOwnerPasswordAsync("bob", "invalid", "api1"); response.IsError.Should().Be(true); response.Error.Should().Be("invalid_grant"); }